CN115391828A - Data isolation method and system of multi-tenant platform based on micro-service architecture - Google Patents
Data isolation method and system of multi-tenant platform based on micro-service architecture Download PDFInfo
- Publication number
- CN115391828A CN115391828A CN202211344290.2A CN202211344290A CN115391828A CN 115391828 A CN115391828 A CN 115391828A CN 202211344290 A CN202211344290 A CN 202211344290A CN 115391828 A CN115391828 A CN 115391828A
- Authority
- CN
- China
- Prior art keywords
- tenant
- data
- information
- database
- micro
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 120
- 238000000034 method Methods 0.000 claims abstract description 19
- 238000004590 computer program Methods 0.000 claims description 7
- 238000001914 filtration Methods 0.000 claims description 4
- 230000002085 persistent effect Effects 0.000 claims description 4
- 238000012216 screening Methods 0.000 claims description 3
- 101001072091 Homo sapiens ProSAAS Proteins 0.000 description 9
- 102100036366 ProSAAS Human genes 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 6
- 239000003795 chemical substances by application Substances 0.000 description 3
- 239000000463 material Substances 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013499 data model Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/54—Interprogram communication
- G06F9/547—Remote procedure calls [RPC]; Web services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Data Mining & Analysis (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a data isolation method and a system of a multi-tenant platform based on a micro-service architecture, wherein the method comprises the following steps: when a request for acquiring tenant data sent by a user is received, controlling a tenant interceptor to intercept the request for loading the tenant data; determining corresponding tenant information from a preset tenant table according to a tenant identity in the request for loading tenant data, wherein the tenant information at least comprises tenant basic information and a data isolation strategy; caching the basic tenant information into a thread context, and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database; and carrying out data loading interception on the tenant data source according to the data isolation strategy of the tenant. The isolation method and the isolation device solve the problem that in the prior art, the isolation strategy of the tenant data isolation of the multi-tenant platform is single.
Description
Technical Field
The invention relates to the technical field of micro-service architectures, in particular to a multi-tenant platform data isolation method and system based on a micro-service architecture.
Background
The multi-tenant technology is a software architecture technology, and can realize sharing of system instances among multiple tenants and personalized customization of the system instances of the tenants. By using the multi-tenant technology, the shared part of the system commonality can be ensured, and the individual parts are isolated independently. The technical key point of the multi-tenant technology is to maintain data isolation between different tenants.
In the prior art, there are three main schemes for data isolation, such as: the system comprises an independent database, a shared database isolation data framework and a shared database shared data framework. The independent database mainly provides independent databases for different tenants, facilitates simplification of expansion design of a data model, meets unique requirements of different tenants, and is good in safety and isolation; the shared database isolation data architecture provides a certain degree of logic data isolation for tenants with higher safety requirements, but is not completely isolated; the shared Database shares a data architecture, the same Database and the same Schema are shared by the tenants, but the data of the tenants are distinguished in the table through the IDs of the tenants, which is a mode with the highest sharing degree and the lowest isolation level.
However, the isolation policy is single in independent databases, shared database isolation data architectures and shared database shared data architectures.
Disclosure of Invention
In view of this, the present invention provides a data isolation method and system for a multi-tenant platform based on a micro-service architecture, and aims to solve the problem in the prior art that an isolation policy for isolating tenant data of the multi-tenant platform is single.
The invention is realized by the following steps:
a data isolation method for a micro-service architecture based multi-tenant platform, the method comprising:
when a request for acquiring tenant data sent by a user is received, controlling a tenant interceptor to intercept the request for loading the tenant data;
determining corresponding tenant information from a preset tenant table according to a tenant identity in the request for loading tenant data, wherein the tenant information at least comprises tenant basic information and a data isolation strategy;
caching the basic tenant information into a thread context, and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database;
and carrying out data loading interception on the tenant data source according to the data isolation strategy of the tenant.
Further, the data isolation method for the multi-tenant platform based on the micro-service architecture further includes, when receiving a request sent by a user for obtaining tenant data and controlling a tenant interceptor to intercept a request for loading tenant data, the steps of:
creating basic tenant information of different tenants and corresponding data isolation strategies, and storing the basic tenant information of the different tenants and the data isolation strategies to establish a preset tenant table.
Further, the data isolation method for a multi-tenant platform based on a micro-service architecture, where the creating of the tenant basic information of different tenants and the corresponding data isolation policy and the storing of the tenant basic information of different tenants and the data isolation policy to establish the preset tenant table further includes:
and creating a corresponding database mode name or a database according to the basic information of the tenants filled in when the different tenants are created and the selected isolation strategy, and initializing the table structure and table data of the preset tenants.
Further, the data isolation method for a multi-tenant platform based on a micro-service architecture includes, before the step of caching the tenant basic information into a thread context and obtaining a tenant data source corresponding to the tenant basic information from a preset tenant data source database, the following steps:
detecting whether the preset tenant data source database caches a corresponding tenant data source or not according to the tenant basic information;
if not, dynamically loading the tenant data source according to the tenant basic information and caching the tenant data source into the preset tenant data source database;
if yes, caching the basic tenant information into a thread context, and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database.
Further, the data isolation method for the multi-tenant platform based on the micro-service architecture is characterized in that the step of performing data loading interception on the tenant data source according to the data isolation policy of the tenant comprises the following steps:
when the tenant data isolation strategy is a table-level strategy, taking the identity of the tenant as a filtering condition, dynamically rewriting the where condition of SQL, and screening out the corresponding tenant data;
when the tenant data isolation strategy is a database mode name strategy, according to tenant basic information in the thread context, taking the schema of the tenant as a mode name, dynamically rewriting the schema of SQL, and loading corresponding tenant data;
when the tenant data isolation strategy is a database strategy, dynamically switching database connection to a tenant data source according to tenant basic information in the thread context, and loading corresponding tenant data;
the SQL is switched to the corresponding database type SQL for execution through the execution of the SQL proxied by the dynamic data source proxy.
Further, the data isolation method for the multi-tenant platform based on the micro-service architecture includes the following steps that a dynamic data source agent acts on the execution of SQL, and the step of switching the SQL to a corresponding database type SQL for execution includes:
the SQL is switched to a corresponding database type, the database type DatabaseId is set to be the corresponding database type through tenant information in a thread context, the Mybatis persistent layer framework is used, SQL sentences of multiple database types are preset, and the SQL corresponding to the database type is obtained according to the DatabaseId to be executed.
Further, the data isolation method for the multi-tenant platform based on the micro-service architecture further includes:
when the micro service calling is detected to be needed, intercepting the micro service calling through a micro service calling interceptor, and transmitting the tenant information to the called micro service;
and controlling the micro-service call interceptor to store the identity of the tenant to an internal service call request header according to the tenant basic information in the thread context, and transmitting the identity of the tenant to the called micro-service.
Another object of the present invention is to provide a data isolation system for a multi-tenant platform based on a microservice architecture, the system comprising:
the system comprises a receiving module, a tenant interceptor and a sending module, wherein the receiving module is used for controlling the tenant interceptor to intercept a request for loading tenant data when receiving the request for acquiring the tenant data sent by a user;
the determining module is used for determining corresponding tenant information from a preset tenant table according to the tenant identity in the request for loading tenant data, wherein the tenant information at least comprises tenant basic information and a data isolation strategy;
the cache module is used for caching the basic tenant information into a thread context and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database;
and the loading module is used for carrying out data loading interception on the tenant data source according to the data isolation strategy of the tenant.
It is a further object of the invention to provide a readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the steps of the method as described above.
It is a further object of the invention to provide a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method as described above when executing the program.
According to the method and the system, the tenant interceptor intercepts the tenant identity in the request header, loads tenant information, and supports different tenant data isolation strategy technologies under the same multi-tenant platform according to the isolation strategy, data loading and other operations of the corresponding tenant, so that the independence and the safety of the database are improved. Meanwhile, different database types are supported, the same multi-tenant platform system can be ensured to run on different types of databases, and the problem of single isolation strategy in the existing multi-tenant SAAS platform tenant data isolation is solved.
Drawings
Fig. 1 is a flowchart of a data isolation method for a micro-service architecture based multi-tenant platform according to a first embodiment of the present invention;
fig. 2 is a block diagram of a data isolation system of a multi-tenant platform based on a microservice architecture according to a third embodiment of the present invention.
The following detailed description will further illustrate the invention in conjunction with the above-described figures.
Detailed Description
To facilitate an understanding of the invention, the invention will now be described more fully hereinafter with reference to the accompanying drawings. Several embodiments of the invention are presented in the drawings. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete.
It will be understood that when an element is referred to as being "secured to" another element, it can be directly on the other element or intervening elements may also be present. When an element is referred to as being "connected" to another element, it can be directly connected to the other element or intervening elements may also be present. The terms "vertical," "horizontal," "left," "right," and the like as used herein are for illustrative purposes only.
Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. The terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used herein, the term "and/or" includes any and all combinations of one or more of the associated listed items.
The following describes how to improve the accuracy of the recommendation in bidding in detail with reference to the specific embodiments and the accompanying drawings.
Example one
Referring to fig. 1, a data isolation method for a micro-service architecture based multi-tenant platform according to a first embodiment of the present invention is shown, and the method includes steps S10 to S13.
And step S10, controlling a tenant interceptor to intercept a request for loading tenant data when receiving the request for acquiring the tenant data sent by a user.
The multi-tenant SAAS platform receives a request sent by a user and used for acquiring tenant data, and specifically, a tenant interceptor intercepts a request for loading the tenant data in the multi-tenant SAAS platform.
Step S11, determining corresponding tenant information from a preset tenant table according to the tenant identity in the tenant data loading request, wherein the tenant information at least comprises tenant basic information and a data isolation strategy.
And after the tenant interceptor is used for inquiring corresponding tenant information in a preset tenant table according to the Identity (ID) of the tenant in the request header after the tenant data loading request is intercepted, wherein the tenant information comprises tenant basic information and a corresponding data isolation strategy.
Specifically, in some optional embodiments of the present invention, the preset tenant table may be established in advance, and the tenant data is isolated and stored in advance according to different data isolation policies, and in specific implementation, when receiving a request sent by a user for obtaining the tenant data, and before the step of controlling a tenant interceptor to intercept the request for loading the tenant data, the method further includes:
creating basic tenant information and corresponding data isolation strategies of different tenants, and storing the basic tenant information and the data isolation strategies of the different tenants to establish a preset tenant table;
and creating a corresponding database mode name or a database according to the basic information of the tenants filled in when the different tenants are created and the selected isolation strategy, and initializing the table structure and table data of the preset tenants.
It can be understood that the platform stores the basic information and the data isolation policy of different tenants into a tenant table unified by the platform, and the platform performs tenant initialization operation according to the tenant basic information and the data isolation policy of the tenant, wherein the tenant initialization operation includes that the platform creates a corresponding database schema name or a database according to the tenant information filled in when the tenant is created and the selected isolation policy, and initializes a table structure and table data.
And S12, caching the basic tenant information into a thread context, and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database.
Specifically, the tenant information is cached in a thread context, where the thread context is a storage space for storing the tenant information, and in specific implementation, the thread context lifecycle is the entire process of loading the tenant data request.
The tenant interceptor acquires a tenant data source corresponding to the tenant basic information from a preset tenant data source database according to the tenant information in the thread context, wherein the preset tenant data source database is a storage space for caching the tenant data source.
And S13, carrying out data loading interception on the tenant data source according to the data isolation strategy of the tenant.
The method comprises the steps that different tenants are isolated through different data isolation strategies, when tenant data is intercepted, the data of the tenants need to be intercepted according to the different data isolation strategies, specifically, when the tenant data isolation strategy is a table-level isolation strategy, the interception is data record interception, the identity identification of the tenant is used as a filtering condition, the where condition of SQL is dynamically rewritten, and the corresponding tenant data is screened out; when the tenant data isolation strategy is a database mode name isolation strategy, intercepting the database mode name, taking the schema of the tenant as the mode name according to the tenant basic information in the thread context, dynamically rewriting the schema of SQL, and loading the corresponding tenant data; when the tenant data isolation strategy is a database isolation strategy, intercepting is database intercepting, database connection is dynamically switched to a tenant data source according to tenant basic information in a thread context, and corresponding tenant data are loaded; the SQL is switched to the corresponding database type SQL for execution through execution of the dynamic data source agent, specifically, the database type database Id is set to be the corresponding database type through tenant information in a thread context, SQL sentences of various database types are preset by using a Mybatis persistent layer frame, and the SQL of the corresponding database type is acquired according to the database type SQL for execution during execution.
Additionally, in some alternative embodiments of the invention, the method further comprises: when the micro service calling is detected to be needed, intercepting the micro service calling through a micro service calling interceptor, and transmitting the tenant information to the called micro service;
and controlling the micro-service call interceptor to store the identity of the tenant to an internal service call request header according to the tenant basic information in the thread context, and transmitting the identity of the tenant to the called micro-service.
As can be understood, when micro-service invocation is involved, the micro-service invocation is intercepted by the micro-service invocation interceptor, and tenant information is transferred to the invoked micro-service; and the micro service calling interceptor stores the tenant id to the header of the internal service calling request according to the tenant information in the thread context, and transmits the tenant id to the called micro service for further execution.
In summary, in the data isolation method for the multi-tenant platform based on the micro-service architecture in the embodiments of the present invention, the tenant interceptor intercepts the tenant identity in the request header, loads the tenant information, and implements a technology supporting different tenant data isolation policies on the same multi-tenant platform according to the isolation policy and data loading operations of the corresponding tenant, thereby improving the independence and security of the database. Meanwhile, different database types are supported, the same multi-tenant platform system can be ensured to run on different types of databases, and the problem of single isolation strategy in the existing multi-tenant SAAS platform tenant data isolation is solved.
Example two
The embodiment also provides a data isolation method for a multi-tenant platform based on a micro-service architecture, which is different from the data isolation method for a multi-tenant platform based on a micro-service architecture in the first embodiment in that:
step S12 is preceded by:
detecting whether the preset tenant data source database caches a corresponding tenant data source or not according to the tenant basic information;
if not, dynamically loading the tenant data source according to the tenant basic information and caching the tenant data source into the preset tenant data source database;
if yes, caching the basic tenant information into a thread context, and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database.
Specifically, whether the preset tenant data source database contains a corresponding tenant data source or not can be detected in advance, if yes, the tenant data source corresponding to the tenant basic information can be directly obtained from the tenant data source database, and if not, the tenant data source is dynamically loaded according to the tenant basic information and is cached in the preset tenant data source database to be obtained.
The tenant interceptor intercepts the tenant identity identifier in the request header, loads tenant information, and supports different tenant data isolation strategy technologies on the same multi-tenant platform according to the isolation strategy of the corresponding tenant, data loading and other operations, so that the independence and the safety of the database are improved. Meanwhile, different database types are supported, the same multi-tenant platform system can be ensured to run on different types of databases, and the problem of single isolation strategy in the existing multi-tenant SAAS platform tenant data isolation is solved.
In addition, the data isolation of the multi-tenant platform based on the micro-service architecture provided by the invention also has the following beneficial effects:
the multi-tenant SAAS platform decomposes system functions into atomic functions which are most basic, relatively independent and non-overlapping, a customized SaaS basic model is formed, and a database and a data table of a tenant are automatically generated according to functions selected by the tenant, so that a hot initialization effect of the tenant is achieved. The tenant interceptor intercepts the tenant id in the request header, loads tenant information, and performs operations such as SQL (structured query language) rewriting and database switching according to the isolation strategy of the corresponding tenant, so that the data isolation strategy technology of different tenants is supported under the same multi-tenant SAAS platform, and the independence and the safety of the database are submitted. Meanwhile, different database types are supported, the same SAAS system can be ensured to run on different types of databases, and micro service calling is intercepted through a micro service calling interceptor, so that tenant information is transferred to a called service, and the problems that isolation strategies are single, multiple database types are not supported, and multi-tenant calling among micro services is carried out in tenant data isolation of the existing multi-tenant SAAS platform are solved.
EXAMPLE III
Referring to fig. 2, a data isolation system of a multi-tenant platform based on a microservice architecture according to a third embodiment of the present invention is shown, the system includes:
the system comprises a receiving module 100, a tenant interceptor and a processing module, wherein the receiving module is used for controlling the tenant interceptor to intercept a request for loading tenant data when receiving the request for acquiring the tenant data sent by a user;
a determining module 200, configured to determine, according to a tenant identity in the request for loading tenant data, corresponding tenant information from a preset tenant table, where the tenant information at least includes tenant basic information and a data isolation policy;
the caching module 300 is configured to cache the tenant basic information into a thread context, and acquire a tenant data source corresponding to the tenant basic information from a preset tenant data source database;
a loading module 400, configured to perform data loading interception on the tenant data source according to the data isolation policy of the tenant.
Further, the data isolation system of the multi-tenant platform based on the micro-service architecture further includes:
the system comprises a creating module, a data isolation module and a storage module, wherein the creating module is used for creating basic tenant information of different tenants and corresponding data isolation strategies, and storing the basic tenant information of the different tenants and the data isolation strategies to establish a preset tenant table.
Further, the data isolation system of the multi-tenant platform based on the micro-service architecture further includes:
and the initialization module is used for creating a corresponding database mode name or a database according to the basic information of the tenants filled in when the different tenants are created and the selected isolation strategy, and initializing the preset tenant table structure and table data.
Further, the data isolation system of the multi-tenant platform based on the micro-service architecture further includes:
the detection module is used for detecting whether the preset tenant data source database caches the corresponding tenant data source according to the tenant basic information;
if not, dynamically loading the tenant data source according to the tenant basic information and caching the tenant data source into the preset tenant data source database;
if yes, caching the basic tenant information into a thread context, and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database.
Further, in the data isolation system of the multi-tenant platform based on the micro service architecture, the loading module is specifically configured to:
when the tenant data isolation strategy is a table-level strategy, taking the identity of the tenant as a filtering condition, dynamically rewriting the where condition of SQL, and screening out the corresponding tenant data;
when the tenant data isolation strategy is a database mode name strategy, according to tenant basic information in the thread context, taking the schema of the tenant as a mode name, dynamically rewriting the schema of SQL, and loading corresponding tenant data;
when the tenant data isolation strategy is a database strategy, dynamically switching database connection to a tenant data source according to tenant basic information in the thread context, and loading corresponding tenant data;
the SQL is switched to the corresponding database type SQL for execution through the execution of the dynamic data source agent SQL.
Further, the data isolation system of the multi-tenant platform based on the micro-service architecture further includes:
and the execution module is used for switching the SQL to the corresponding database type, setting the database type DatabaseId as the corresponding database type through tenant information in the thread context, presetting SQL sentences of multiple database types by using a Mybatis persistent layer framework, and acquiring the SQL corresponding to the database type according to the DatabaseId for execution when executing.
Further, the data isolation system of the multi-tenant platform based on the micro-service architecture further includes:
the transfer module is used for intercepting the micro-service call through a micro-service call interceptor when the micro-service call is detected to be needed, and transferring the tenant information to the called micro-service;
and the calling module is used for controlling the micro-service calling interceptor to store the identity of the tenant to an internal service calling request header according to the tenant basic information in the thread context and transmit the identity of the tenant to the called micro-service.
The functions or operation steps of the above modules when executed are substantially the same as those of the above method embodiments, and are not described herein again.
Example four
In another aspect, the present invention further provides a readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of the method according to any one of the first to second embodiments.
EXAMPLE five
In another aspect, the present invention further provides a computer device, which includes a memory, a processor, and a computer program stored in the memory and executable on the processor, and when the processor executes the computer program, the processor implements the steps of the method according to any one of the first to second embodiments.
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
Those of skill in the art will understand that the logic and/or steps illustrated in the flowcharts or otherwise described herein, such as an ordered listing of executable instructions that can be considered to implement logical functions, can be embodied in any computer-readable medium for use by or in connection with an instruction execution system, apparatus, or device, such as a computer-based system, processor-containing system, or other system that can fetch the instructions from the instruction execution system, apparatus, or device and execute the instructions. For the purposes of this description, a "computer-readable medium" can be any means that can contain, store, communicate, propagate, or transport the program for use by or in connection with the instruction execution system, apparatus, or device.
More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection (electronic device) having one or more wires, a portable computer diskette (magnetic device), a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber device, and a portable compact disc read-only memory (CDROM). Additionally, the computer-readable storage medium may even be paper or another suitable medium upon which the program is printed, as the program can be electronically captured, via for instance optical scanning of the paper or other medium, then compiled, interpreted or otherwise processed in a suitable manner if necessary, and then stored in a computer memory.
It should be understood that portions of the present invention may be implemented in hardware, software, firmware, or a combination thereof. In the above embodiments, the various steps or methods may be implemented in software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, any one or combination of the following techniques, which are known in the art, may be used: a discrete logic circuit having a logic gate circuit for implementing a logic function on a data signal, an application specific integrated circuit having an appropriate combinational logic gate circuit, a Programmable Gate Array (PGA), a Field Programmable Gate Array (FPGA), or the like.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above-mentioned embodiments only express several embodiments of the present invention, and the description thereof is specific and detailed, but not to be understood as limiting the scope of the present invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the inventive concept, which falls within the scope of the present invention. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (10)
1. A data isolation method of a multi-tenant platform based on a micro-service architecture is characterized by comprising the following steps:
when a request for acquiring tenant data sent by a user is received, controlling a tenant interceptor to intercept the request for loading the tenant data;
determining corresponding tenant information from a preset tenant table according to a tenant identity in the request for loading tenant data, wherein the tenant information at least comprises tenant basic information and a data isolation strategy;
caching the basic tenant information into a thread context, and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database;
and carrying out data loading interception on the tenant data source according to the data isolation strategy of the tenant.
2. The data isolation method for the micro-service architecture based multi-tenant platform according to claim 1, wherein the step of controlling the tenant interceptor to intercept the request for loading tenant data when receiving the request for obtaining tenant data sent by the user further comprises:
creating basic tenant information of different tenants and corresponding data isolation strategies, and storing the basic tenant information of the different tenants and the data isolation strategies to establish a preset tenant table.
3. The data isolation method for the multi-tenant platform based on the micro-service architecture according to claim 2, wherein the step of creating tenant basic information and corresponding data isolation policies of different tenants, and saving the tenant basic information and the data isolation policies of the different tenants to establish a preset tenant table further includes:
and creating a corresponding database mode name or a database according to the basic information of the tenants filled in when the different tenants are created and the selected isolation strategy, and initializing the preset tenant table structure and table data.
4. The data isolation method for the micro-service architecture based multi-tenant platform according to claim 1, wherein the step of caching the tenant basic information into a thread context and obtaining a tenant data source corresponding to the tenant basic information from a preset tenant data source database further comprises:
detecting whether the preset tenant data source database caches a corresponding tenant data source according to the tenant basic information;
if not, dynamically loading the tenant data source according to the tenant basic information and caching the tenant data source into the preset tenant data source database;
if yes, caching the basic tenant information into a thread context, and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database.
5. The data isolation method for the micro-service architecture based multi-tenant platform according to claim 1, wherein the step of intercepting the data loading of the tenant data source according to the data isolation policy of the tenant comprises:
when the tenant data isolation strategy is a table-level strategy, taking the identity of the tenant as a filtering condition, dynamically rewriting the where condition of SQL, and screening out the corresponding tenant data;
when the tenant data isolation strategy is a database mode name strategy, according to tenant basic information in the thread context, taking the schema of the tenant as a mode name, dynamically rewriting the schema of SQL, and loading corresponding tenant data;
when the tenant data isolation strategy is a database strategy, dynamically switching database connection to a tenant data source according to tenant basic information in the thread context, and loading corresponding tenant data;
the SQL is switched to the corresponding database type SQL for execution through the execution of the dynamic data source agent SQL.
6. The data isolation method for the micro-service architecture based multi-tenant platform according to claim 5, wherein the step of the dynamic data source agent acting on the execution of the SQL and switching the execution of the SQL to the corresponding database type SQL comprises:
the SQL is switched to a corresponding database type, the database type DatabaseId is set to be the corresponding database type through tenant information in a thread context, the Mybatis persistent layer framework is used, SQL sentences of multiple database types are preset, and the SQL corresponding to the database type is obtained according to the DatabaseId to be executed.
7. The method of data isolation for a micro-service architecture based multi-tenant platform as claimed in claim 1, the method further comprising:
when the micro service calling is detected to be needed, intercepting the micro service calling through a micro service calling interceptor, and transmitting the tenant information to the called micro service;
and controlling the micro-service call interceptor to store the identity of the tenant to an internal service call request header according to the tenant basic information in the thread context, and transmitting the identity of the tenant to the called micro-service.
8. A data isolation system of a multi-tenant platform based on a micro-service architecture, the system comprising:
the system comprises a receiving module, a tenant interceptor and a sending module, wherein the receiving module is used for controlling the tenant interceptor to intercept a request for loading tenant data when receiving the request for acquiring the tenant data sent by a user;
the determining module is used for determining corresponding tenant information from a preset tenant table according to the tenant identity in the request for loading tenant data, wherein the tenant information at least comprises tenant basic information and a data isolation strategy;
the cache module is used for caching the basic tenant information into a thread context and acquiring a tenant data source corresponding to the basic tenant information from a preset tenant data source database;
and the loading module is used for carrying out data loading interception on the tenant data source according to the data isolation strategy of the tenant.
9. A readable storage medium, on which a computer program is stored, which program, when being executed by a processor, is adapted to carry out the steps of the method according to any one of claims 1 to 7.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method as claimed in any one of claims 1 to 7 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211344290.2A CN115391828A (en) | 2022-10-31 | 2022-10-31 | Data isolation method and system of multi-tenant platform based on micro-service architecture |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211344290.2A CN115391828A (en) | 2022-10-31 | 2022-10-31 | Data isolation method and system of multi-tenant platform based on micro-service architecture |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115391828A true CN115391828A (en) | 2022-11-25 |
Family
ID=84114942
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211344290.2A Pending CN115391828A (en) | 2022-10-31 | 2022-10-31 | Data isolation method and system of multi-tenant platform based on micro-service architecture |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115391828A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115842674A (en) * | 2022-11-29 | 2023-03-24 | 武汉易久批信息技术有限公司 | Method and system suitable for cloud service multi-tenant isolation |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112069210A (en) * | 2020-08-21 | 2020-12-11 | 北京首汽智行科技有限公司 | Saas platform multi-tenant data isolation method |
| CN112995126A (en) * | 2021-01-25 | 2021-06-18 | 上海契云科技有限公司 | Management method for supporting multiple data isolation strategies by multi-tenant platform |
| CN113535723A (en) * | 2021-07-13 | 2021-10-22 | 杭州安恒信息技术股份有限公司 | Multi-tenant database management and control method, system and storage medium |
| WO2021218328A1 (en) * | 2020-04-28 | 2021-11-04 | 深圳壹账通智能科技有限公司 | Multi-tenant access service implementation method, apparatus and device, and storage medium |
| CN114765630A (en) * | 2022-02-16 | 2022-07-19 | 杭州湖畔网络技术有限公司 | Data access method of multi-tenant platform, multi-tenant platform and server |
| CN114861215A (en) * | 2021-02-04 | 2022-08-05 | 株式会社日立制作所 | Multi-tenant data isolation system and multi-tenant data isolation method |
-
2022
- 2022-10-31 CN CN202211344290.2A patent/CN115391828A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2021218328A1 (en) * | 2020-04-28 | 2021-11-04 | 深圳壹账通智能科技有限公司 | Multi-tenant access service implementation method, apparatus and device, and storage medium |
| CN112069210A (en) * | 2020-08-21 | 2020-12-11 | 北京首汽智行科技有限公司 | Saas platform multi-tenant data isolation method |
| CN112995126A (en) * | 2021-01-25 | 2021-06-18 | 上海契云科技有限公司 | Management method for supporting multiple data isolation strategies by multi-tenant platform |
| CN114861215A (en) * | 2021-02-04 | 2022-08-05 | 株式会社日立制作所 | Multi-tenant data isolation system and multi-tenant data isolation method |
| CN113535723A (en) * | 2021-07-13 | 2021-10-22 | 杭州安恒信息技术股份有限公司 | Multi-tenant database management and control method, system and storage medium |
| CN114765630A (en) * | 2022-02-16 | 2022-07-19 | 杭州湖畔网络技术有限公司 | Data access method of multi-tenant platform, multi-tenant platform and server |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115842674A (en) * | 2022-11-29 | 2023-03-24 | 武汉易久批信息技术有限公司 | Method and system suitable for cloud service multi-tenant isolation |
| CN115842674B (en) * | 2022-11-29 | 2023-09-26 | 武汉易久批信息技术有限公司 | Method and system suitable for cloud service multi-tenant isolation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| RU2742289C1 (en) | Service registration in communication network | |
| US8832679B2 (en) | Registration process for determining compatibility with 32-bit or 64-bit software | |
| US20030110258A1 (en) | Handling of malware scanning of files stored within a file storage device of a computer network | |
| US6205466B1 (en) | Infrastructure for an open digital services marketplace | |
| US10103946B2 (en) | System and method for JMS integration in a multitenant application server environment | |
| US8983988B2 (en) | Centralized management of virtual machines | |
| US6785691B1 (en) | Object oriented processing system and data sharing environment for applications therein | |
| US20060020633A1 (en) | Apparatus and method for providing context-aware service | |
| EP3198427A1 (en) | System and method for determination of partition identifiers in a multitenant application server environment | |
| US9699025B2 (en) | System and method for managing multiple server node clusters using a hierarchical configuration data structure | |
| US7536688B2 (en) | Segmented virtual machine | |
| US8285876B2 (en) | J2EE application versioning strategy | |
| CN102713925B (en) | Confidential information is revealed the leakage of anti-locking system, confidential information leak-preventing method and confidential information and is prevented program | |
| KR20050089072A (en) | Method and apparatus for shared libraries on mobile devices | |
| CN104537013B (en) | A kind of method and apparatus of processing data | |
| CN115391828A (en) | Data isolation method and system of multi-tenant platform based on micro-service architecture | |
| US7788275B2 (en) | Customization of relationship traversal | |
| CN106708636B (en) | Data caching method and device based on cluster | |
| US20070192334A1 (en) | System and Method for Heterogeneous Caching | |
| GB2366168A (en) | Controlling access to network interface cards | |
| US7519600B1 (en) | System and method for managing multiple application server clusters using a hierarchical data object and a multi-parameter representation for each configuration property | |
| US7827135B2 (en) | Method and apparatus for relaxed transactional isolation in a client-server caching architecture | |
| CN112256351B (en) | Method for realizing Feign component, method and device for calling micro-service | |
| CN109408256A (en) | Using call method and device | |
| US7039673B1 (en) | Method and apparatus for dynamic command extensibility in an intelligent agent |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221125 |
|
| RJ01 | Rejection of invention patent application after publication |