Announcement Announcement Module
No announcement yet.
Disable Authentication Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Disable Authentication

    I want disable an user after 3rd chance in the login

  • #2
    As far as I know Acegi doesn't support this out of the box. The easiest way to achieve such functionality would probably be to write an event listener similar to Acegi's LoggerListener. You could then listen for AuthenticationFailure events and then take your application specific action based on any metric you wanted.


    • #3
      Yes, implement and register an (org.springframework.context.ApplicationListener)

      public void onApplicationEvent(ApplicationEvent event) { . . .

      then check for the particular Event,

      (i.e. event instanceof AuthenticationFailurePasswordEvent )

      then do something on that event...

      What I have done in the past, is increment the failed logon attempts in the Event listener, then on further logon attempts I also return the number of attempts and map that to one of the boolean attributes (i.e. AccountLocked ,etc.

      Ben, we should probably look at writing and providing something "out of the box" for Acegi.



      • #4
        We'd then need an interface that can mutate the underlaying authentication repository.

        It might be worthwhile to consider writing a user management interface. So many people seem to be seeking it, it's probably worth considering. Even if we only provide the DAOs and stop short of the view layer.


        • #5
          Yes, there are alot of similiar questions on usage scenarios such as this... so it might be useful to create a sample User Management interface.

          Again, I agree, this is getting outside of the realm of standard framework stuff and getting more into implementation, however examples could be useful.

          Or alternatively, it could just be a documentation issue? We could just document how to do things like 1.) Change Password, 2.) Disable Users, etc.




          • #6
            Yes, use cases that cause a lot of forum questions that would benefit from sections in the reference guide include:

            - How to change a user's password
            - How to disable account after repeated failed logins
            - How to write your own authentication mechanism (a controller) to replace AbstractProcessingFilter


            • #7
              And maybe also document
              Last edited by robyn; May 14th, 2006, 09:09 PM.


              • #8
                And the "endless loop caused by including my login page as a secure URL" situation at and also "my page is not being protected" caused by using the convert to lowercase option but having uppercase in the matched named
                Last edited by robyn; May 14th, 2006, 07:49 PM.


                • #9
                  Hi Ben

                  As for documenting these common problems, we could put these into the FAQ.
                  Our FAQ right now might be the place... however we could have something like

                  Its a good bookmark for common user problems... so maybe another link on the site for these items?
                  My only concern would be if we put them in the ref doc.. it might be too hard to stift through.

                  Anyway, I think we both agree what... now its just a question of where.

                  We can problably create a JIRA entry for Acegi Common Problems FAQ




                  • #10
                    I think for now let's just get them into the FAQ page under CVS as /doc/xdocs/faq.html. This auto-builds daily and is probably the easiest place to maintain the information.