You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@syncope.apache.org by Francesco Chicchiriccò <il...@apache.org> on 2015/08/07 12:43:32 UTC
Re: Multi-tenancy: implementation in progress
A quick update on this topic.
After not getting any single response from OpenJPA community [2], and
having considered that a slice-based implementation would have bound
Syncope to non-standard OpenJPA features, I have preferred to rollback
and change design.
Instead of mapping domains to OpenJPA slices, now domains are mapped to
EntityManagerFactory instances, since each domain is considered a
separated JPA persistence unit.
Physical separation of tables for different domains and support for
heterogeneous domains (domain A on MySQL, domain B on Oracle, ...) are
still available.
This new approach required some hook at Spring level [4] which
dynamically "injects" the domain into @Transactional annotations,
depending on the requesting user.
The feature branch [3] now has all tests passing, even though some
refinements are still in progress.
I'll keep you posted.
Regards.
On 17/07/2015 14:46, Francesco Chicchiriccò wrote:
> Hi all,
> as you might have seen, I am working on SYNCOPE-652 for implementing
> multi-tenancy [1].
>
> The idea is to set the "domain" property in Spring Security's
> SecurityContext - so that such information it is available throughout
> the whole system, after authentication - based on the value for the
> new "X-Syncope-Domain" HTTP header (when missing, "Master" is assumed).
> Such header is also included in all HTTP responses.
>
> The domain name is then used as OpenJPA slice identifier in order to
> read and write data from / to a specific slice: this allows physical
> separation for different domains' data.
>
> The implementation work is going quite straightforward, but I've spent
> the last three days struggling with slices - see this thread on
> OpenJPA's users@ [2].
>
> At the moment, in a separate feature branch [3] I have all unit tests
> succeeding, but still few problems with integration tests.
>
> I'll keep you posted.
> Regards.
>
> [1]
> https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Domains
> [2] http://markmail.org/message/g44f4zlpou34uvke
> [3]
> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=shortlog;h=refs/heads/SYNCOPE-652
[4]
https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/spring/DomainTransactionInterceptor.java;hb=9e6f87e5da41ebd5466bf522099d3745b35703a4
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: Multi-tenancy: implementation in progress
Posted by Fabio Martelli <fa...@gmail.com>.
Il 13/08/2015 17:29, Francesco Chicchiriccò ha scritto:
> Hi all,
> I am happy to announce that the implementation of this topic was
> successfully completed.
>
> Integration test environment now features two domains ("Master", e.g.
> the domain we've been having so far, and "Two"); specific tests for
> the second domain were also added.
>
> Please take a look and play around.
> Regards.
Great work!
I hope to check soon this new feature together with any objects and
realms by working to handle them on the new administration console.
Regards,
F.
>
> On 10/08/2015 11:12, Francesco Chicchiriccò wrote:
>> On 07/08/2015 12:43, Francesco Chicchiriccò wrote:
>>> A quick update on this topic.
>>>
>>> After not getting any single response from OpenJPA community [2],
>>
>> This is not correct: Mark Struberg - which is now OpenJPA PMC member,
>> via IRC on #openjpa, was the one that headed me away of slices and
>> suggested to empower JPA persistence units (e.g. EntityManagerFactory
>> instances).
>>
>>> and having considered that a slice-based implementation would have
>>> bound Syncope to non-standard OpenJPA features, I have preferred to
>>> rollback and change design.
>>>
>>> Instead of mapping domains to OpenJPA slices, now domains are mapped
>>> to EntityManagerFactory instances, since each domain is considered a
>>> separated JPA persistence unit.
>>> Physical separation of tables for different domains and support for
>>> heterogeneous domains (domain A on MySQL, domain B on Oracle, ...)
>>> are still available.
>>>
>>> This new approach required some hook at Spring level [4] which
>>> dynamically "injects" the domain into @Transactional annotations,
>>> depending on the requesting user.
>>>
>>> The feature branch [3] now has all tests passing, even though some
>>> refinements are still in progress.
>>>
>>> I'll keep you posted.
>>> Regards.
>>>
>>> On 17/07/2015 14:46, Francesco Chicchiriccò wrote:
>>>> Hi all,
>>>> as you might have seen, I am working on SYNCOPE-652 for
>>>> implementing multi-tenancy [1].
>>>>
>>>> The idea is to set the "domain" property in Spring Security's
>>>> SecurityContext - so that such information it is available
>>>> throughout the whole system, after authentication - based on the
>>>> value for the new "X-Syncope-Domain" HTTP header (when missing,
>>>> "Master" is assumed).
>>>> Such header is also included in all HTTP responses.
>>>>
>>>> The domain name is then used as OpenJPA slice identifier in order
>>>> to read and write data from / to a specific slice: this allows
>>>> physical separation for different domains' data.
>>>>
>>>> The implementation work is going quite straightforward, but I've
>>>> spent the last three days struggling with slices - see this thread
>>>> on OpenJPA's users@ [2].
>>>>
>>>> At the moment, in a separate feature branch [3] I have all unit
>>>> tests succeeding, but still few problems with integration tests.
>>>>
>>>> I'll keep you posted.
>>>> Regards.
>>>>
>>>> [1]
>>>> https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Domains
>>>> [2] http://markmail.org/message/g44f4zlpou34uvke
>>>> [3]
>>>> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=shortlog;h=refs/heads/SYNCOPE-652
>>> [4]
>>> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/spring/DomainTransactionInterceptor.java;hb=9e6f87e5da41ebd5466bf522099d3745b35703a4
>
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
Re: Multi-tenancy: implementation in progress
Posted by Francesco Chicchiriccò <il...@apache.org>.
Hi all,
I am happy to announce that the implementation of this topic was
successfully completed.
Integration test environment now features two domains ("Master", e.g.
the domain we've been having so far, and "Two"); specific tests for the
second domain were also added.
Please take a look and play around.
Regards.
On 10/08/2015 11:12, Francesco Chicchiriccò wrote:
> On 07/08/2015 12:43, Francesco Chicchiriccò wrote:
>> A quick update on this topic.
>>
>> After not getting any single response from OpenJPA community [2],
>
> This is not correct: Mark Struberg - which is now OpenJPA PMC member,
> via IRC on #openjpa, was the one that headed me away of slices and
> suggested to empower JPA persistence units (e.g. EntityManagerFactory
> instances).
>
>> and having considered that a slice-based implementation would have
>> bound Syncope to non-standard OpenJPA features, I have preferred to
>> rollback and change design.
>>
>> Instead of mapping domains to OpenJPA slices, now domains are mapped
>> to EntityManagerFactory instances, since each domain is considered a
>> separated JPA persistence unit.
>> Physical separation of tables for different domains and support for
>> heterogeneous domains (domain A on MySQL, domain B on Oracle, ...)
>> are still available.
>>
>> This new approach required some hook at Spring level [4] which
>> dynamically "injects" the domain into @Transactional annotations,
>> depending on the requesting user.
>>
>> The feature branch [3] now has all tests passing, even though some
>> refinements are still in progress.
>>
>> I'll keep you posted.
>> Regards.
>>
>> On 17/07/2015 14:46, Francesco Chicchiriccò wrote:
>>> Hi all,
>>> as you might have seen, I am working on SYNCOPE-652 for implementing
>>> multi-tenancy [1].
>>>
>>> The idea is to set the "domain" property in Spring Security's
>>> SecurityContext - so that such information it is available
>>> throughout the whole system, after authentication - based on the
>>> value for the new "X-Syncope-Domain" HTTP header (when missing,
>>> "Master" is assumed).
>>> Such header is also included in all HTTP responses.
>>>
>>> The domain name is then used as OpenJPA slice identifier in order to
>>> read and write data from / to a specific slice: this allows physical
>>> separation for different domains' data.
>>>
>>> The implementation work is going quite straightforward, but I've
>>> spent the last three days struggling with slices - see this thread
>>> on OpenJPA's users@ [2].
>>>
>>> At the moment, in a separate feature branch [3] I have all unit
>>> tests succeeding, but still few problems with integration tests.
>>>
>>> I'll keep you posted.
>>> Regards.
>>>
>>> [1]
>>> https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Domains
>>> [2] http://markmail.org/message/g44f4zlpou34uvke
>>> [3]
>>> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=shortlog;h=refs/heads/SYNCOPE-652
>> [4]
>> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/spring/DomainTransactionInterceptor.java;hb=9e6f87e5da41ebd5466bf522099d3745b35703a4
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/
Re: Multi-tenancy: implementation in progress
Posted by Francesco Chicchiriccò <il...@apache.org>.
On 07/08/2015 12:43, Francesco Chicchiriccò wrote:
> A quick update on this topic.
>
> After not getting any single response from OpenJPA community [2],
This is not correct: Mark Struberg - which is now OpenJPA PMC member,
via IRC on #openjpa, was the one that headed me away of slices and
suggested to empower JPA persistence units (e.g. EntityManagerFactory
instances).
> and having considered that a slice-based implementation would have
> bound Syncope to non-standard OpenJPA features, I have preferred to
> rollback and change design.
>
> Instead of mapping domains to OpenJPA slices, now domains are mapped
> to EntityManagerFactory instances, since each domain is considered a
> separated JPA persistence unit.
> Physical separation of tables for different domains and support for
> heterogeneous domains (domain A on MySQL, domain B on Oracle, ...) are
> still available.
>
> This new approach required some hook at Spring level [4] which
> dynamically "injects" the domain into @Transactional annotations,
> depending on the requesting user.
>
> The feature branch [3] now has all tests passing, even though some
> refinements are still in progress.
>
> I'll keep you posted.
> Regards.
>
> On 17/07/2015 14:46, Francesco Chicchiriccò wrote:
>> Hi all,
>> as you might have seen, I am working on SYNCOPE-652 for implementing
>> multi-tenancy [1].
>>
>> The idea is to set the "domain" property in Spring Security's
>> SecurityContext - so that such information it is available throughout
>> the whole system, after authentication - based on the value for the
>> new "X-Syncope-Domain" HTTP header (when missing, "Master" is assumed).
>> Such header is also included in all HTTP responses.
>>
>> The domain name is then used as OpenJPA slice identifier in order to
>> read and write data from / to a specific slice: this allows physical
>> separation for different domains' data.
>>
>> The implementation work is going quite straightforward, but I've
>> spent the last three days struggling with slices - see this thread on
>> OpenJPA's users@ [2].
>>
>> At the moment, in a separate feature branch [3] I have all unit tests
>> succeeding, but still few problems with integration tests.
>>
>> I'll keep you posted.
>> Regards.
>>
>> [1]
>> https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Domains
>> [2] http://markmail.org/message/g44f4zlpou34uvke
>> [3]
>> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=shortlog;h=refs/heads/SYNCOPE-652
> [4]
> https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/spring/DomainTransactionInterceptor.java;hb=9e6f87e5da41ebd5466bf522099d3745b35703a4
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Involved at The Apache Software Foundation:
member, Syncope PMC chair, Cocoon PMC, Olingo PMC
http://people.apache.org/~ilgrosso/