I want to create SaaS web-application using Spring and Hibernate.
I suppose that we will get many customers(companies) and each company has her own database. All companies have db with same schema. Also we have one administrative db which stores special info, like users, passwords, logins etc. I think that for realization this project i should use hibernate multi-tenancy. But I can't find appropriate examples for my task. This the list of things i want to understand:
Where we can store connections properties(url, port, db name, db user, db password). Should it be property file or administrative db?
I suppose that we can create all beans(dataSource, etc.) for db connection runtime after company's account creation or before first user of company will sign in. Where we can store all created datasources? How we can check if datasource already exist?
Related
So I'm working on a project with a multi-tenant database (MySQL, Java JDBC). Each tenant can be considered a "group", and each "group" has multiple "users". My main confusion is how best to secure this, so members of a group can only access data from that group, even though they're all logging in with separate credentials.
If I was just having a group-based login, it'd be simple: one schema per group, one database user with access to each schema. This could make it so that access would be completely restricted, since without that group's password no one can access that schema.
It's with the users, what I'll be calling the "application users", that things get complicated. Each application user would be associated with a group, and when that application user logs in, they would need access to the group they are associated with. In essence, they log in as an application user, and are granted the credentials for a database user.
Right now, the idea just seems to unwieldy and insecure. If there is a way for the JDBC application layer to grant access to any database level user account, then that security becomes pointless, since it would become easy to bypass.
I guess I'm looking for guidance about how to best secure this kind of environment. Thank you.
Heres a better idea than allotting different database users for different tenants, just use a table to store all Data of Group. One Table for all application users and a third relational table to link group or tenant IDs with their respective group members' userIDs.
Whenever a Group resource or data is requested by any application user, check in the relational table if the user has authority to access the group data or not. Good Luck
Currently i'm developing an application which authenticates the users against an external LDAP system. The applications specific data is saved in a relational database though.
My question is if there is a design pattern or something like a best practice to maintain referential integrity in my database concerning the user entries?
One of my ideas was to grab an unique identifier of the user from the LDAP system (once the first login of this user occurs) and store this together with a generated primary key in a table in my database. If I do it like this I would be able to reference the primary key in my other tables. Is this a good approach? Are there any better alternatives?
I'm using an Active Directory, a java backend and a postgres database.
What you described is essentially the approach I've taken for applications that store user login info (or really any LDAP related info) in a separate database.
Basically when they login decode their objectGuid attribute value to get their UUID and use that UUID string to do the rest of their lookups in the database. This helps a lot on user account renames, as you can just lookup the UUID and if it matches then re-sync the user's data (if any else is saved in the DB).
I have seen many solutions which all make you first configure statically via XML the different datasources and then use AbstractRoutingDataSource to return back a key which you consume while defining the datasource.
As here: dynamic datasource routing
But my case is different. I dont know how many databases there could be in my web application. I am building an app where each user uploads a small h2 db dump from a desktop app. The web app will download the h2 db dump and then connect to it.
So to make things simple to understand. Each user will have his/her own database file that I need to connect to once the user logs in. Since the number of users are not fixed, I dont know how many databases I will need to connect to, hence I cannot statically configure them in an XML file.
How to go about doing this in Spring? Also, not sure if it helps, these h2 dbs are read only. I am not going to write to them.
This is my configuration.
Maven, Spring MVC, JOOQ, H2 DBs
If you like to change the database changes dynamically, you have to write the UI for database source information and set to the spring config files in version-4.0.
I am currently working on a (website-)project in which I intent to keep each user's data separate from another. The main database (containing information about the user (user, password etc)) is a MySQL database.
Per-user there is a lot of data that needs to be stored and is important not to mix up with another user his/her data. Now I was thinking of using a sqlite db per user but I found out Hibernate (the db framework of my choice) does support sqlite by default.
I found http://code.google.com/p/hibernate-sqlite/ as an option. But I was wondering if there are any other database types with which it is easy to create one per-user, and preferably compatible with hibernate? If so, which ones?
check out Multi-tenancy in hibernate
I've a question about how to manage database for clients for a Cloud App. I want to create a Cloud ERP on Spring and Hibernate but I'm not sure how to manage the database. Someone says me that should create a clone schema for every client to manage properly and secure the data, but I'm not sure that should be that 'cause that mean have a powerful database server. In the other hand exist the posibility to have a single schema to all users but that could be a lots of problem in management.
Please give me some advices.
If the data you are dealing with are totally different from customer to customer, then it is better to use cloned schemas for every customer.