If our URL is HTTP://www.site.com/uri
The domain is www.site.com
How do we deal with forgot password? A user is still a user, does not matter what site they are one.
On the Account page, should we show the available URLs for that user? www.site -1 .com etc…
If the user navigates to a site/URL/domain that they are not logged into, should we tell them to logoff first? yes. tell them " you are navigating away from www.site.com, to continue, log out first.
-
IsInRole needs to include Domain test against Principal.domain.
-
Done – Authorities needs to include Domain
-
Done – Principle needs to include Domain
-
When the Roles are assigned by sellerID, the site/domain is also assigned.
-
???? – When the User is created, the site/domain is put in the RolePrincipal User authority.
-
Done – SellerID needs to be removed from User table as it is Role controlled.
This will allow for:
| User | Athority | Domain |
|---|---|---|
| david | user | java.qbytesworld.com |
| david | user | blob.qbytesworld.com |
| david | user | gamin.qbytesworld.com |
When david logs in to java.qbytesworld.com, he will get 1 Principle of "user".
Whatever site the user logs into, is the authorities assigned for the URL.
http://publib.boulder.ibm.com/infocenter/iseries/v5r4/index.jsp?topic=/rzaha/jaaswrld.htm