Open ppazos opened 8 years ago
I think we can create ActivityLogs for after action execute or after view rendered, so we get the attempt in the before execute, and the wrong login result in the after execute.
We can add dismissalble notifications with the client ip so admins can take actions from possible attacks
The failed logins are saved in ActivityLogs.
I tried to save the username but it is not on the params. Asked on stack overflow: https://stackoverflow.com/questions/44489748/get-username-on-failed-login-on-grails-2-5-5-w-spring-security
Will try this later: http://www.redtoad.ca/ataylor/2011/05/logging-spring-security-events-in-grails/
All access to Production Systems must be logged, including login attempts with contextual data (IP/country, timestamp, number of attempts, etc)
This has to do with production system security and intrusion/attack detection.