At the Moment I am using Jackrabbit 2.6.3 as JCR backend and i would like to implement a possibility to separate different tenant(e.g. storing a tenant ID).
Is there any standard property that is recommended for this usecase or should i create a custom nodetype that contains the new tenant ID property?
Is multitenancy supported by JCR API or Jackrabbit?
Thanks you advance for helping me.
kind regards,
shan
no multitenancy is not a feature of Jackrabbit. There are different approaches for doing this and it all depends on the requirements. A couple of options that I see would be:
A workspace for each tenant
A root folder for each tenant
A property containing the tenant id. (you can use a mixin for this)
Related
We are working on a spring boot library to generate and validate OTP. It uses database to store the OTP.
We are using Spring Data JPA for Database operations, as it will be easy to handle multiple database systems according to the project.
Now we have ran in to a problem, most of our projects uses Oracle with a single database.
When using the the same lib in multiple projects there is a name conflict.
So we want the name of the OTP table to be configurable using a property file.
We tried #Table(name = "${otp-table-name}") But its not working.
We did a lots of research and found out the hibernate naming strategy configuration can help.
But we dont want to use lots of configuration in our library as we need the library to be easily usable in the projects.
Can someone help us on this aspect.
Thanks in advance.
You can dynamically determine the actual DataSource based on the current context, use Spring's AbstractRoutingDataSource class. You could write your own version of this class and configure it to use a different data source based on the property file.
This allows you to switch between databases or schema without having to change the code in your library.
See: https://www.baeldung.com/spring-abstract-routing-data-source
Using a NamingStrategy is good approach.
You could let it delegate to an existing NamingStrategy and add a prefix.
Use a library specific default for the prefix, but also allow users of your library specify an alternative prefix.
This way your library can be used without extra configuration, but can also handle the case of multiple applications using it in the same database schema.
Of course this might involve the risk of someone using the default prefix without realizing that, that is already used.
It is not clear what the consequences of that scenario are.
If the consequences are really bad you should drop the default value and require that a project specific prefix is used.
When no prefix is specified throw an exception with an instructional error message telling the user, i.e. the developer how to pick a prefix and where to put it.
Like Jhipster generated app has out of box user management, I want to create a company/organization concept in JHipster so that every data is associated with its own organization/company
What is the best approach to handle it?
Have someone done it before?
First, for the database you should look at multitenancy in Hibernate and precisely at the discriminator column approach described in
https://docs.jboss.org/hibernate/orm/current/userguide/html_single/Hibernate_User_Guide.html#multitenacy and https://www.baeldung.com/hibernate-5-multitenancy
Then, for the REST layer, you should consider implementing a Spring MVC interceptor to map authenticated user to tenant id. For debugging purpose, you should also consider setting the tenant id in logback MDC so that you can see it in logs.
Finally, you got to think at the admin part, administrators should probably be able to access all data from all tenants. If admins should not be allowed to do so, you should consider encrypting data with a key per tenant.
There's a blueprint but it's not working for current JHipster 7 and team is looking for contributors. However, there are examples generated that you could look at for inspiration, https://sonalake.com/latest/multi-tenant-applications-with-jhipster/
How does multi-tenancy work?
Multi-tenancy is achieved by namespacing. A single Infinispan cluster can have several named caches (attached to the same CacheManager), and different named caches can have duplicate keys. So this is, in effect, multi-tenancy for your key/value store.
source
does anyone have an idea/example on how to configure a cache to be multitenant?
I have already read the documentation but I didn't find an example to follow.
ps: I am using infinispan in embedded mode
thank you
There is no configuration in Infinispan for multi-tenancy. The sentence explains how to achieve it: you use the cache name to distinguish the namespace.
For example, for a specific group of users, you can create caches with the name "group_a_<cache_name>". In addition, you can set up authentication (documentation)
Spring Security has this basic idea of a Principal and GrantedAuthority. I've implemented Spring Security and read this stackoverflow and understand at a basic level that a "ROLE" is nothing more than a GrantedAuthority prefixed with "ROLE_".
What I don't understand is why have this convention in the first place? Why have #PreAuthorize("hasRole('XYZ')") be equivilant to #PreAuthorize("hasAuthority('ROLE_XYZ')")?
What's so special about segregating Granted Authorities like this? What's the purpose?
Additionally, what is the best convention for applying these "ROLES" to specific instances of a Domain Model. Take for example a system that keeps track of projects and you want to explicitly give users access to view and edit certain projects. I could create ROLE_EDIT_PROJECT and ROLE_VIEW_PROJECT but that's application-wide. Where would you make the relationship of a ROLE to a specific project? A join table? Would you even involve Spring Security into this or build this type of security from scratch within your application?
I unfortunately don't know why this convention is used, probably just legacy code I would guess.
For the second part of your question, I would suggest using "hasPermission(project, 'view')" and define your own PermissionEvaluator.
more information can be found here
I need a why to change the JPA catalog element in my java class? We have many database environments which we need to be able to deploy our application too. Example: In your dev environment we have a database for new development, and production support. All database live on the same server so we have the following database names: am_web_dd and am_web_ps. So we need to be able to change the catalog at build time or start up time. We've thought of using Maven to do a search and replace during build but I was wondering if there is a way of doing this with a parameter?
Here is one of our #RooJpaActiceRecord statements:
#RooJpaActiveRecord(catalog = "am_web_t4", schema = "dbo", table = "user_t")
I would like to be able to make catalog a parameter. Is this possible? if not what would be the best approach?
Thank you for your time!
I know it is possible from a JPA standpoint, but I don't think you will be able to using straight Roo. This might help.
There may also be a way to use a Java Configuration object in Spring to build your JPA Entity Manager. I think that's were you want to set it.
The approach you suggest of making catalog dynamic would be suitable if you wanted to let the user choose/change the schema on demand, however, it looks like this is not your requirements, so I would steer away from this path as it more difficult than you need.
You can use spring profiles to define different database connections and use an environment variable to define which one is active. Spring profiles can be set in XML or java configuration classes.