Best way for a Spring MVC web app to detect a brute force attack?

Question

Are there any features specifically in Spring 3.0 MVC that would help implementing detection of a brute force attack on the authentication/login page of a web app?

Answer 1

The short answer is no, as far as I know Spring 3.0 MVC does not have anything to help you detect a brute force attack. I don't believe spring security 3.0 has anything either for that matter.

However, you should be able to implement something yourself by extending some of the UserDetailsServices.

It is sometimes advisable to record all login attempts, successful or not. If you're recording all failures (like in a database) you should be able to determine if someone/something is attempting a brute force attack on your site.

You should consider throttling login attempts like @road to yamburg described.