Home/ Questions/Q 8104313
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-05T23:48:23+00:00

Does the Spring Security plugin for Grails support automatically locking an account after X

  • 0

Does the Spring Security plugin for Grails support automatically locking an account after X failed login attempts? The docs section for “Account Locking” only mentions that there is an accountLocked property.

If not out of the box, what would be the best way to implement it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    No, it does not handle it for you. You would need to keep track of login attempts and then lock it yourself. The docs say as much here.

    You can use this functionality to manually lock a user’s account or
    expire the password, but you can automate the process. For example,
    use the Quartz plugin to periodically expire everyone’s password and
    force them to go to a page where they update it. Keep track of the
    date when users change their passwords and use a Quartz job to expire
    their passwords once the password is older than a fixed max age.

    I would use the Event features of the plugin and implement my own AuthenticationFailureEvent. Keep track of login attempts for a User and on the 3rd try, flip the lock bit. You may also want to implement your own AuthenticationSuccessEvent so that you can reset the bit if they get it before the 3rd try.

    • 0