How can I limit login attempts in Spring Security?

Question

Is there some configuration or available module in Spring Security to limit login attempts (ideally, I\'d like to have an increasing wait time between subsequent failed atte

Answer 1

Implement an AuthenticationFailureHandler that updates a count/time in the DB. I wouldn't count on using the session because the attacker is not going to be sending cookies anyway.