I don't think you can get past that. Even the "Get Profile Handle" API increases the invalid password count.
Matt
----------------------------------------------------------------------
message: 1
date: Mon, 14 Jun 2010 14:31:13 +0200
from: Thorbj?rn Ravn Andersen <thunderaxiom@xxxxxxxxxxx>
subject: RE: Prompting for iseries user ID and password on a web
application
Authenticroast seems to be a very interesting project.
Is there ANY way to validate an AS400 login which does not count in the way
down to disabling the account?
If so, that would be very convenient for such a module.
/Thorbj?rn
-----Original Message-----
From: java400-l-bounces@xxxxxxxxxxxx [mailto:java400-l-bounces@xxxxxxxxxxxx]
On Behalf Of Joe Sam Shirah
Sent: 11. juni 2010 20:44
To: Java Programming on and around the iSeries / AS400
Subject: Re: Prompting for iseries user ID and password on a web application
Hi,
Excuse my Americanism, I don't know if your first name is Lim or
Hock-Chai.
While I don't disagree with Matt's response on downsides, I understand
the reasoning for a single set of credentials, and if it's a user
requirement, there you go.
If your app server versions support JSR-196, there's a project that
allows you to use form based and other container managed security with any
method(s) of authentication and authorization that you want:
http://code.google.com/p/authenticroast/
I used it in a situation where US employees were validated from Active
Directory, and employees of other subsidiaries used a different method to
validate credentials. Since most containers are set up for a single type of
authentication, it really looked like trouble, but was a user requirement.
AuthenticRoast worked out really well for me. The container notifies
your method, you do whatever to validate and send back the result, and
that's pretty much it. In your case, you can use JTOpen methods to vaildate
AS/400 credentials. You could also simulate what I did by first using your
"normal" method, then trying the AS/400 if the first way fails.
midrange.com
