3 Replies Latest reply: May 28, 2012 6:54 AM by Philippe Marschall RSS

Flushing credential cache from a login module?

Philippe Marschall Novice

We have a custom login module that among other things blocks an account once too many login attempts have failed. However this means that after a failed login we have to flush the credential cache in order to protect us from the following scenario:

 

  1. User enters correct password, credentials are cached
  2. User enters incorrect password several times, account is blocked
  3. User enters correct password; because this matches the credentials in the cache, the check whether the account is blocked is skipped and the block does not work

 

In AS 5.1 that was easy because we could directly access the MBean. Is there a similar solution for AS 7.1?