I’m creating a SaaS application that uses an organizationId to separate tenants.
However we want to allow for unauthenticated requests to the tenant for a guest ecommerce checkout.
I’m designing this so that organizationPseudoId.moquiDomain.com will set the organizationId for unauthenticated requests (partyPseudoId has a unique index).
I know that I can access the subdomains from the ServletRequest.getServerName()
.
I would like to run code to not allow for multiple subdomains notAllowed.organizationPseudoId.moquiDomain.com
and give good errors if the organizationPseudoId
is not found. I assume this would be be done through a Servlet.Filter
like MoquiAuthFilter
, but include the MoquiServlet
.
Then that Servlet.Filter
can set a parameter like in ec.web.requestParameters
which hopefully would set as an in parameter for the service in the rest api. Ideally this would not be allowed to change with the user passing a parameter like organziationId
.
I’d be open to alternatives.
There are some thoughts on how to do use subdomains as a parameter.