Detect a realm authentication failure reason in Tomcat

Question

I wrote a custom Realm for Tomcat 7. I wrap it in the lockout Realm provided by the default installation of Tomcat. The lockout feature works fine, but in my web.xml, I have

Answer 1

Have same question. There might be something in the request scope. Have experience with another lockout realm that I used with Tomcat 5.5 and it would put into the request scope "com.ofc.tomcat.LOGIN_FAILURE_MESSAGE" and if that was not present then the user must have been locked out.