Spring Security: how to implement Brute Force Detection (BFD)?

Posted by Kdeveloper on Stack Overflow See other posts from Stack Overflow or by Kdeveloper
Published on 2010-04-21T08:42:26Z Indexed on 2010/04/21 9:03 UTC
Read the original article Hit count: 623

My web applications security is handled by Spring Security 3.02 but I can't find any out of the box support for Brute Force Detection.

I would like to implement some application level BFD protection. For example by storing failed login attempt per user in the database (JPA). The attacked user accounts could then get a lockout period or a forced account re-activation by e-mail.

What's the best way to implement this with Spring Security? Does any body have example code or best practices on this?

© Stack Overflow or respective owner

Related posts about spring-security

Related posts about brute-force