[jboss-user] [JBoss Seam] - Re: Multiple Domain Quesiton

spambob do-not-reply at jboss.com
Sat Apr 7 11:28:09 EDT 2007

Lolz, you misunderstood me! I don't have the intention to build a security model relying on the http referrer or similar stuff instead of seams security model. I just want to send different responses for security exceptions depending on the view id that is accessed.

E.g. I normally would redirect to some page showing the proper message - "You don't have the necessary rights", "Please login", ... But for a part of my site - e.g. /admin/* - I would like to return only a 404 if the user isn't logged in or isn't in the role 'admin'. This way normal users can't prove that /admin exists and wont start fiddling with it.

I hope it's clearer now ;) - anyway: thanks for the warning.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4035529#4035529

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4035529

More information about the jboss-user mailing list