Multitenancy with Spring JPA

Question

I am looking around for a multitenancy solution for my web application. I would like to implement a application with Separate Schema Model. I am thinking to have a datasour

Answer 1

Multitenancy is a bit tricky subject and it has to be handled on the JPA provider side so that from the client code perspective nothing or almost nothing changes. eclipselink has support for multitenancy (see: EclipseLink/Development/Indigo/Multi-Tenancy), hibernate just added it recently.

Another approach is to use AbstractRoutingDataSource, see: Multi tenancy in Hibernate.

Using session-scope is way too risky (also you will end up with thousands of database connections, few for every session/user. Finally EntityManager and underlying database connections are not serializable so you cannot migrate your session and scale your app properly.

Answer 2

I have worked with a number of multi-tenancy systems. The challenge here is how you keep

1. open architecture and
2. provide a solution that evolves with your business.

Let's look at second challenge first. Multi-tenancy systems has a tendency to evolve where you'll need to support use cases where same data (record) can be accessed by multiple tenants with different capacity (e.g. https://bugs.eclipse.org/bugs/show_bug.cgi?id=355458). So, the system ultimately needs Access Control List.

To keep the open architecture you can code to a standard (like JPA). Coding to EclipseLink or Hibernate makes me uncomfortable.

Spring Security ACL provides very flexible community supported solution to both these challenges. Give that a try. I did and been happy with it's performance. However, I must caution you, it took me some digging to get my head around it.