Authentication question

I have a slightly odd need, and since I’m still somewhat new to Rails, I’d love your feedback.

My app has a set of public stuff, (which will live at, a set of admin pages (which will live at, and the bulk of the app, which will live at, where “subdomain” is chosen by the user when they sign up for my service. For the users, they’ll be authenticated

against the combination of the subdomain and their supplied username and password - each subdomain has its own set of users which are not shared with other subdomains.

I’m trying to figure out how to set up my controllers and

authentication code to make all of this work. My tentative approach is to use the Request Routing plugin to set up specific routes for “www” and “admin” subdomains, routing them to special controllers with

special authentication strategies (none for www, separate user list for admin), then locking down all other controllers with a before_filter to validate against both subdomain and username/PW.

Is this the right approach, or can someone point me to a more

enlightened one?

  • John