Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

How to lockout user after 3 failed login attempts by using LockoutRealm in Tomcat 5.5

 
kona krishnakumar
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

Could anyone suggest how to lockout user after 3 failed login attempts by using LockoutRealm in Tomcat 5.5

Thanks
Krishna
 
Tim Holloway
Saloon Keeper
Pie
Posts: 18226
53
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I was waiting for someone to respond, but nobody wants to say anything, it seems.

Personally, I'd RTFM on the LockoutRealm in the Tomcat docs at tomcat.apache.org. If you have questions about what it says, ask us.
 
kona krishnakumar
Ranch Hand
Posts: 42
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have found the solution for the below mentioned issue.

Here is the solution:

1)In Tomcat5 and earlier versions,one cannot close Gap "locking out tomcat manager user after particular incorrect login atempts"
because LockOutRealm.class file in not available in Catalina.jar.

2)In Tomcat6 and later versions ,We can close Gap "locking out tomcat manager user after pparticular incorrect login atempts"
because LockOutRealm.class file is available in Catalina.jar.

3)To close the "locking out tomcat manager user after particular incorrect login atempts" Gaps.You need to add the follow className
and attributes in server.xml:-

<Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="300" cacheSize="1000"
cacheRemovalWarningTime="3600">

Thanks
Krishna

 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic