If you need to do these kind things at least utilize
java.util.concurrent.*
class MyCallable implements Callable<MyReturnObject> {
final public MyReturnObject call() {
// calling the another thread; do something and return
your object
}
}
final ExecutorService es = Executors.newSingleThreadExecutor();
final Future<MyReturnObject> f = es.submit(new MyCallable());
// now we know if something went wrong in our thread and can act
accordingly
final MyReturnObject mro = f.get();
-----Original Message-----
From: Jeremy Thomerson [mailto:[EMAIL PROTECTED]
Sent: Friday, December 05, 2008 11:21 AM
To: users@wicket.apache.org
Subject: Re: Thread.sleep() for only one session
You definitely do NOT want to intentionally sleep a thread - that halts
the request, and uses up your thread pool. You instead want the request
to complete, but you don't want to allow them to continue trying. So,
that being said, you could:
1 - add a value to their session like "private long
blockedFromSignInUntil"
and when they've exceeded your threshold, set that for ten minutes
future.
This isn't bulletproof since they could start a new session by using a
new window / browser / blowing away cookies.
2 - if it's on a per-username (rather than a per-session) basis, add a
similar value to the user - not allowed signin until.... This is
probably better anyway, because if I'm "nefarious guy" and I'm trying to
sign in to "mr nice guy" account, you lock "mr nice guy" account because
you are in fact detecting an identity theft attempt.
3 - you could do a combo of the above so that I, "nefarious guy" when I
get blocked from "mr nice guy" account, can't move on to "mr
unsuspecting"
account.
Then, just have your sign in form be aware of that value in session or
user and not allow a sign in to that account or from that session until
the timeout is expired.
But as a general rule of thumb, never use Thread.sleep in a web app -
especially somewhere in the request cycle. It'll be shooting yourself
in the foot.
Hope this helps,
--
Jeremy Thomerson
http://www.wickettraining.com
On Fri, Dec 5, 2008 at 9:46 AM, Anton Veretennikov <
[EMAIL PROTECTED]> wrote:
> Hello all Wicket users.
>
> One more question today.
> I need to implement appearence of sleep if "user" (session, IP
> address) tries incorrect login many times.
> Thread.sleep() seems to stop all sessions at once. Any ideas?
>
> Thank you!
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
