Hi, I have a requirement to restrict login attempts to Guvnor to prevent BruteForceAttacks. For authentication I am using JAAS authentication with Guvnor. Is there any option in Guvnor/Seam/JAAS to configure such requirement ? E.g., A user can try a maximum of 3 unsuccessful attempts for login. If user fails in all 3 login attempts then the user has to wait for 5 minutes. My Environment : 1. JBOSS EAP 6.1.0 2. Drools-Guvnor 5.5.0-Final; Thanks and Best Regards, ¬ Zahid Ahmed Senior Software Engineer | Emirates Group IT P.O. Box 686 | Dubai, United Arab Emirates T +971 4 203 3912| M +971 55 124 9171