Authentication question

I have a slightly odd need, and since I’m still somewhat new to Rails,
I’d love your feedback.

My app has a set of public stuff, (which will live at

www.mydomain.com
), a set of admin pages (which will live at
admin.mydomain.com), and the bulk of the app, which will live at

subdomain.mydomain.com, where “subdomain” is chosen by the user when
they sign up for my service. For the users, they’ll be authenticated

against the combination of the subdomain and their supplied username
and password - each subdomain has its own set of users which are not
shared with other subdomains.

I’m trying to figure out how to set up my controllers and

authentication code to make all of this work. My tentative approach is
to use the Request Routing plugin to set up specific routes for “www”
and “admin” subdomains, routing them to special controllers with

special authentication strategies (none for www, separate user list for
admin), then locking down all other controllers with a before_filter to
validate against both subdomain and username/PW.

Is this the right approach, or can someone point me to a more

enlightened one?

  • John