Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Multitenant Mystery: Every Bean Has a Secret

Thomas Vitale
February 06, 2024

Multitenant Mystery: Every Bean Has a Secret

Multitenancy is one of the pillars of modern SaaS solutions. Cloud native technologies provide scalability, resilience, and cost efficiency. But we also need to ensure the proper level of isolation, security, and data control among tenants. This talk will show how to do that in Java and Spring.

Every bean has a secret. To uncover the truth, we must dive into the mysterious world of multitenancy in Spring Boot. The plot thickens as a precious guitar goes missing from a residential building housing only rockers. Something doesn’t quite add up.

Join us on a thrilling journey as we explore the intricacies of multitenant applications. Together, we’ll embark on a detective mission to uncover what really happened to the stolen guitar. As we investigate, we’ll reveal the secrets of storing data safely and securely, configuring authentication and authorization, and enabling observability - all using Java, Hibernate, Keycloak, Micrometer, and Spring.

Put on your detective hat and join us in solving this mystery. We need your expertise to interrogate tenants, analyze facility staff routines, and review surveillance footage. With your help, we will solve the case and bring music back to the building. Get ready to unravel the plot and learn how to implement multitenancy in modern Java applications.

Will you join us on this thrilling adventure?

Thomas Vitale

February 06, 2024

More Decks by Thomas Vitale

Other Decks in Technology


  1. Systematic • Software Engineer, CNCF Ambassador, Oracle ACE Pro. •

    Author of “Cloud Native Spring in Action” (Manning). • OSS contributor (Java, Spring, Cloud Native Technologies) Thomas Vitale thomasvitale.com @vitalethomas
  2. Multitenancy “…an architecture in which a single running instance of

    an application simultaneously serves multiple clients (tenants). This is highly common in SaaS solutions.” (Hibernate User Guide) @vitalethomas
  3. Tenant Identifying the tenant Tenant Resolution Resolve tenant from HTTP

    request, AMQP message, JWT… 1 Tenant Content Store the tenant and make it available to the current process 2 Tenant Interceptor Intercept incoming request, resolve tenant, and store in context. 3 @vitalethomas
  4. Data Isolation Multitenant data management Partitioned Data ‣Tenant as a

    discriminator (column) ‣Add discriminator to each SQL statement Separate Schema ‣Schema per tenant ‣No altered SQL ‣Add tenant to connection Separate Database ‣Database per tenant ‣No altered SQL ‣Separate connection pools @vitalethomas
  5. Testcontainers Testing with external dependencies OCI containers Run external dependencies

    as OCI containers, also at development time Data Layer Tests Ensure environment parity by testing the data layer with the real database Integration Tests Use containers for databases, message queues, and web servers @vitalethomas
  6. Schema and data management Flyway: Version control for your database

    SQL Migrations Schema changes Java Migrations Data changes V1 Init schema V2 Add column V3 Create table V4 Add constraint time @vitalethomas
  7. Spring Observability Production-grade features Spring Boot Actuator ‣Health (liveness and

    readiness) ‣Metrics (Prometheus, OpenMetrics) ‣Flyway, Thread Dumps, Heap Dumps Micrometer ‣Uni fi ed Observation API ‣Instrumentation for metrics and traces ‣OpenZipkin, OpenTelemetry @vitalethomas
  8. Multitenant Observability Observation contexts for tenants Logs Include tenant information

    in each log message Metrics Monitor overall application as we add more tenants Traces Identify traces belonging to each tenant @vitalethomas
  9. Multitenant Security Authenticating and authorizing tenants Authentication Each tenant authenticates

    via a separate Identity Provider Authorization The JWT signature is veri fi ed with a separate issuer for each tenant Dynamic Tenants Adding new tenants doesn’t require changing the application @vitalethomas
  10. Spring Security - OAuth2 Client Dynamic tenant management spring: security:

    oauth2: client: registration: keycloak: client-id: edge-service client-secret: polar-keycloak-secret scope: openid provider: keycloak: issuer-uri: http://localhost:8080/realms/PolarBookshop @vitalethomas @Bean ClientRegistrationRepository
  11. Multitenant Authorization @vitalethomas JWT (Dukes) JWT (Beans) SERVICE Dukes IdP

    JWT veri fi cation per tenant Beans IdP Verify signature
  12. Spring Security - OAuth2 Resource Server Dynamic tenant management spring:

    security: oauth2: resourceserver: jwt: issuer-uri: http://localhost:8080/realms/PolarBookshop @vitalethomas @Bean AuthenticationManagerResolver
  13. Resources • Presentation source code • How to integrate Hibernates

    Multitenant feature with Spring Data JPA in a Spring Boot application • Multitenancy in Hibernate • Multitenancy OAuth2 with Spring Security • Context Propagation with Project Reactor 3 • Creating a custom Spring Cloud Gateway Filter • Multitenancy with Spring Data JDBC @vitalethomas