Il 13/08/2015 17:29, Francesco Chicchiriccò ha scritto:
Hi all,
I am happy to announce that the implementation of this topic was
successfully completed.
Integration test environment now features two domains ("Master", e.g.
the domain we've been having so far, and "Two"); specific tests for
the second domain were also added.
Please take a look and play around.
Regards.
Great work!
I hope to check soon this new feature together with any objects and
realms by working to handle them on the new administration console.
Regards,
F.
On 10/08/2015 11:12, Francesco Chicchiriccò wrote:
On 07/08/2015 12:43, Francesco Chicchiriccò wrote:
A quick update on this topic.
After not getting any single response from OpenJPA community [2],
This is not correct: Mark Struberg - which is now OpenJPA PMC member,
via IRC on #openjpa, was the one that headed me away of slices and
suggested to empower JPA persistence units (e.g. EntityManagerFactory
instances).
and having considered that a slice-based implementation would have
bound Syncope to non-standard OpenJPA features, I have preferred to
rollback and change design.
Instead of mapping domains to OpenJPA slices, now domains are mapped
to EntityManagerFactory instances, since each domain is considered a
separated JPA persistence unit.
Physical separation of tables for different domains and support for
heterogeneous domains (domain A on MySQL, domain B on Oracle, ...)
are still available.
This new approach required some hook at Spring level [4] which
dynamically "injects" the domain into @Transactional annotations,
depending on the requesting user.
The feature branch [3] now has all tests passing, even though some
refinements are still in progress.
I'll keep you posted.
Regards.
On 17/07/2015 14:46, Francesco Chicchiriccò wrote:
Hi all,
as you might have seen, I am working on SYNCOPE-652 for
implementing multi-tenancy [1].
The idea is to set the "domain" property in Spring Security's
SecurityContext - so that such information it is available
throughout the whole system, after authentication - based on the
value for the new "X-Syncope-Domain" HTTP header (when missing,
"Master" is assumed).
Such header is also included in all HTTP responses.
The domain name is then used as OpenJPA slice identifier in order
to read and write data from / to a specific slice: this allows
physical separation for different domains' data.
The implementation work is going quite straightforward, but I've
spent the last three days struggling with slices - see this thread
on OpenJPA's users@ [2].
At the moment, in a separate feature branch [3] I have all unit
tests succeeding, but still few problems with integration tests.
I'll keep you posted.
Regards.
[1]
https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCUSS%5D+Domains
[2] http://markmail.org/message/g44f4zlpou34uvke
[3]
https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=shortlog;h=refs/heads/SYNCOPE-652
[4]
https://git-wip-us.apache.org/repos/asf?p=syncope.git;a=blob;f=core/persistence-jpa/src/main/java/org/apache/syncope/core/persistence/jpa/spring/DomainTransactionInterceptor.java;hb=9e6f87e5da41ebd5466bf522099d3745b35703a4
--
Fabio Martelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Apache Syncope PMC
http://people.apache.org/~fmartelli/
