Multi-tenancy and basic auth#9
Open
ciegler wants to merge 1 commit into
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This mini sample project uses the quarkus-multitenancy extension form
mathias82, which is in the process of becoming an official quarkiverse extension.
All parts that I directly copied (without adjusting) from the quarkus-multitenancy demo project are marked by a comment.
The quarkus-multitenancy extension provides a consistent tenant resolution in quarkus, e.g. via a HTTP-Header.
Hereby the extension lets us implement (if needed) our custom:
The extension itself comes with a filter that resolves the tenant if there is no authorization needed and supports a database-per-tenant approach.
In order to resolve the tenant when making an authorization request it is needed to implement a custom
HTTPAuthenticationMechanism and to implement a custom TenantResolutionContext.
Implementing a custom HTTPAuthenticationMechanism is one of the intended ways when customizing Quarkus Security
(see docs).
The extensions build-in TenantResolutionContext expects an ContainerRequestContext, which is not available in the
authentication step. However, to resolve the Tenant via the TenantResolver we only need to extract a specific HTTP-Header,
which we can also get from the RoutingContext.
Testing
Run
docker compose up -dto create the databases in thecompose.yaml, then runmvn quarkus:dev.HTTP Requests for testing are in the
localhost.http, all passwords arepassword.There will be an error message that the database schema for
<default>is not correct. I will look into it again, but since it did not affect the project at all I decided to ignore it for now.