Skip to content

Add MultiTenantAuthenticationManagerResolver #6977

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 25, 2019
Merged

Add MultiTenantAuthenticationManagerResolver #6977

merged 1 commit into from
Jun 25, 2019

Conversation

jzheaux
Copy link
Contributor

@jzheaux jzheaux commented Jun 12, 2019

A class with a number of handy request-based implementations of
AuthenticationManager Resolver

Fixes; gh-6976

@jzheaux jzheaux requested a review from rwinch June 12, 2019 17:09
rwinch
rwinch requested changes Jun 13, 2019
View reviewed changes
...a/org/springframework/security/web/authentication/ServletAuthenticationManagerResolvers.java Outdated
* @since 5.2
* @see AuthenticationManagerResolver
*/
public final class ServletAuthenticationManagerResolvers {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's rename this to AuthenticationManagerResolvers

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to also consider moving this to a class with a name more focused on multi tenancy. Please consider something like creating a class named MultiTenancyAuthenticationManagerResolver with static factory methods that do what is happening here. The MultiTenancyAuthenticationManagerResolver class allows injecting a strategy to resolve the tenant id from the request and then the manager from the tenant id.

@jzheaux jzheaux force-pushed the servlet-multitenancy branch from ba1e0ba to 20486a7 Compare June 14, 2019 01:11
@jzheaux jzheaux changed the title Introduce ServletAuthenticationManagerResolvers Add DefaultAuthenticationManagerResolver Jun 14, 2019
@jzheaux jzheaux force-pushed the servlet-multitenancy branch 3 times, most recently from 715625c to 49a77a9 Compare June 14, 2019 20:23
@jzheaux jzheaux changed the title Add DefaultAuthenticationManagerResolver Add MultiTenantAuthenticationManagerResolver Jun 14, 2019
rwinch
rwinch requested changes Jun 18, 2019
View reviewed changes
...rg/springframework/security/web/authentication/MultiTenantAuthenticationManagerResolver.java Outdated
* @return A hostname-resolving {@link AuthenticationManagerResolver}
*/
public static AuthenticationManagerResolver<HttpServletRequest>
resolveByFirstHostnameLabel(Converter<String, AuthenticationManager> resolver) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure about the phrasing for this. Perhaps it is just me, but I typically hear the phrase subdomain rather than hostname label. Have you given thought to resolveBySubdomain?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm all for pragmatism, and "subdomain" may be more pragmatic. I think it reads more cleanly, too.

The reason that I avoided it is because of Wikipedia's definition of a subdomain:

A subdomain is a domain that is part of a larger domain; the only domain that is not also a subdomain is the root domain.[1] For example, west.example.com and east.example.com/ are subdomains of the example.com domain, which in turn is a subdomain of the com top-level domain (TLD)

If that's the case, then "west" or "east" are not subdomains, even though that's what we all often call them.

Knowing this, what are your thoughts? We could call it resolveBySubdomain (which is what I originally had), but would it cause cognitive dissonance?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the comment. I understand your reservations. I guess I wouldn't necessarily assume that the value of the tenant is the subdomain itself, but that the tenant is resolved from a subdomain. Perhaps a wording of resolveFromSubdomain would be better?

@jzheaux
Add MultiTenantAuthenticationManagerResolver
a048f36 
A class with a number of handy request-based implementations of
AuthenticationManagerResolver targeted at common multi-tenancy
scenarios.

Fixes: spring-projectsgh-6976
@jzheaux jzheaux force-pushed the servlet-multitenancy branch from 49a77a9 to a048f36 Compare June 24, 2019 20:09
@jzheaux jzheaux added this to the 5.2.0.RC1 milestone Jun 25, 2019
@jzheaux jzheaux added in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) in: web An issue in web modules (web, webmvc) type: improvement and removed in: oauth2 An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose) labels Jun 25, 2019
@jzheaux jzheaux self-assigned this Jun 25, 2019
@jzheaux jzheaux added the status: duplicate A duplicate of another issue label Jun 25, 2019
@rwinch
Copy link
Member

rwinch commented Jun 25, 2019

Thanks @jzheaux! This looks good to me

@jzheaux jzheaux merged commit f5da631 into spring-projects:master Jun 25, 2019
@jzheaux jzheaux deleted the servlet-multitenancy branch June 25, 2019 23:21
@DeCaMil DeCaMil mentioned this pull request Jul 1, 2019
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rwinch rwinch rwinch approved these changes

Assignees

@jzheaux jzheaux

Labels
in: web An issue in web modules (web, webmvc) status: duplicate A duplicate of another issue
Projects
None yet
Milestone
5.2.0.M4
Development

Successfully merging this pull request may close these issues.
2 participants
@jzheaux @rwinch