I am trying to figure out how to throttle logins (http://stackoverflow.com/questions/570160/throttling-login-attempts) using Spring Security. Somebody knows?
Check out this post where programmatical author implements an account lockout policy based on the number of failed login attempts. Perhaps a variation of this is what you need?