CN109951530A - A kind of Implementation Technology of multi-tenant mode - Google Patents
A kind of Implementation Technology of multi-tenant mode Download PDFInfo
- Publication number
- CN109951530A CN109951530A CN201910145264.9A CN201910145264A CN109951530A CN 109951530 A CN109951530 A CN 109951530A CN 201910145264 A CN201910145264 A CN 201910145264A CN 109951530 A CN109951530 A CN 109951530A
- Authority
- CN
- China
- Prior art keywords
- tenant
- application system
- nginx
- information
- isolation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The present invention provides a kind of Implementation Technology of multi-tenant mode, belongs to Java Web applicating developing technology field, and the present invention requires the corresponding domain name of distribution application system according to tenant first, and tenant accesses the application system for distributing to oneself;Secondly nginx is jumped to according to the url of request parsing and is distributed in the correspondence application system that tenant uses;Application system calls shared core business service again;Finally service returns to the data in tenant's permission, is presented to tenant.Can quick response tenant's individual demand, safeguard it is low with acquisition cost, highly-safe.
Description
Technical field
The present invention relates to Java Web applicating developing technology more particularly to a kind of Implementation Technologies of multi-tenant mode.
Background technique
In multi-tenant technology, tenant (tenant) refers to the client using system or computer calculation resources, but is renting more
In the technology of family, tenant includes all data that can recognize in systems as designated user, such as account and statistical information
(accounting data), the customized application environment of various data and user itself that user builds in systems
Deng, the range of tenant is belonged to, and used in tenant it is then the application system or operation developed or built based on supplier
Resource etc., application system designed by supplier can accommodate several above users and use under the same environment, in order to allow
It is used on the same application program of the environment capacity of multiple users and computing environment, then application program and computing environment have to spy
It does not design, other than system platform can be allowed to can permit while more parts of identical application programs being allowed to run, protects tenant data
Privacy and safety be also multi-tenant technology one of key.
Raising with the development and people of economic society to informationization understanding, tenant are more next to the individual demand of system
It is more universal, higher and higher to the security requirement of system;Belong to medium-sized and small enterprises additionally, due to tenant itself, but be faced with drop at
Originally, facilitate the urgent need of effect.
Common three kinds of design schemes of multi-tenant:
One self contained data base, the user data isolation level highest of this scheme, safety is best, but cost is also high.
Two shared data banks, independent schema, this scheme provide to a certain degree for the higher tenant of security requirement
Logical data isolation, but across tenant statistical data is difficult.
Three shared data banks share schema, and shared data table, this scheme maintenance acquisition cost is minimum, allows each
Tenant's quantity that database is supported is most, but safety is minimum.
Summary of the invention
In order to solve the above technical problems, the invention proposes a kind of Implementation Technology of multi-tenant mode, fusion
The advantage of above-mentioned three kinds of schemes, it is intended to which quick response tenant's individual demand improves security of system, reduces tenant and purchases into
This, reduces complicated technology realization degree.
The purpose of the present invention is realizing technology by a whole set of perfect java web framework, quick response tenant is personalized
Demand improves security of system, reduces tenant's acquisition cost, reduces complicated technology realization degree
The technical scheme is that
The corresponding domain name of distribution application system is required according to tenant first, tenant accesses the application system for distributing to oneself;
Secondly nginx is jumped to according to the url of request parsing and is distributed in the correspondence application system that tenant uses;Application system tune again
With shared core business service;Finally service returns to the data in tenant's permission, is presented to tenant.
Further, emphasis includes three parts in the implementation: nginx reverse proxy, personalized application system, background service
And in database data isolation.
Further, the Nginx reverse proxy realizes the reverse proxy function of nginx server by configuring nginx
Energy;So that different tenants distribute to the application system of oneself by different domain name access.The reality of Nginx server reverse proxy
It is existing, Nginx official document is specifically referred to, details are not described herein.
Further, the personalized application system is realized using the mvc light weight level framework of current java web maturation
Tenant system functional unit, Development of Modular, can quick response tenant individual demand, meet tenant's personal needs.
Personalized application system is isolated between tenant, i.e., oneself privately owned application system of each tenant;To the sensitivity of tenant
Information (cell-phone number, mailbox, password etc.), system has carried out encryption;Security solution filtering is executed to additional character.
Further, in the background service and database data isolation, background service provides new according to tenant identification
Increase, modification, the various services deleted, inquire tenant and its business information;In general utility tool class provide to tenant's information plus, solution
Close algorithm, filtering, the method for verifying authority of dangerous sensitive character etc.;Tenant's information and tenant's authority information and business in database
The isolation of data scheme rank;Business datum passes through tenant identification logic isolation.
The beneficial effects of the invention are as follows
Compared with other modes, the present invention is the framework mould of a kind of shared data bank, shared service, isolation applications system
Formula can improve security of system with quick response tenant's individual demand, reduce tenant's acquisition cost and complicated technology realization
Degree.
Detailed description of the invention
Fig. 1 is workflow schematic diagram of the invention.
Specific embodiment
In order to make the object, technical scheme and advantages of the embodiment of the invention clearer, below in conjunction with the embodiment of the present invention
In attached drawing, technical scheme in the embodiment of the invention is clearly and completely described, it is clear that described embodiment is
A part of the embodiment of the present invention, instead of all the embodiments, based on the embodiments of the present invention, those of ordinary skill in the art
Every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention
In the technical program design cycle, the corresponding domain name of distribution application system, Zu Hufang are required according to tenant first
Ask the application system for distributing to oneself;
Secondly nginx is jumped to according to the url of request parsing and is distributed in the correspondence application system that tenant uses;It answers again
Shared core business service is called with system;
Finally service returns to the data in tenant's permission, is presented to tenant.
Emphasis includes three parts in the implementation: nginx reverse proxy, personalized application system, background service and database
The isolation of middle data.
Nginx reverse proxy realizes the reverse proxy function of nginx server by configuring nginx;So that different rent
The application system of oneself is distributed to by different domain name access in family.The realization of Nginx server reverse proxy, specifically refers to
Nginx official document, details are not described herein.
Personalized application system realizes Tenant system functional group using the mvc light weight level framework of current java web maturation
Part, Development of Modular, can quick response tenant individual demand, meet tenant's personal needs.Application system is tenant
Between be isolated, i.e., oneself privately owned application system of each tenant;To the sensitive information (cell-phone number, mailbox, password etc.) of tenant, system
Encryption is carried out;Security solution filtering is executed to additional character.
The isolation of data in background service and database, background service provide, modification newly-increased according to tenant identification, delete,
Inquire the various services of tenant and its business information;Offer is quick to the Encrypt and Decrypt algorithm of tenant's information, danger in general utility tool class
Feel filtering, the method for verifying authority etc. of character;In database tenant's information and tenant's authority information with business datum scheme grades
It is not isolated;Business datum passes through tenant identification logic isolation.
By taking tenant A as an example:
1, domain name addresses of the tenant A in browser address bar input distribution.
2, by parsing configuration, nginx server forwards the request to the privately owned personalization system Web Server of tenant A
1。
3, the service that Web Server 1 calls Base Server to provide.
4, the identity of the tenant A for the encryption that Base Server service parsing Web Server 1 is transmitted, and return to rent
Data in the A permission of family, finally are presented to tenant A.
Application system program isolation of the present invention, not only improves security of system, also can satisfy tenant's individual demand;
Service, Database vendors realize mathematical logic isolation, reduce tenant's acquisition cost and technology complexity.
Framework goes to the application system for distributing to each tenant by nginx reverse proxy mechanism.
The service that each Tenant system calls is shared, Database vendors, and realizes the logic isolation of data.
The foregoing is merely presently preferred embodiments of the present invention, is only used to illustrate the technical scheme of the present invention, and is not intended to limit
Determine protection scope of the present invention.Any modification, equivalent substitution, improvement and etc. done all within the spirits and principles of the present invention,
It is included within the scope of protection of the present invention.
Claims (8)
1. a kind of Implementation Technology of multi-tenant mode, which is characterized in that
The corresponding domain name of distribution application system is required according to tenant first, tenant accesses the application system for distributing to oneself;Secondly
Nginx is jumped to according to the url of request parsing and is distributed in the correspondence application system that tenant uses;Application system is called altogether again
The core business service enjoyed;Finally service returns to the data in tenant's permission, is presented to tenant.
2. the method according to claim 1, wherein
It in the implementation mainly include three parts: number in nginx reverse proxy, personalized application system, background service and database
According to isolation.
3. according to the method described in claim 2, it is characterized in that,
The Nginx reverse proxy realizes the reverse proxy function of nginx server by configuring nginx;So that different rent
The application system of oneself is distributed to by different domain name access in family.
4. the method according to claim 1, wherein
The personalized application system realizes Tenant system functional unit using the mvc light weight level framework of current java web
Change, Development of Modular, the individual demand of quick response tenant meets tenant's personal needs.
5. according to the method described in claim 4, it is characterized in that,
Personalized application system is isolated between tenant, i.e., oneself privately owned application system of each tenant.
6. according to the method described in claim 5, it is characterized in that,
To the sensitive information of tenant, system has carried out encryption;Security solution filtering is executed to additional character.
7. according to the method described in claim 2, it is characterized in that,
The isolation of data in the background service and database, background service provide, modification newly-increased according to tenant identification, delete,
Inquire the various services of tenant and its business information.
8. the method according to the description of claim 7 is characterized in that
Encrypt and Decrypt algorithm to tenant's information, the filtering of dangerous sensitive character, method for verifying authority are provided in general utility tool class;
Tenant's information and tenant's authority information are isolated with business datum scheme rank in database;Business datum is patrolled by tenant identification
Collect isolation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910145264.9A CN109951530A (en) | 2019-02-27 | 2019-02-27 | A kind of Implementation Technology of multi-tenant mode |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910145264.9A CN109951530A (en) | 2019-02-27 | 2019-02-27 | A kind of Implementation Technology of multi-tenant mode |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109951530A true CN109951530A (en) | 2019-06-28 |
Family
ID=67007748
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910145264.9A Pending CN109951530A (en) | 2019-02-27 | 2019-02-27 | A kind of Implementation Technology of multi-tenant mode |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109951530A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110825358A (en) * | 2019-11-22 | 2020-02-21 | 广联达科技股份有限公司 | Multi-level system configuration service design method based on preorder priority matching rule |
| CN111314491A (en) * | 2020-03-27 | 2020-06-19 | 北京尚医智信健康管理有限公司 | Cross-tenant data interaction method and device, server cluster and medium |
| CN111506411A (en) * | 2020-04-21 | 2020-08-07 | 北京思特奇信息技术股份有限公司 | Multi-tenant service management method and system |
| CN111861140A (en) * | 2020-06-28 | 2020-10-30 | 微民保险代理有限公司 | Service processing method, device, storage medium and electronic device |
| CN112035213A (en) * | 2020-08-28 | 2020-12-04 | 北京白龙马云行科技有限公司 | Multi-tenant network car booking system and dynamic isolation method |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708316A (en) * | 2012-04-19 | 2012-10-03 | 北京华胜天成科技股份有限公司 | Method for isolating data in multi-tenant architecture |
| CN103544319A (en) * | 2013-11-06 | 2014-01-29 | 浪潮(北京)电子信息产业有限公司 | Multi-tenant database sharing method and multi-tenant database as-a-service system |
| US20140344323A1 (en) * | 2013-03-15 | 2014-11-20 | Reactor8 Inc. | State-based configuration management for distributed systems |
-
2019
- 2019-02-27 CN CN201910145264.9A patent/CN109951530A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102708316A (en) * | 2012-04-19 | 2012-10-03 | 北京华胜天成科技股份有限公司 | Method for isolating data in multi-tenant architecture |
| US20140344323A1 (en) * | 2013-03-15 | 2014-11-20 | Reactor8 Inc. | State-based configuration management for distributed systems |
| CN103544319A (en) * | 2013-11-06 | 2014-01-29 | 浪潮(北京)电子信息产业有限公司 | Multi-tenant database sharing method and multi-tenant database as-a-service system |
Non-Patent Citations (2)
| Title |
|---|
| LIUWENJIE517333813: "一种多租户系统架构", 《CSDN》 * |
| 尤晓青: "SaaS网管系统多租户数据管理的研究与实现", 《中国优秀硕士学位论文全文数据库信息科技辑(月刊)2018年第06期》 * |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110825358A (en) * | 2019-11-22 | 2020-02-21 | 广联达科技股份有限公司 | Multi-level system configuration service design method based on preorder priority matching rule |
| CN110825358B (en) * | 2019-11-22 | 2023-07-21 | 广联达科技股份有限公司 | Multi-level system configuration service design method based on preamble priority matching rule |
| CN111314491A (en) * | 2020-03-27 | 2020-06-19 | 北京尚医智信健康管理有限公司 | Cross-tenant data interaction method and device, server cluster and medium |
| CN111314491B (en) * | 2020-03-27 | 2022-07-08 | 北京尚医智信健康管理有限公司 | Cross-tenant data interaction method and device, server cluster and medium |
| CN111506411A (en) * | 2020-04-21 | 2020-08-07 | 北京思特奇信息技术股份有限公司 | Multi-tenant service management method and system |
| CN111861140A (en) * | 2020-06-28 | 2020-10-30 | 微民保险代理有限公司 | Service processing method, device, storage medium and electronic device |
| CN112035213A (en) * | 2020-08-28 | 2020-12-04 | 北京白龙马云行科技有限公司 | Multi-tenant network car booking system and dynamic isolation method |
| CN112035213B (en) * | 2020-08-28 | 2023-02-10 | 北京白龙马云行科技有限公司 | Multi-tenant network car booking system and dynamic isolation method |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109951530A (en) | A kind of Implementation Technology of multi-tenant mode | |
| CN109522735B (en) | Data permission verification method and device based on intelligent contract | |
| CN104050401B (en) | Method for managing user right and system | |
| CN109447811A (en) | Method, accounting nodes and the medium of Transaction Information are inquired in block chain network | |
| US8990896B2 (en) | Extensible mechanism for securing objects using claims | |
| EP2706700A1 (en) | Computer account management system and implementation method thereof | |
| CN109643242A (en) | Safe design and framework for multi-tenant HADOOP cluster | |
| CN106685771A (en) | Unified access method for all service channels of electric power marketing | |
| CN104769908A (en) | LDAP-based multi-tenant in-cloud identity management system | |
| US20120215809A1 (en) | Search mediation system | |
| SG181621A1 (en) | Unified user login for co-location facilities | |
| CN109684375A (en) | Method, accounting nodes and the medium of Transaction Information are inquired in block chain network | |
| CN103049684A (en) | Data authority control method and data authority control system based on RBAC (role-based access control) model extension | |
| CN101287018A (en) | Integrated data-handling method and device based on multi-system user | |
| JP2019074994A (en) | Information processing device, information processing system, and program | |
| US20210133760A1 (en) | Multi-factor authentication for business to consumer transactions | |
| Ilanchezhian et al. | To improve the current security model and efficiency in cloud computing using access control matrix | |
| KR20110063025A (en) | System for managing service user information, method for acquiring and managing of service user information | |
| Panina et al. | Analysis of the applicability of blockchain technology in tourism | |
| JP2007072811A (en) | Information processor and information processing method for processing procedure concerning insurance claim | |
| Ahmad et al. | Tokenization based service model for cloud computing environment | |
| CN110555662A (en) | Configurable technical support system for electricity selling company | |
| KR20000050210A (en) | The method and system to serve management of a apartment, through a internet | |
| US20240095720A1 (en) | Automatic token wallet generation | |
| CN106453591A (en) | Third-party integrated Internet open service platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190628 |
|
| RJ01 | Rejection of invention patent application after publication |