I developed an application with spring-data-rest.
I love it and it works like a charme.
What I want to do (to implement one backend for multiple customers) is to change the datasource of my repository depending on an apikey which is sent in a custom request header.
The connection info (url, credentials, database) can be retrieved from an external microservice which manages all the database configurations.
The idea is to retrieve all available database connections on startup and store them in a map with apikey as key and the connection info as value.
I´m not clear about how I can change the datasource of my repo for each incoming request at runtime.
Any ideas?
Depending on your JPA provider, what you are wanting will be multi-tenancy support.
For Hibernate, there is a nice multi-tenancy API available that plugs in with Spring very nicely for configuring what data source to use. MultiTenantConnectionProvider and CurrentTenantIdentifierResolver for some API details.
I finally found a solution using the AbstractRoutingDataSource.
This article saved my day. A really easy to use and to understand solution.
http://fizzylogic.nl/2016/01/24/Make-your-Spring-boot-application-multi-tenant-aware-in-2-steps/
Related
I have a single grails (3.3.5) web server, and I am interested in improving the availability and I'd like to add another server and put a load balancer in front of it.
Rather than share sessions between servers, or use sticky sessions, i'd like to know if there is a good way to have a session-less front-end server. I don't use sessions for anything other than using spring-security to validate the session token that it is using to identify the user.
I'd like to find a token based authentication system suitable for the front-end such that the token is safe and sufficient for identifying the current user.
I've seen the grails-spring-security-rest plugin which looks promising, but it seems like everyone is using it for back-end rest api calls. Is it also suitable for front-end authentication when you aren't storing application data in the webapp session?
If you don't use the session objects in your controller then tomcat will not create any sessions for you.
Also you can define your controllers to be
static singleton = true
then they will be instantiated not on per-request basis.
Now, if you still want to use sessions, you can use something like Cookie Sessions and keep your data inside the cookies instead of tomcat's memory.
I haven't used the grails-spring-security-rest, but you should be able to tweak spring-security-core to be session-less. You should set scr.allowSessionCreation to false and use remember-me.
Since Grails is built on Spring Boot, you can access all the features of Spring Session (https://docs.spring.io/spring-session/docs/2.0.x/reference/html5/), which includes the ability to share session data between server instances with some data store instead of keeping it in memory.
In those docs you'll find this pointer to a guide with a Grails 3.1 example that uses Redis as the store. https://github.com/spring-projects/spring-session/tree/2.0.3.RELEASE/samples/misc/grails3
Is it also suitable for front-end authentication when you aren't storing application data in the webapp session?
Yes, you can use JWT tokens in your front-end. You need to properly configure the security filters of your controllers so that they are not using cookie for authentication but they are looking for JWT.
See : http://alvarosanchez.github.io/grails-spring-security-rest/latest/docs/#_plugin_configuration for configuration of endpoints that should validate JWT tokens.
Have a look at https://github.com/hantsy/angularjs-grails-sample/wiki/3-basic-auth for a stateless example with Angular.
We are currently trying to integrate Spring Security into our application.
Our application used to store data in native XMLs. We are in the process of integrating with MySQL.
However, certain sites are still having lots of data in XML and we want to provide backward compatibility.
So does spring security provide authentication mechanism for XML based database just like it does for SQL and LDAP?
Is there a way around this problem?
I am building a multi-tenant application, where the tenant database configuration are stored in Redis. Based on the request, I will query the Redis to get the database and schema configured for that tenant, this application is built on spring boot.
I took a look at spring boot's JPA sample, and did some more google to find a suitable solution for this, unfortunately, I couldn't find one.
Is this really possible to use JPA sample provided here ?
https://github.com/spring-projects/spring-boot/tree/master/spring-boot-samples/spring-boot-sample-data-jpa
Please suggest me any other best possible way to tackle this problem
Thanks
Spring Data JPA uses JPA annotations to define domain model. These JPA entities define schema for your database. Obviously you can't change these entities, nor DB schema on runtime.
So no, updating schema on runtime is not possible with Spring Boot + Spring Data JPA combo.
Database connection (e.g. DB URL, username password) could be more flexible. You would need to create DataSource beans programmatically and somehow programatically define which data source to use for each query per tenant. But this wasn't requirement of Spring nor JPA ecosystem, therefore you may face lot of issues.
I was working on such system before, but we were using plain SQL queries via JDBC and were creating DB connection programatically to achieve schema changes on runtime.
A simple question, what is the use of Spring session where I can do a login with session using spring security?
What feature can spring session offer?
To put it simple, Spring Session project provides infrastructure for managing user's session.
Most notably, this includes replacing the HttpSession implementation provided by your Servlet container (e.g. Tomcat) with an implementation provided by Spring Session which is then persisted using SessionRepository implementation of your choice (Redis, Gemfire, Hazelcast, JDBC, Mongo are supported backends in current 1.2.0.RELEASE). This ensures your sessions are stored in container/platform agnostic way and makes session clustering very easy.
Additionally, Spring Session provides some other nice features such as:
configurable strategies for correlating user's requests with a session (either cookie or HTTP request header based)
support for multiple sessions in a single browser instance
WebSocket integration, meaning the HttpSession is kept alive when consuming only WebSocket
ability to retrieve all the sessions for a given user
For more information please take a look at Spring Session's user manual as it contains detailed guides which describe the most common use cases.
I've been working with the default database model provided by Spring Security to authenticate users. I've realized that Spring Security looks for these tables in the default schema configured for the database engine.
Now, suppose the following:
You are working with PostgreSQL and you have 2 schema: schemaOne and schemaTwo, where schemaOne is configured as the dafault one for the engine. Then, suppose that you have an application that uses schemaTwo, then you will need Spring Security database model to be in that schema. So, once you try to run your application, Spring Security will try to look for the authentication model in schemaOne.
So, my question is: is there a way to push Spring Security to use a different schema than the default one configured for the database engine?.
Thank you.
Well, you can configure custom JDBC queries, for example:
With XML - override authorities-by-username-query, etc.
With JavaConfig - set authoritiesByUsernameQuery(String), etc.
But, I don't think you can just set the schema name.