You can also handle multi-tenancy via an your access control mechanism, this is where I choose to handle multi-tenancy access requirements. -- Jim Manico @Manicode (808) 652-3805
> On Apr 23, 2014, at 6:40 AM, Alex White <[email protected]> wrote: > > Dear Les et al, > > I'm building a multi tenant saas servlet app, where everyone gets to use > their preferred domain name with the app. > > Although I had a very good look at the shiro-multitenant-sample, I chose > not to use the ThreadLocal / Filter based approach in my app, because imho > it seemed to be not the best bolt-on to Shiro's otherwise clean design. > > Instead in my custom realm, I inspect the UsernamePassword token in the > doGetAuthenticationInfo() for the hostname and pass that as part of my > database query, which this thread seems to suggest is ok: > http://shiro-user.582556.n2.nabble.com/Integrating-Shiro-Am-i-writing-too-much-code-td6048755.html > > Now, I've started implementing a custom CacheManager so that users can stay > logged into the site over long periods of time, and I just realized that > there would be a security flaw if I did this. > Eg. Users could potentially migrate their session between tenants. > I don't think that's optimal for a security related framework; I could see > others easily making the same mistake. I have a feeling this could be a > potential bug with Shiro's DefaultSessionManagers. > > Anyway to wrap up, I'd really like to see first class multitenant support > in shiro. I think the obvious design is the right one, and a simple string > or long integer (that can be mapped to a tenant) be passed around the user > facing APIs. So I'd like to know: > > 1) If I make the change in Shiro, will you incorporate the patch? I need > this urgently, so if you tell me how you would want it done, I will do > exactly what you want. > > 2) Also, if you can give feedback about how I can achieve my goal with the > current framework that would be great. I want #1 regardless, but if I'm > mistaken about the security bug then your thoughts on how I can achieve my > goal (long term multitenant sessions) would also be a huge help. > > Thanks, > Alex
