{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 孤傲高冷的网名 的问题《Jetty UserRealm redirect on 3th failed login》','https://www.manongdao.com/q-710769.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
If I have a custom Jetty UserRealm implementation and its configured for basic authentication (with SSL), is there any way to get it to go to an specific page after the 3rd failed login?
Well really I just want to display some contact information to the user if they cannot login after 3 attempts.
Alternatively is it possible to display the exception which I throw from the
public Principal authenticate(final String username, final Object credentials, final Request request)
method when its configured as basic authentication?
Thanks Neil
The
BasicAuthenticatoris responsible for sending the 403 response when there's no valid credentials in the request.Looking at the Jetty 6 source, you're best bet is probably to subclass the BasicAuthenticator and override
public void sendChallenge(UserRealm realm,Response response)}
Obviously the problem doing this is that you don't have access to the
HttpServletRequestwhich may make tracking request attempts more difficult. You could probably gain access to this viaHttpConnection.getCurrentConnection(). Otherwise the code forBasicAuthenticatordoesn't lend itself to extension without a blob of copy/paste, but that may be OK in your case.I'm ignoring the issue of how you track the number of requests have been made in the same authentication attempt, that's going to be dependent upon how your clients are connecting.
Alternatively you can set the
ErrorHandleron the context, which is used whenHttpResponse.sendErroris called, which will be the case when you throw an exception in your realm.I'd probably opt to use the first method as it more clearly separates responsibilities.