[jboss-user] [JBoss Seam] - Re: Multiple Domain Quesiton
spambob
do-not-reply at jboss.com
Sat Apr 7 11:28:09 EDT 2007
Lolz, you misunderstood me! I don't have the intention to build a security model relying on the http referrer or similar stuff instead of seams security model. I just want to send different responses for security exceptions depending on the view id that is accessed.
E.g. I normally would redirect to some page showing the proper message - "You don't have the necessary rights", "Please login", ... But for a part of my site - e.g. /admin/* - I would like to return only a 404 if the user isn't logged in or isn't in the role 'admin'. This way normal users can't prove that /admin exists and wont start fiddling with it.
I hope it's clearer now ;) - anyway: thanks for the warning.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4035529#4035529
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4035529
More information about the jboss-user
mailing list