This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.
As far as I know Acegi doesn't support this out of the box. The easiest way to achieve such functionality would probably be to write an event listener similar to Acegi's LoggerListener. You could then listen for AuthenticationFailure events and then take your application specific action based on any metric you wanted.
What I have done in the past, is increment the failed logon attempts in the Event listener, then on further logon attempts I also return the number of attempts and map that to one of the boolean attributes (i.e. AccountLocked ,etc.
Ben, we should probably look at writing and providing something "out of the box" for Acegi.
We'd then need an interface that can mutate the underlaying authentication repository.
It might be worthwhile to consider writing a user management interface. So many people seem to be seeking it, it's probably worth considering. Even if we only provide the DAOs and stop short of the view layer.