堆栈内存溢出
  简体   繁体   English

这是Web服务与多租户数据库交互的好方法吗?

[英]Is this a good way a web service interacts with a multi-tenant database?

 原文  2017-02-01 00:32:17       database/ web-services/ rest/ jwt/ multi-tenant

问题描述

I am trying to make my web service identify specific client data to return as JSON. 我试图使我的Web服务标识特定的客户端数据以JSON形式返回。 I am not sure this is the right way, and I'd love some advice. 我不确定这是正确的方法,并且我会建议您。

The way it currently works is: 当前的工作方式是:

  1. Database table for users with an appropriate company_id where they belong. 具有所属公司名称的用户的数据库表。
  2. Upon logging in, an authentication service issues JWT tokens with the company_id in the token payload. 登录后,身份验证服务将在令牌有效负载中向JWT令牌颁发带有company_id的令牌。
  3. The clients sends HTTP requests with the token, after which a service verifies the validity of the token, and then the specific route returns data with SQL doing a WHERE company_id = company_id_in_token . 客户端发送带有令牌的HTTP请求,此后,服务将验证令牌的有效性,然后特定路由通过WHERE company_id = company_id_in_token SQL返回数据。

The red flags I'm running into are: 我遇到的危险信号是:

  1. Having user data in the token payload. 在令牌有效载荷中包含用户数据。 SSL will negate this, but I am worried about bad design. SSL会否定这一点,但是我担心设计不好。
  2. Having to include a company_id column in every single table for the filtering. 必须在每个表包含company_id列以进行过滤。

Please, I kindly ask you to rip me a new one. 拜托,我请你把我的一个撕掉。

1 个解决方案

解决方案1
 0  2017-02-04 09:56:27

If you refer to the OpenID specification, it states that you send the id_token, but signs it for later verification. 如果您参考OpenID规范,则说明您发送了id_token,但对其进行了签名以供以后验证。 Also, if the upn or sub claim is available, you can infer the tenant from this data. 同样,如果可以使用upn或sub索赔,则可以从此数据推断租户。 However, in case if the userin question works on behalf of another tenant, special headers are required to infer the tenant, example contextual tenant can be a header that contains the tenant under context. 但是,如果所涉及的user代表另一个租户工作,则需要特殊的标头来推断该租户,示例性上下文租户可以是包含上下文中该租户的标头。

In case of having tenant id column, it is a good practice to have a tenant id column in the core business objects tables. 如果有“租户ID”列,那么在核心业务对象表中有一个“租户ID”列是一个好习惯。 There will be no tenant id column in a table that is dependent on the core business object, because it by itself doesn't convey any significance. 在表中没有依赖于核心业务对象的租户id列,因为它本身没有传达任何意义。

HTH HTH

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 请问这样的多租户数据库设计好吗 - Is this multi-tenant database design is good 多租户数据库中的查找 - Lookups in Multi-Tenant Database 共享的多租户MySQL数据库中的可伸缩性 - Scalability in shared multi-tenant MySQL database 需要多租户数据库体系结构的建议吗? - Need suggestion for Multi-tenant database architecture? 多租户数据库中的复合键 - Composite keys in a Multi-tenant database 具有共享数据库和鉴别器列的多租户 - Multi-Tenant with shared database and discriminator column GoLang 多租户应用程序数据库连接 - GoLang multi-tenant application database connections 维护多租户共享方案数据库 - Maintaining multi-tenant shared-schema database 多租户数据库和一种模型-MVC和Joomla - Multi-Tenant Database & One Model - MVC & Joomla 在多租户应用中需要一些有关发票数据库设计的建议 - Need some suggestions for database design for Invoices in a multi-tenant app
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM