+1 for that.. Only downside - tenant is loaded not on demand.. Another approach is..
Currently the tenant is loaded by looking at the URL.. say for example - if the url says - /t/wso2.com - this will make wso2.com to be loaded if it is not loaded already. The issue with authentication is - we do not know the tenant of the user from the URL. But client (say the UI which accepts user credentials) knows the tenant of the user - by the user name (but the backend cannot derive it - as the user names comes in different places in different scenarios).. So - what client can do is - in authentication calls - we send the tenant domain of the user in an http header - say tenat_domain. Now - the interceptor will look in to the URL (most of the cases) and if no tenant info not there will look in to the tenat_domain http header and load the corresponding tenant.. Thanks & regards, -Prabath On Thu, Sep 26, 2013 at 5:10 PM, Afkham Azeez <[email protected]> wrote: > Hmm... very interesting problem :) > > What we could do is this... > > We can implement a LoadTenant Cluster message. When that is received, all > nodes would load the tenants. We can get depsync to follow. That way, every > node will properly load the new user stores. IS can send this message. > > Azeez > > > On Thu, Sep 26, 2013 at 4:56 PM, Pushpalanka Jayawardhana > <[email protected]>wrote: > >> Hi, >> >> This with regard to the issue [1], which is a known issue in IS 4.5.0. >> >> Issue reproduced with following steps. >> Set up cluster with two IS nodes (Depsync enabled). >> Create a tenant(wso2.com) >> Wait till the tenant is unloaded in the worker node >> Add a secondary user store in master node >> Add a user(user1) to secondary user store in master node >> Try to login from master node, it allows >> Try to login from this user([email protected]) in worker node, it fails >> Login as tenant admin and then try to login as user. it allows >> >> >> So as the tenant is unloaded in the worker node, it does not check out >> the added user store configuration from the SVN repo, hence users in that >> user store can not login at worker node. >> >> Following log can be seen in worker node, >> {org.wso2.carbon.core.deployment.SynchronizeRepositoryRequest} - >> Received [SynchronizeRepositoryRequest{tenantId=3, tenantDomain='win.com', >> messageId=203837d4-576b-4929-a0a1-e5efccf15b01} >> INFO {org.wso2.carbon.core.deployment.SynchronizeRepositoryRequest} - >> Tenant is not loaded. >> >> Is there a possibility to load the tenant at this cluster message receipt >> (if we can check whether it's to sync user stores, to avoid loading tenant >> at each receipt of cluster message), so that user stores will be checked >> out at a fair cost? >> >> Great to know any better ways to handle this and know your ideas. >> >> >> [1] - https://wso2.org/jira/browse/IDENTITY-1824 >> >> Thanks, >> >> Pushpalanka Jayawardhana >> >> Software Engineer >> >> WSO2 Lanka (pvt) Ltd >> [image: >> Facebook]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.facebook.com%2Fpushpalanka> >> [image: >> Twitter]<http://s.wisestamp.com/links?url=http%3A%2F%2Ftwitter.com%2FPushpalanka> >> [image: >> LinkedIn]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.linkedin.com%2Fprofile%2Fview%3Fid%3D75175642%26trk%3Dtab_pro> >> [image: >> Blogger]<http://s.wisestamp.com/links?url=http%3A%2F%2Fpushpalankajaya.blogspot.com%2F> >> [image: >> SlideShare]<http://s.wisestamp.com/links?url=http%3A%2F%2Fwww.slideshare.net%2FPushpalanka> >> Mobile: +94779716248 >> > > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>** > email: **[email protected]* <[email protected]>* cell: +94 77 3320919 > blog: **http://blog.afkham.org* <http://blog.afkham.org>* > twitter: **http://twitter.com/afkham_azeez*<http://twitter.com/afkham_azeez> > * > linked-in: **http://lk.linkedin.com/in/afkhamazeez* > * > * > *Lean . Enterprise . Middleware* > -- Thanks & Regards, Prabath Mobile : +94 71 809 6732 http://blog.facilelogin.com http://RampartFAQ.com
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
