Password lockout for JSP app using JDBCRealm account authorisation - advice sought

Password lockout for JSP app using JDBCRealm account authorisation - advice sought

I have a requirement to implement a password lockout mechanism on a webapp using JSP / Java 5 / Tomcat 5.5.20. Accounts are presently validated using the JDBCRealm mechanism that comes as standard with Tomcat. However, after a security audit we need to ensure that users who have entered an incorrect password are locked out after a number of attempts. Does anyone have any suggestions to implement this, we could make amendments to our backing java classes but I am interested to hear if there are any alternative solutions (eg Acegi).
Thanks.
Matthew.
matthewvaughanAsked:
Who is Participating?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.