In this tutorial we will look at some of the important features required for a multi-tenant service and how do we leverage springframework to deliver a service that is truly enabled for a modern multi-tenant service.
Here are couple of the important aspects of a multi-tenant service.
- Everybody gets their own endpoints
- Everybody can be given their own databases
Let's design how our endpoint URLs would look like keeping tenancy in mind. We add a discriminator in the URL that identified a tenant. For example our OAuth URLs would become something like below.
http://example.com/tenant1/oauth/token http://example.com/tenant1/oauth/check_token
To accomplish, we define our RequestMapping with an embedded tenant variable that becomes part of each of the URLs.
public static final String BASE_ENDPOINT = "/{tenant}";
public static final String USER_ENDPOINT = BASE_ENDPOINT + "/user";
public static final String REGISTRATION_ENDPOINT = BASE_ENDPOINT + "/registration";As we can see, the first part of the URL defines the tenant. It is not mandatory but I also design the service so that a header is expected that also defines the tenant. This is just to guard against some client mistakenly calling a wrong tenant because the same tenant has to be added in two places. We will use following header.
X-tenant:tenant1
Every incoming request into the system needs to know the tenant and the authenticated user that is part of the request. We define a sequence of filters for this purpose. Since these filters need to be called in a particular order, we define the order as follow.
public static final int TENANT_HEADER_PRECEDENCE = Ordered.HIGHEST_PRECEDENCE; public static final int SEED_DATA_PRECEDENCE = TENANT_HEADER_PRECEDENCE - 1; public static final int TENANT_PRECEDENCE = SEED_DATA_PRECEDENCE - 1; public static final int USER_PRECEDENCE = Ordered.LOWEST_PRECEDENCE;
As you can see we are going to define four filters which will perform specific functions.
- TenantHeader filter will extract tenant header from the incoming request, match the URL piece with the header and set it in a ThreadLocal variable.
- SeedData filter is only require to create some seed data to make the service usable. We need a default tenant in the system so that we can start making some requests. This doesn't do anything most of the time.
- Tenant filter will extract the tenant object and set it into another ThreadLocal variable.
- User filter is the last in the precedence and will extract the current authenticated user and will store it into a ThreadLocal.
We are using following TutorialRequestContext class to store these thread local variables.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.utils; | |
| import in.springframework.blog.tutorials.entities.Tenant; | |
| import in.springframework.blog.tutorials.entities.User; | |
| public class TutorialRequestContext { | |
| public static final ThreadLocal<Tenant> currentTenant = new ThreadLocal<>(); | |
| public static final ThreadLocal<User> currentUser = new ThreadLocal<>(); | |
| public static final ThreadLocal<String> currentTenantDiscriminator = new ThreadLocal<>(); | |
| } |
Now let's look at these filters one by one.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.filters; | |
| import in.springframework.blog.tutorials.exceptions.InvalidTenantDiscriminatorException; | |
| import in.springframework.blog.tutorials.utils.MyConstants; | |
| import in.springframework.blog.tutorials.utils.TutorialRequestContext; | |
| import org.codehaus.jackson.map.ObjectMapper; | |
| import org.springframework.beans.factory.annotation.Value; | |
| import org.springframework.core.annotation.Order; | |
| import org.springframework.http.HttpStatus; | |
| import org.springframework.http.MediaType; | |
| import org.springframework.stereotype.Component; | |
| import org.springframework.web.context.WebApplicationContext; | |
| import org.springframework.web.context.support.WebApplicationContextUtils; | |
| import javax.servlet.*; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.io.File; | |
| import java.io.IOException; | |
| import java.util.HashMap; | |
| import java.util.Map; | |
| @Component | |
| @Order(MyConstants.TENANT_HEADER_PRECEDENCE) | |
| public class TenantHeaderFilter implements Filter { | |
| public static final String TENANT_HEADER = "X-tenant"; | |
| private static final String defaultClient = "supersecretclient"; | |
| private static final String defaultSecret = "supersecretclient123"; | |
| @Value("${tutorial.default.tenant.discriminator:default}") | |
| private String defaultDiscriminator; | |
| @Override | |
| public void doFilter(ServletRequest request, | |
| ServletResponse response, | |
| FilterChain chain) throws IOException, ServletException { | |
| HttpServletRequest httpServletRequest = (HttpServletRequest)request; | |
| HttpServletResponse httpServletResponse = (HttpServletResponse) response; | |
| String[] dirs = httpServletRequest.getRequestURI().split(File.separator); | |
| String tenantDiscriminatorInPath = dirs[1]; | |
| WebApplicationContext webApplicationContext | |
| = WebApplicationContextUtils.getWebApplicationContext(request.getServletContext()); | |
| String tenantDiscriminator = httpServletRequest.getHeader(TENANT_HEADER); | |
| if (tenantDiscriminatorInPath.equals(tenantDiscriminator)) { | |
| TutorialRequestContext.currentTenantDiscriminator.set(tenantDiscriminator); | |
| chain.doFilter(request, response); | |
| } | |
| else { | |
| httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value()); | |
| httpServletResponse.setContentType(MediaType.APPLICATION_JSON_VALUE); | |
| Map<String, Object> errorDetail = new HashMap<>(); | |
| errorDetail.put("message", String.format("The header X-tenant should be same as the tenant discriminator in URL. Currently are %s and %s ", tenantDiscriminator, tenantDiscriminatorInPath)); | |
| ObjectMapper mapper = new ObjectMapper(); | |
| mapper.writeValue(httpServletResponse.getWriter(), errorDetail); | |
| throw new InvalidTenantDiscriminatorException(String.format("The header X-tenant should be same as the tenant discriminator in URL. Currently are %s and %s ", tenantDiscriminator, tenantDiscriminatorInPath)); | |
| } | |
| } | |
| } |
This filter just extracts the X-tenant header stores in the thread local.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.filters; | |
| import in.springframework.blog.tutorials.entities.Tenant; | |
| import in.springframework.blog.tutorials.services.ClientService; | |
| import in.springframework.blog.tutorials.services.TenantService; | |
| import in.springframework.blog.tutorials.utils.MyConstants; | |
| import org.springframework.core.annotation.Order; | |
| import org.springframework.stereotype.Component; | |
| import org.springframework.web.context.WebApplicationContext; | |
| import org.springframework.web.context.support.WebApplicationContextUtils; | |
| import javax.servlet.*; | |
| import javax.servlet.http.HttpServletRequest; | |
| import java.io.IOException; | |
| @Component | |
| @Order(MyConstants.SEED_DATA_PRECEDENCE) | |
| public class SeedDataInitializationFilter implements Filter { | |
| public static final String TENANT_HEADER = "X-tenant"; | |
| private static final String defaultClient = "supersecretclient"; | |
| private static final String defaultSecret = "supersecretclient123"; | |
| @Override | |
| public void doFilter(ServletRequest request, | |
| ServletResponse response, | |
| FilterChain chain) throws IOException, ServletException { | |
| HttpServletRequest httpServletRequest = (HttpServletRequest)request; | |
| WebApplicationContext webApplicationContext | |
| = WebApplicationContextUtils.getWebApplicationContext(request.getServletContext()); | |
| TenantService tenantService = webApplicationContext.getBean(TenantService.class); | |
| ClientService clientService = webApplicationContext.getBean(ClientService.class); | |
| if (tenantService.count() == 0) { | |
| Tenant tenant = new Tenant(); | |
| tenant.setDescription("Default tenant for the system"); | |
| tenant.setDiscriminator("default"); | |
| tenant.setName("Default Tenant"); | |
| tenant.setDefaultValue(true); | |
| } | |
| chain.doFilter(request, response); | |
| } | |
| } |
This filter checks that there should be atleast one tenant in the system, if not found, it inserts a default tenant. This is required so that we can use rest calls.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.filters; | |
| import in.springframework.blog.tutorials.entities.Tenant; | |
| import in.springframework.blog.tutorials.exceptions.InvalidTenantDiscriminatorException; | |
| import in.springframework.blog.tutorials.services.TenantService; | |
| import in.springframework.blog.tutorials.utils.MyConstants; | |
| import in.springframework.blog.tutorials.utils.TutorialRequestContext; | |
| import org.codehaus.jackson.map.ObjectMapper; | |
| import org.springframework.beans.factory.annotation.Value; | |
| import org.springframework.core.annotation.Order; | |
| import org.springframework.http.HttpStatus; | |
| import org.springframework.http.MediaType; | |
| import org.springframework.stereotype.Component; | |
| import org.springframework.web.context.WebApplicationContext; | |
| import org.springframework.web.context.support.WebApplicationContextUtils; | |
| import javax.servlet.*; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpServletResponse; | |
| import java.io.IOException; | |
| import java.util.HashMap; | |
| import java.util.Map; | |
| import java.util.Optional; | |
| @Component | |
| @Order(MyConstants.TENANT_PRECEDENCE) | |
| public class TenantFilter implements Filter { | |
| public static final String TENANT_HEADER = "X-tenant"; | |
| private static final String defaultClient = "supersecretclient"; | |
| private static final String defaultSecret = "supersecretclient123"; | |
| @Value("${tutorial.default.tenant.discriminator:default}") | |
| private String defaultDiscriminator; | |
| @Override | |
| public void doFilter(ServletRequest request, | |
| ServletResponse response, | |
| FilterChain chain) throws IOException, ServletException { | |
| HttpServletRequest httpServletRequest = (HttpServletRequest)request; | |
| HttpServletResponse httpServletResponse = (HttpServletResponse)response; | |
| WebApplicationContext webApplicationContext | |
| = WebApplicationContextUtils.getWebApplicationContext(request.getServletContext()); | |
| TenantService tenantService = webApplicationContext.getBean(TenantService.class); | |
| String tenantDiscriminator = TutorialRequestContext.currentTenantDiscriminator.get(); | |
| Optional<Tenant> optionalTenant = tenantService.retrieveTenantsByDiscriminator(tenantDiscriminator); | |
| if (!optionalTenant.isPresent()) { | |
| httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value()); | |
| httpServletResponse.setContentType(MediaType.APPLICATION_JSON_VALUE); | |
| Map<String, Object> errorDetail = new HashMap<>(); | |
| errorDetail.put("message", String.format("Tenant %s doesn't exist", tenantDiscriminator)); | |
| ObjectMapper mapper = new ObjectMapper(); | |
| mapper.writeValue(httpServletResponse.getWriter(), errorDetail); | |
| throw new InvalidTenantDiscriminatorException(String.format("Tenant %s doesn't exist", tenantDiscriminator)); | |
| } | |
| else { | |
| TutorialRequestContext.currentTenant.set(optionalTenant.get()); | |
| } | |
| chain.doFilter(request, response); | |
| } | |
| } |
This filter extract the complete Tenant object from the database and stores it into the thread local.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.filters; | |
| import in.springframework.blog.tutorials.entities.User; | |
| import in.springframework.blog.tutorials.services.UserService; | |
| import in.springframework.blog.tutorials.utils.MyConstants; | |
| import in.springframework.blog.tutorials.utils.TutorialRequestContext; | |
| import org.springframework.core.annotation.Order; | |
| import org.springframework.security.core.context.SecurityContextHolder; | |
| import org.springframework.stereotype.Component; | |
| import org.springframework.web.context.WebApplicationContext; | |
| import org.springframework.web.context.support.WebApplicationContextUtils; | |
| import javax.servlet.*; | |
| import java.io.IOException; | |
| import java.util.Optional; | |
| @Component | |
| @Order(MyConstants.USER_PRECEDENCE) | |
| public class CurrentUserExtractionFilter implements Filter { | |
| public static final String TENANT_HEADER = "X-tenant"; | |
| @Override | |
| public void doFilter(ServletRequest servletRequest, | |
| ServletResponse servletResponse, | |
| FilterChain filterChain) throws IOException, ServletException { | |
| WebApplicationContext webApplicationContext | |
| = WebApplicationContextUtils.getWebApplicationContext(servletRequest.getServletContext()); | |
| UserService userService = webApplicationContext.getBean(UserService.class); | |
| if (SecurityContextHolder.getContext().getAuthentication() != null) { | |
| Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); | |
| String username = null; | |
| if (principal instanceof org.springframework.security.core.userdetails.User) { | |
| username = ((org.springframework.security.core.userdetails.User)principal).getUsername(); | |
| } | |
| else if (principal instanceof String) { | |
| username = (String)principal; | |
| } | |
| Optional<User> optionalUser = userService.findByUsername(username); | |
| if (optionalUser.isPresent()) { | |
| TutorialRequestContext.currentUser.set(optionalUser.get()); | |
| } | |
| } | |
| filterChain.doFilter(servletRequest, servletResponse); | |
| } | |
| } |
This filter extract currently authenticate user and populates it in the thread local.
In the last tutorial, we used the spring provided default ClientDetailsService, we create our own service in this tutorial to make sure we can have a schema that we like. To do that we need a entity, TutorialClientDetails and a service TutorialClientDetailsService.
This entity just implements the ClientDetails interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.entities; | |
| import lombok.Getter; | |
| import lombok.Setter; | |
| import org.springframework.data.jpa.domain.support.AuditingEntityListener; | |
| import org.springframework.security.core.GrantedAuthority; | |
| import org.springframework.security.oauth2.provider.ClientDetails; | |
| import javax.persistence.*; | |
| import java.util.Collection; | |
| import java.util.HashMap; | |
| import java.util.Map; | |
| import java.util.Set; | |
| import java.util.stream.Collectors; | |
| @Getter | |
| @Setter | |
| @Entity | |
| @Table(name = "clients", | |
| uniqueConstraints = | |
| { | |
| @UniqueConstraint(name = "uq_clientId", columnNames = {"clientId"}) | |
| }) | |
| @EntityListeners(AuditingEntityListener.class) | |
| public class TutorialClientDetails implements ClientDetails { | |
| public String getClientId() { | |
| return clientId; | |
| } | |
| public void setClientId(String clientId) { | |
| this.clientId = clientId; | |
| } | |
| public Set<String> getResourceIds() { | |
| return resourceIds; | |
| } | |
| public void setResourceIds(Set<String> resourceIds) { | |
| this.resourceIds = resourceIds; | |
| } | |
| public String getClientSecret() { | |
| return clientSecret; | |
| } | |
| public void setClientSecret(String clientSecret) { | |
| this.clientSecret = clientSecret; | |
| } | |
| public Set<String> getScope() { | |
| return scope; | |
| } | |
| public void setScope(Set<String> scope) { | |
| this.scope = scope; | |
| } | |
| public Set<String> getAuthorizedGrantTypes() { | |
| return authorizedGrantTypes; | |
| } | |
| public void setAuthorizedGrantTypes(Set<String> authorizedGrantTypes) { | |
| this.authorizedGrantTypes = authorizedGrantTypes; | |
| } | |
| public Set<String> getWebServerRedirectUri() { | |
| return webServerRedirectUri; | |
| } | |
| public void setWebServerRedirectUri(Set<String> webServerRedirectUri) { | |
| this.webServerRedirectUri = webServerRedirectUri; | |
| } | |
| public void setAuthorities(Set<GrantedAuthority> authorities) { | |
| this.authorities = authorities; | |
| } | |
| public int getAccessTokenValidity() { | |
| return accessTokenValidity; | |
| } | |
| public void setAccessTokenValidity(int accessTokenValidity) { | |
| this.accessTokenValidity = accessTokenValidity; | |
| } | |
| public int getRefreshTokenValidity() { | |
| return refreshTokenValidity; | |
| } | |
| public void setRefreshTokenValidity(int refreshTokenValidity) { | |
| this.refreshTokenValidity = refreshTokenValidity; | |
| } | |
| public void setAdditionalInformation(Map<String, String> additionalInformation) { | |
| this.additionalInformation = additionalInformation; | |
| } | |
| public boolean isAutoApprove() { | |
| return autoApprove; | |
| } | |
| public void setAutoApprove(boolean autoApprove) { | |
| this.autoApprove = autoApprove; | |
| } | |
| @Override | |
| public boolean isSecretRequired() { | |
| return clientSecret != null; | |
| } | |
| @Override | |
| public boolean isScoped() { | |
| return scope != null && !scope.isEmpty(); | |
| } | |
| @Override | |
| public Set<String> getRegisteredRedirectUri() { | |
| return webServerRedirectUri; | |
| } | |
| @Override | |
| public Collection<GrantedAuthority> getAuthorities() { | |
| return authorities.stream().collect(Collectors.toSet()); | |
| } | |
| @Override | |
| public Integer getAccessTokenValiditySeconds() { | |
| return accessTokenValidity; | |
| } | |
| @Override | |
| public Integer getRefreshTokenValiditySeconds() { | |
| return refreshTokenValidity; | |
| } | |
| @Override | |
| public boolean isAutoApprove(String s) { | |
| return autoApprove; | |
| } | |
| public Map<String, Object> getAdditionalInformation() { | |
| Map<String, Object> returnMap = new HashMap<>(); | |
| additionalInformation.forEach((k,v) -> returnMap.put(k, v)); | |
| return returnMap; | |
| } | |
| @Id | |
| private String clientId; | |
| @ElementCollection(fetch = FetchType.EAGER) | |
| private Set<String> resourceIds; | |
| private String clientSecret; | |
| @ElementCollection(fetch = FetchType.EAGER) | |
| private Set<String> scope; | |
| @ElementCollection(fetch = FetchType.EAGER) | |
| private Set<String> authorizedGrantTypes; | |
| @ElementCollection(fetch = FetchType.EAGER) | |
| private Set<String> webServerRedirectUri; | |
| @ElementCollection(fetch = FetchType.EAGER) | |
| private Set<GrantedAuthority> authorities; | |
| private int accessTokenValidity; | |
| private int refreshTokenValidity; | |
| @ElementCollection(fetch = FetchType.LAZY) | |
| private Map<String, String> additionalInformation; | |
| private boolean autoApprove; | |
| } |
This entity just implements the ClientDetails interface
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.services; | |
| import in.springframework.blog.tutorials.entities.TutorialClientDetails; | |
| import in.springframework.blog.tutorials.repositories.ClientRepository; | |
| import lombok.extern.log4j.Log4j2; | |
| import org.springframework.beans.factory.annotation.Autowired; | |
| import org.springframework.security.crypto.password.PasswordEncoder; | |
| import org.springframework.security.oauth2.provider.ClientDetails; | |
| import org.springframework.security.oauth2.provider.ClientDetailsService; | |
| import org.springframework.security.oauth2.provider.ClientRegistrationException; | |
| import org.springframework.stereotype.Service; | |
| import java.util.List; | |
| import java.util.Optional; | |
| @Service | |
| @Log4j2 | |
| public class TutorialClientDetailsService implements ClientDetailsService { | |
| @Autowired | |
| private ClientRepository clientRepository; | |
| @Autowired | |
| private PasswordEncoder passwordEncoder; | |
| @Override | |
| public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException { | |
| Optional<TutorialClientDetails> optionalClientDetails = clientRepository.findById(clientId); | |
| if (optionalClientDetails.isPresent()) { | |
| return optionalClientDetails.get(); | |
| } | |
| throw new ClientRegistrationException(String.format("%s client doesn't exist!", clientId)); | |
| } | |
| } |
This service needs to implement a method loadClientByClientId.
Now that all the foundation work is in place, we get down to making our service multitenant. The first things that we need to do is to remove all the old dataSources that we had defined. We will now define a routing data source that will choose the right data source based on the tenant that we are taking to. This is where our tenant discriminator thread local will be usedful. Take a look at the following class.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.configs; | |
| import in.springframework.blog.tutorials.utils.TutorialRequestContext; | |
| import org.springframework.jdbc.datasource.lookup.AbstractRoutingDataSource; | |
| public class TutorialMultitenantDataSource extends AbstractRoutingDataSource { | |
| @Override | |
| protected Object determineCurrentLookupKey() { | |
| if (TutorialRequestContext.currentTenantDiscriminator.get() != null) { | |
| return TutorialRequestContext.currentTenantDiscriminator.get(); | |
| } | |
| else { | |
| return "unknown"; | |
| } | |
| } | |
| } |
Here we implement a method determineCurrentLookupKey which uses thread local to identify the current tenant and returns the key.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package in.springframework.blog.tutorials.configs; | |
| import org.springframework.beans.factory.annotation.Autowired; | |
| import org.springframework.boot.autoconfigure.domain.EntityScan; | |
| import org.springframework.boot.autoconfigure.jdbc.DataSourceProperties; | |
| import org.springframework.boot.context.properties.ConfigurationProperties; | |
| import org.springframework.boot.jdbc.DataSourceBuilder; | |
| import org.springframework.context.ApplicationContext; | |
| import org.springframework.context.annotation.Bean; | |
| import org.springframework.context.annotation.Configuration; | |
| import org.springframework.context.annotation.Primary; | |
| import org.springframework.core.io.Resource; | |
| import org.springframework.data.jpa.repository.config.EnableJpaRepositories; | |
| import org.springframework.orm.hibernate5.LocalSessionFactoryBean; | |
| import org.springframework.orm.jpa.JpaTransactionManager; | |
| import org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean; | |
| import org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter; | |
| import org.springframework.transaction.PlatformTransactionManager; | |
| import org.springframework.transaction.annotation.EnableTransactionManagement; | |
| import javax.sql.DataSource; | |
| import java.io.File; | |
| import java.io.FileInputStream; | |
| import java.io.IOException; | |
| import java.util.HashMap; | |
| import java.util.Map; | |
| import java.util.Properties; | |
| @Configuration | |
| @EnableTransactionManagement | |
| @EnableJpaRepositories( | |
| entityManagerFactoryRef = "multiEntityManager", | |
| transactionManagerRef = "multiTransactionManager", | |
| basePackages = {"in.springframework.blog.tutorials.repositories"}) | |
| @EntityScan(basePackages = {"in.springframework.blog.tutorials.entities"}) | |
| public class TutorialMultitenantConfig { | |
| @Autowired | |
| private DataSourceProperties dataSourceProperties; | |
| @Autowired | |
| private ApplicationContext applicationContext; | |
| private final String TENANT_PROPERTIES_RESOURCE = "classpath:tenants/*.properties"; | |
| @Primary | |
| @Bean(name = "dataSource") | |
| @ConfigurationProperties( | |
| prefix = "spring.datasource" | |
| ) | |
| public DataSource dataSource() { | |
| Map<Object, Object> resolvedDataSources = new HashMap<>(); | |
| try { | |
| Resource[] resources = applicationContext.getResources(TENANT_PROPERTIES_RESOURCE); | |
| for (Resource resource : resources) { | |
| File propertyFile = resource.getFile(); | |
| Properties tenantProperties = new Properties(); | |
| DataSourceBuilder dataSourceBuilder = DataSourceBuilder.create(this.getClass().getClassLoader()); | |
| try { | |
| tenantProperties.load(new FileInputStream(propertyFile)); | |
| String tenantId = tenantProperties.getProperty("spring.datasource.name"); | |
| // Assumption: The tenant database uses the same driver class | |
| // as the default database that you configure. | |
| dataSourceBuilder.driverClassName(dataSourceProperties.getDriverClassName()) | |
| .url(tenantProperties.getProperty("spring.datasource.url")) | |
| .username(tenantProperties.getProperty("spring.datasource.username")) | |
| .password(tenantProperties.getProperty("spring.datasource.password")); | |
| if (dataSourceProperties.getType() != null) { | |
| dataSourceBuilder.type(dataSourceProperties.getType()); | |
| } | |
| resolvedDataSources.put(tenantId, dataSourceBuilder.build()); | |
| } catch (IOException e) { | |
| // Ooops, tenant could not be loaded. This is bad. | |
| // Stop the application! | |
| e.printStackTrace(); | |
| return null; | |
| } | |
| } | |
| // Create the final multi-tenant source. | |
| // It needs a default database to connect to. | |
| // Make sure that the default database is actually an empty tenant database. | |
| // Don't use that for a regular tenant if you want things to be safe! | |
| TutorialMultitenantDataSource dataSource = new TutorialMultitenantDataSource(); | |
| dataSource.setDefaultTargetDataSource(defaultDataSource()); | |
| dataSource.setTargetDataSources(resolvedDataSources); | |
| // Call this to finalize the initialization of the data source. | |
| dataSource.afterPropertiesSet(); | |
| return dataSource; | |
| } | |
| catch (IOException e) { | |
| } | |
| return defaultDataSource(); | |
| } | |
| /** | |
| * Creates the default data source for the application | |
| * @return | |
| */ | |
| private DataSource defaultDataSource() { | |
| DataSourceBuilder dataSourceBuilder = DataSourceBuilder.create(this.getClass().getClassLoader()) | |
| .driverClassName(dataSourceProperties.getDriverClassName()) | |
| .url(dataSourceProperties.getUrl()) | |
| .username(dataSourceProperties.getUsername()) | |
| .password(dataSourceProperties.getPassword()); | |
| if(dataSourceProperties.getType() != null) { | |
| dataSourceBuilder.type(dataSourceProperties.getType()); | |
| } | |
| return dataSourceBuilder.build(); | |
| } | |
| @Bean(name = "multiEntityManager") | |
| public LocalContainerEntityManagerFactoryBean multiEntityManager() { | |
| LocalContainerEntityManagerFactoryBean em = new LocalContainerEntityManagerFactoryBean(); | |
| em.setDataSource(dataSource()); | |
| em.setPackagesToScan("in.springframework.blog.tutorials.entities"); | |
| HibernateJpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter(); | |
| em.setJpaVendorAdapter(vendorAdapter); | |
| em.setJpaProperties(hibernateProperties()); | |
| return em; | |
| } | |
| @Bean(name = "multiTransactionManager") | |
| public PlatformTransactionManager multiTransactionManager() { | |
| JpaTransactionManager transactionManager | |
| = new JpaTransactionManager(); | |
| transactionManager.setEntityManagerFactory( | |
| multiEntityManager().getObject()); | |
| return transactionManager; | |
| } | |
| @Primary | |
| @Bean(name = "dbSessionFactory") | |
| public LocalSessionFactoryBean dbSessionFactory() { | |
| LocalSessionFactoryBean sessionFactoryBean = new LocalSessionFactoryBean(); | |
| sessionFactoryBean.setDataSource(dataSource()); | |
| sessionFactoryBean.setPackagesToScan("in.springframework.blog.tutorials.entities"); | |
| sessionFactoryBean.setHibernateProperties(hibernateProperties()); | |
| return sessionFactoryBean; | |
| } | |
| private Properties hibernateProperties() { | |
| Properties properties = new Properties(); | |
| properties.put("hibernate.show_sql", true); | |
| properties.put("hibernate.format_sql", true); | |
| return properties; | |
| } | |
| } |
The bulk of smartness lies in the class TutorialMultitenantConfig, specifically the dataSource bean that returns the default dataSource for the system. What we are assuming that within our resource directory, we will have a tenants subdirectory and within that we will have one properties file per tenant. The property file will look like below.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| spring.datasource.name=tenant1 | |
| spring.datasource.url=jdbc:mysql://localhost:3306/tenant1?useSSL=false&allowPublicKeyRetrieval=true | |
| spring.datasource.username=tenant1 | |
| spring.datasource.password=tenant1123 | |
| spring.datasource.driver-class-name=com.mysql.jdbc.Driver | |
| spring.jpa.properties.hibernate.dialect = org.hibernate.dialect.MySQL5Dialect |
Here we have added usual spring data source properties alongwith a name property which will be the name of the tenant. This name will be matched with the name in the URL and the header.
In the class TutorialMultitenantConfig, look at the definition of variable TENANT_PROPERTIES_RESOURCE, this basically looks up for all the *.properties file in the tenant directory. Lines 61 through 74, create a data source object for each of the tenants and store these in a map with key being the tenant name. We remember determineCurrentLookupKey method which returned the name of current tenant, that return value is used to fetch appropriate data source object for the request being processed. Line 88 defines a default data source that is used if there is no data source present for the given tenant.
Now our multi tenanted service is ready and it is time to test. The first thing that we need to do is create couple of more databases with exact same schema as the first database. Please keep in mind that this has to be done manually even if you have defined ddl-auto property. Just take a mysqldump of the first database and import in two other databases.
We also need to make sure that the system atleast has one tenant defined in each of the databases. This is required in order to make sure we are able to use the rest calls. The best approach is to have a default tenant and then take a dump so that default tenant is also copied in each of the databases. We have created an admin user which has ADMIN role. We call the user endpoint that will return the list of all the users.
$ curl --request GET \
> --url http://localhost:8081/tenant1/user \
> --header 'authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTI5Mzc1MzksInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiVVNFUiIsIkFETUlOIl0sImp0aSI6IjRmOTdiNThkLTI1NTEtNDA4Yi04ZWM4LWUzZGZmZWQ3MTQ2NiIsImNsaWVudF9pZCI6InN1cGVyc2VjcmV0Y2xpZW50Iiwic2NvcGUiOlsicmVhZCIsImNvZGUiLCJ3cml0ZSJdfQ.fWt_H-ORHP44xOIljoqMfVIeGkqJGQqUBMj8paVxAPM' \
> --header 'cache-control: no-cache' \
> --header 'content-type: application/json' \
> --header 'postman-token: 76b3525e-bc3b-e629-91b6-a75253f657d8' \
> --header 'x-tenant: tenant1' |python -m json.tool
[
{
"createdAt": 1592936869000,
"createdBy": "UnAuthenticated",
"email": "admin@springframework.in",
"fullname": "Spring Tutorial Admin",
"grantedAuthorities": [
"ADMIN",
"USER"
],
"id": 6,
"mask": 1,
"tenantId": 1,
"updatedAt": 1592936869000,
"updatedBy": "UnAuthenticated",
"username": "admin"
},
{
"createdAt": 1592904896000,
"createdBy": "UnAuthenticated",
"email": "defaultuser@defaultadmin.com",
"fullname": "Default User",
"grantedAuthorities": [],
"id": 2,
"mask": 0,
"tenantId": 1,
"updatedAt": 1592904896000,
"updatedBy": "UnAuthenticated",
"username": "defaultuser"
},
{
"createdAt": 1592904900000,
"createdBy": "UnAuthenticated",
"email": "vinay@avasthi.com",
"fullname": "Vinay Avasthi",
"grantedAuthorities": [],
"id": 3,
"mask": 1,
"tenantId": 1,
"updatedAt": 1592904900000,
"updatedBy": "UnAuthenticated",
"username": "vavasthi"
}
]
Now we run the same query in tenant2
$ curl --request GET --url http://localhost:8081/tenant2/user --header 'authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1OTI5MzgzMDcsInVzZXJfbmFtZSI6ImFkbWluIiwiYXV0aG9yaXRpZXMiOlsiVVNFUiIsIkFETUlOIl0sImp0aSI6IjJmOWVkOTYxLTk5MjktNDI3Zi1iZGU4LTc5NGIwYWNhMGYzNiIsImNsaWVudF9pZCI6InN1cGVyc2VjcmV0Y2xpZW50Iiwic2NvcGUiOlsicmVhZCIsImNvZGUiLCJ3cml0ZSJdfQ.KNzjB_JqJDaVI5vZNK-OcXDgvM5Uwt4I8tsVCazerpU' --header 'cache-control: no-cache' --header 'content-type: application/json' --header 'postman-token: b1a9651c-e4c0-7b2e-c7b3-e0b3e06fa40e' --header 'x-tenant: tenant2' |python -m json.tool
[
{
"createdAt": 1592904896000,
"createdBy": "UnAuthenticated",
"email": "defaultuser@defaultadmin.com",
"fullname": "Default User",
"grantedAuthorities": [],
"id": 2,
"mask": 0,
"tenantId": 1,
"updatedAt": 1592904896000,
"updatedBy": "UnAuthenticated",
"username": "defaultuser"
},
{
"createdAt": 1592904900000,
"createdBy": "UnAuthenticated",
"email": "vinay@avasthi.com",
"fullname": "Vinay Avasthi",
"grantedAuthorities": [],
"id": 3,
"mask": 1,
"tenantId": 1,
"updatedAt": 1592904900000,
"updatedBy": "UnAuthenticated",
"username": "vavasthi"
},
{
"createdAt": 1592938002000,
"createdBy": "UnAuthenticated",
"email": "ut2@springframework.in",
"fullname": "User in T2",
"grantedAuthorities": [],
"id": 6,
"mask": 1,
"tenantId": 1,
"updatedAt": 1592938002000,
"updatedBy": "UnAuthenticated",
"username": "userint2"
},
{
"createdAt": 1592937749000,
"createdBy": "UnAuthenticated",
"email": "admin@springframework.in",
"fullname": "Springframework Tenant2 Administrator",
"grantedAuthorities": [
"ADMIN",
"USER"
],
"id": 5,
"mask": 1,
"tenantId": 1,
"updatedAt": 1592937749000,
"updatedBy": "UnAuthenticated",
"username": "admin"
}
]
As we can see, we are seeing two totally different sets of users which are stored in two totally different sets of databases.
Complete code for this blog post is available in my github repository here.
No comments:
Post a Comment