[jboss-user] [JBoss Seam] - Re: Multiple Domain Quesiton

[rjstanford]

I agree - let me explain myself a little better.  With this setup, there's effectively one control application that contains a large number of potentially useful URLs.  The display sites, generated by the same app, contain a much smaller list of URLs.

When a non-control user (who doesn't even know that the control site exists) visits a random URL, ie: "http://theirsite.com/foo", they receive a 404 error.  If they visit a URL that on the control site (ie: http://control.com/admin), that will return them an error message saying that they're not logged in - standard security practice.  If they visit "http://theirsite.com/admin") though, even though to the app its a legitimate endpoint, I wish to present them with a 404 error since its not known to their URL.

One way to do this would be to have a test in the SecurityException (or however Seam security is best implemented) that normally redirects to the login page that consumes the exception and rethrows a page not found exception.  That doesn't seem particularly "correct", per se, so I was curious as to whether there was a known, better solution.

Its not going to be quite as messy as it sounds, by the way - all of the domains will have the same structure as far as pages existing or not existing, with the exception of the "control" domain.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4035377#4035377

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4035377