We are currently using SRP for user authentication from a GUI client. We want to be able to block a user account after tree login failures. Currently we only implemented our version of a SRPVerifierStore that gets used by the JBoss SRPService. Besides the verifier store there is no interaction with our code during authentication on the server side. I was wondering if anyone could give me a hint on how to hook into the JBoss SRPService implementation to account for the login failures.