Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Multitenant Mystery - Only Rockers in the Building

Thomas Vitale
May 19, 2023
Technology
1
870

Multitenant Mystery - Only Rockers in the Building

Multitenancy is one of the pillars of modern SaaS solutions. Cloud native technologies provide scalability, resilience and cost efficiency. But we also need to ensure the proper level of isolation, security and data control among tenants. This talk will show how to do that in Java and Spring.

Every bean has a secret. To uncover the truth, we must dive into the mysterious world of multitenancy in Spring Boot. The plot thickens as a precious guitar goes missing from a residential building housing only rockers. But something doesn’t quite add up - why is there a deafening silence?

Join us on a thrilling journey as we explore the intricacies of multitenant applications. Together, we’ll embark on a detective mission to uncover what really happened to the stolen guitar. As we investigate, we’ll reveal the secrets of storing data safely and securely, configuring authentication and authorization, and enabling observability - all using Java, Hibernate, Keycloak, and Spring.

Put on your detective hat and join us in solving this mystery. We need your expertise to interrogate tenants, analyze facility staff routines, and review surveillance footage. With your help, we will solve the case and bring music back to the building. Get ready to unravel the plot and learn how to implement multitenancy in modern Java applications.

Will you join us on this thrilling adventure?

Thomas Vitale

May 19, 2023
Tweet

More Decks by Thomas Vitale

See All by Thomas Vitale
Cloud Native Java with Spring Boot (CNCF Aarhus, April 2024)
thomasvitale
1
120
Supercharge your Kubernetes Platform with Carvel
thomasvitale
0
12
Multitenant Mystery: Every Bean Has a Secret
thomasvitale
1
180
Securing the Supply Chain for Your Java Applications
thomasvitale
0
200
Supercharge Your Kubernetes Platform With Carvel (KCD Munich 2023)
thomasvitale
0
86
Serverless Java with Spring Boot (DevBcn 2023)
thomasvitale
1
240
Next-Generation Cloud Native Apps with Spring Boot 3
thomasvitale
0
210
Developer Experience with Spring Boot on Kubernetes
thomasvitale
0
430
Developer Experience with Java on Kubernetes
thomasvitale
0
73

Other Decks in Technology

See All in Technology
PHPカンファレンス小田原2024
ysknsid25
3
660
インシデントレスポンスのライフサイクルを廻すポイントってなに / Pinpoints of Incidentresponse Lifecycle for Operation
sakaitakeshi
1
300
人間の尊厳、幸福、アクセシビリティ / 第116回「WEB TOUCH MEETING」アクセシビリティSP
nulabinc
PRO
2
180
「ふりかえりのふりかえり」をふりかえり、実のあるふりかえりにする
naitosatoshi
0
220
アプリがつくるNOT A HOTELブランド
hokuts
1
450
反実仮想機械学習とは何か
usaito
PRO
7
2.2k
Vertex AI を中心に 生成AIのアップデートを共有します
kaz1437
0
140
NgRx Signal Store
rainerhahnekamp
0
120
[2024年3月版] Databricksのシステムアーキテクチャ
databricksjapan
8
1.9k
Databricks:『生成AI World Cup』のご案内
databricksjapan
2
150
テストプロセスで大事にしていること #jasstnano
makky_tyuyan
0
130
長期運用プロジェクトでのMySQLからTiDB移行の検証
colopl
2
670

Featured

See All Featured
The Art of Programming - Codeland 2020
erikaheidi
41
12k
Visualization
eitanlees
135
14k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
The Cult of Friendly URLs
andyhume
74
5.7k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
18
1.7k
Web development in the modern age
philhawksworth
202
10k
BBQ
matthewcrist
80
8.7k
Adopting Sorbet at Scale
ufuk
67
8.6k
How To Stay Up To Date on Web Technology
chriscoyier
782
250k
Put a Button on it: Removing Barriers to Going Fast.
kastner
58
3k
Being A Developer After 40
akosma
56
580k
The Language of Interfaces
destraynor
151
23k

Transcript

  1. Thomas Vitale Spring I/O May 19th, 2023 Multitenant Mystery Only

    Rockers in the Building @vitalethomas

  2. Systematic • Software Engineer and Cloud Architect. • Author of

    “Cloud Native Spring in Action” (Manning). • OSS contributor (Java, Spring, Cloud Native Technologies) Thomas Vitale thomasvitale.com @vitalethomas

  3. Multitenancy @vitalethomas

  4. Multitenancy “…an architecture in which a single running instance of

    an application simultaneously serves multiple clients (tenants). This is highly common in SaaS solutions.” (Hibernate User Guide) @vitalethomas

  5. Why @vitalethomas

  6. None

  7. 1. Tenant @vitalethomas

  8. Tenant Identifying the tenant Tenant Resolver Resolve tenant from HTTP

    request, AMQP message, JWT… 1 Tenant Content Store the tenant and make it available to the current process 2 Tenant Interceptor Intercept incoming request, resolve tenant, and store in context. 3 @vitalethomas

  9. 2. Data Isolation @vitalethomas

  10. Data Isolation Multitenant data management Partitioned Data ‣Tenant as a

    discriminator (column) ‣Add discriminator to each SQL statement Separate Schema ‣Schema per tenant ‣No altered SQL ‣Add tenant to connection Separate Database ‣Database per tenant ‣No altered SQL ‣Separate connection pools @vitalethomas

  11. Testcontainers Testing with external dependencies OCI containers Run external dependencies

    as OCI containers, also at development time Data Layer Tests Ensure environment parity by testing the data layer with the real database Integration Tests Use containers for databases, message queues, and web servers @vitalethomas

  12. Schema and data management Flyway: Version control for your database

    SQL Migrations Schema changes Java Migrations Data changes V1 Init schema V2 Add column V3 Create table V4 Add constraint time @vitalethomas

  13. 3. Observability @vitalethomas

  14. Multitenant Observability Observation contexts for tenants Logs Include tenant information

    in each log message Metrics Monitor overall application as we add more tenants Traces Identify traces belonging to each tenant @vitalethomas

  15. Spring Observability Production-grade features Spring Boot Actuator ‣Health (liveness and

    readiness) ‣Metrics (Prometheus, OpenMetrics) ‣Flyway, Thread Dumps, Heap Dumps Micrometer ‣Uni fi ed Observation API ‣Instrumentation for metrics and traces ‣OpenZipkin, OpenTelemetry @vitalethomas

  16. 4. Gateway @vitalethomas

  17. Multitenant Gateway @vitalethomas https://dukes.rock https://beans.rock GATEWAY SERVICE X-TenantId=dukes X-TenantId=beans Tenant

    propagation

  18. Spring Cloud Gateway @vitalethomas

  19. 5. Security @vitalethomas

  20. Multitenant Security Authenticating and authorizing tenants Authentication Each tenant authenticates

    via a separate Identity Provider Authorization The JWT signature is veri fi ed with a separate issuer for each tenant Dynamic Tenants Adding new tenants doesn’t require changing the application @vitalethomas

  21. Multitenant Authentication @vitalethomas https://dukes.rock https://beans.rock GATEWAY Dukes IdP Separate identity

    providers Beans IdP Delegate AuthN

  22. Spring Security - OAuth2 Client Dynamic tenant management spring: security:

    oauth2: client: registration: keycloak: client-id: edge-service client-secret: polar-keycloak-secret scope: openid provider: keycloak: issuer-uri: http://localhost:8080/realms/PolarBookshop @vitalethomas @Bean ReactiveClientRegistrationRepository

  23. Multitenant Authorization @vitalethomas JWT (Dukes) JWT (Beans) SERVICE Dukes IdP

    JWT veri fi cation per tenant Beans IdP Verify signature

  24. Spring Security - OAuth2 Resource Server Dynamic tenant management spring:

    security: oauth2: resourceserver: jwt: issuer-uri: http://localhost:8080/realms/PolarBookshop @vitalethomas @Bean AuthenticationManagerResolver

  25. What about the guitar? @vitalethomas

  26. Data Isolation @vitalethomas

  27. Next Steps @vitalethomas

  28. Resources • Presentation source code • How to integrate Hibernates

    Multitenant feature with Spring Data JPA in a Spring Boot application • Multitenancy in Hibernate • Multitenancy OAuth2 with Spring Security • Context Propagation with Project Reactor 3 • Creating a custom Spring Cloud Gateway Filter • Multitenancy with Spring Data JDBC @vitalethomas

  29. Thomas Vitale Spring I/O May 19th, 2023 Multitenant Mystery Only

    Rockers in the Building @vitalethomas