I am implementing Java EE application on JBoss 7.1.1 and I am using two security domains: DatabaseServerLoginModule and LdapLoginModule.
Is there any way to apply lock out policy to lock out my accont after too many failed attempts.
I found something like LockOutRealm for Web server but I need something which will be working with DatabaseServerLoginModule as well. Generally I will need to configure how many bad login (wrong password) will lock user accont and I need to have unlock functionality: after timeout (5 minues) or manualy by administrator.
Thanks in advance for any suggestion or hint.
Lukasz Szymik wrote:
Thank you for providing info how to do it. I will extend DatabaseServerLoginModule and probably LdapLoginModule as well. Should I put my classes in JBoss modules, application lib or somewhere else?
Starting 7.1.1.Final, you are allowed to package them in a module of your own and then use the "module" attribute of the login-module element in the security subsystem of standalone/domain.xml file.
P.S: A user has recently reported that there might be a potential bug in this area where the correct module isn't being used for loading the loginmodule. We are investigating it, but if you too run into that issue, feel free to report it in the forums.