Trying to display login attempts and user lockout message after failed attempts
Question
I am working on a login page for an FTP site. It runs off a Tomcat 8 server and is configured to lockout users after 3 failed attempts for 15 minutes. I would like to display a message on the login page after the user has been locked out. The problem is when there is a failed login the page refreshes (redirects back to login page) which clears everything.
I did managed to get a login attempts remaining error message, however, it doesn't work 100% because i just save it to a cookie and its not connected to the user account at all. Is there anyway to get username (who's logging in) and their login attempts and/or if they are locked out?
So I want to display 2 things:
- Login attempts remaining per user
- User is locked out, with username
Login page:
<%@page import="org.apache.catalina.User"%>
<%@page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="<%=request.getContextPath()%>/css/master.css">
<script type="text/javascript" src="<%=request.getContextPath()%>/javascript/javascript.js"></script>
</head>
<body bgcolor="#ffffff">
<div class="container" role="main">
<form method="POST" action="j_security_check">
<table border="0" align="center">
<tr>
<td>Login</td>
<td><input id="user" type="text" name="j_username" autocomplete="off"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="j_password" autocomplete="off"></td>
</tr>
</table>
<%
User user = (User) request.getSession().getAttribute("user");
System.out.println("User: " + user);
if (request.getParameter("error") != null) {
System.out.println("Error: " + request.getParameter("error"));
%>
<div id="errorLogin">Invalid username or password</div>
<br/>
<div><span id="loginAttempt"><script>loginAttempts("<%=user%>");</script></span></div>
<%
}
%>
<input type="submit" value="Login">
</form>
</div>
<% response.setHeader("Cache-Control", "no-cache"); // HTTP 1.1
response.setHeader("Cache-Control", "no-store");
response.setHeader("Pragma", "no-cache"); // HTTP 1.0
response.setHeader("Expires", "0"); // Prevents cache at proxy server
%>
</body>
</html>
javascipt.js
var loginattempts = null;
var temp;
function loginAttempts(user) {
//var user = document.getElementById('user').value;
var div = document.getElementById('loginAttempt');
var msg = "Warning: Login attempts remaining: ";
loginattempts = getCookie("login");
if (loginattempts === "" || loginattempts === null) {
createCookie("login", 3, 5);
temp = getCookie("login");
div.textContent = msg + temp.toString();
} else if (loginattempts === "0" || loginattempts === 0) {
div.textContent = user + " has been locked out";
} else {
temp = getCookie("login") - 1 ;
div.textContent = msg + temp.toString();
}
debugger;
}
function getCookie(cname) {
var name = cname + "=";
var decodedCookie = decodeURIComponent(document.cookie);
var ca = decodedCookie.split(';');
for(var i = 0; i <ca.length; i++) {
var c = ca[i];
while (c.charAt(0) === ' ') {
c = c.substring(1);
}
if (c.indexOf(name) === 0) {
return c.substring(name.length, c.length);
}
}
return "";
}
function createCookie(cname, cvalue, exdays) {
var d = new Date();
d.setTime(d.getTime() + (exdays*24*60*60*1000));
var expires = "expires=" + d.toUTCString();
document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
}
server.xml lockout:
<Realm className="org.apache.catalina.realm.LockOutRealm" failureCount="3" lockOutTime="900" cacheSize="1000" cacheRemovalWarningTime="3600">
1 answers
solution1
0 2017-06-22 17:57:20
我自己解决了这个问题,我使用Cookie来存储信息。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.