作者:吳汶澤
在進(jìn)行多租戶架構(gòu)(Multi-tenancy)實(shí)現(xiàn)之前,先了解一下相關(guān)的定義吧:
什么是多租戶
多租戶技術(shù)或稱多重租賃技術(shù)来吩,簡(jiǎn)稱SaaS脓恕,是一種軟件架構(gòu)技術(shù)模软,是實(shí)現(xiàn)如何在多用戶環(huán)境下(此處的多用戶一般是面向企業(yè)用戶)共用相同的系統(tǒng)或程序組件,并且可確保各用戶間數(shù)據(jù)的隔離性。
簡(jiǎn)單講:在一臺(tái)服務(wù)器上運(yùn)行單個(gè)應(yīng)用實(shí)例垮庐,它為多個(gè)租戶(客戶)提供服務(wù)。從定義中我們可以理解:多租戶是一種架構(gòu)坞琴,目的是為了讓多用戶環(huán)境下使用同一套程序哨查,且保證用戶間數(shù)據(jù)隔離。那么重點(diǎn)就很淺顯易懂了剧辐,多租戶的重點(diǎn)就是同一套程序下實(shí)現(xiàn)多用戶數(shù)據(jù)的隔離寒亥。
數(shù)據(jù)隔離方案
多租戶在數(shù)據(jù)存儲(chǔ)上存在三種主要的方案,分別是:
獨(dú)立數(shù)據(jù)庫(kù)
即一個(gè)租戶一個(gè)數(shù)據(jù)庫(kù)荧关,這種方案的用戶數(shù)據(jù)隔離級(jí)別最高溉奕,安全性最好,但成本較高忍啤。
優(yōu)點(diǎn):為不同的租戶提供獨(dú)立的數(shù)據(jù)庫(kù)加勤,有助于簡(jiǎn)化數(shù)據(jù)模型的擴(kuò)展設(shè)計(jì),滿足不同租戶的獨(dú)特需求同波;如果出現(xiàn)故障鳄梅,恢復(fù)數(shù)據(jù)比較簡(jiǎn)單。
缺點(diǎn):增多了數(shù)據(jù)庫(kù)的安裝數(shù)量未檩,隨之帶來(lái)維護(hù)成本和購(gòu)置成本的增加卫枝。
共享數(shù)據(jù)庫(kù),獨(dú)立 Schema
多個(gè)或所有租戶共享Database讹挎,但是每個(gè)租戶一個(gè)Schema(也可叫做一個(gè)user)校赤。底層庫(kù)比如是:DB2吆玖、ORACLE等,一個(gè)數(shù)據(jù)庫(kù)下可以有多個(gè)SCHEMA马篮。
優(yōu)點(diǎn):為安全性要求較高的租戶提供了一定程度的邏輯數(shù)據(jù)隔離沾乘,并不是完全隔離;每個(gè)數(shù)據(jù)庫(kù)可支持更多的租戶數(shù)量浑测。
缺點(diǎn):如果出現(xiàn)故障翅阵,數(shù)據(jù)恢復(fù)比較困難,因?yàn)榛謴?fù)數(shù)據(jù)庫(kù)將牽涉到其他租戶的數(shù)據(jù)迁央;
共享數(shù)據(jù)庫(kù)掷匠,共享 Schema,共享數(shù)據(jù)表
即租戶共享同一個(gè)Database岖圈、同一個(gè)Schema讹语,但在表中增加TenantID多租戶的數(shù)據(jù)字段。這是共享程度最高蜂科、隔離級(jí)別最低的模式顽决。
簡(jiǎn)單來(lái)講,即每插入一條數(shù)據(jù)時(shí)都需要有一個(gè)客戶的標(biāo)識(shí)导匣。這樣才能在同一張表中區(qū)分出不同客戶的數(shù)據(jù)才菠,這也是我們系統(tǒng)目前用到的(provider_id)
優(yōu)點(diǎn):三種方案比較,第三種方案的維護(hù)和購(gòu)置成本最低贡定,允許每個(gè)數(shù)據(jù)庫(kù)支持的租戶數(shù)量最多赋访。
缺點(diǎn):隔離級(jí)別最低,安全性最低缓待,需要在設(shè)計(jì)開(kāi)發(fā)時(shí)加大對(duì)安全的開(kāi)發(fā)量蚓耽;數(shù)據(jù)備份和恢復(fù)最困難,需要逐表逐條備份和還原命斧。
利用MybatisPlus實(shí)現(xiàn)
這里我們選用了第三種方案(共享數(shù)據(jù)庫(kù),共享 Schema嘱兼,共享數(shù)據(jù)表)來(lái)實(shí)現(xiàn)国葬,也就意味著,每個(gè)數(shù)據(jù)表都需要有一個(gè)租戶標(biāo)識(shí)(provider_id)
現(xiàn)在有數(shù)據(jù)庫(kù)表(user)如下:
將provider_id視為租戶ID芹壕,用來(lái)隔離租戶與租戶之間的數(shù)據(jù)汇四,如果要查詢當(dāng)前服務(wù)商的用戶,SQL大致如下:
SELECT * FROM user t WHERE t.name LIKE '%Tom%' AND t.provider_id = 1;
試想一下踢涌,除了一些系統(tǒng)共用的表以外通孽,其他租戶相關(guān)的表,我們都需要不厭其煩的加上AND t.provider_id = ?查詢條件睁壁,稍不注意就會(huì)導(dǎo)致數(shù)據(jù)越界背苦,數(shù)據(jù)安全問(wèn)題讓人擔(dān)憂互捌。
好在有了MybatisPlus這個(gè)神器,可以極為方便的實(shí)現(xiàn)多租戶SQL解析器行剂,官方文檔如下:
這里終于進(jìn)入了正題秕噪,開(kāi)始搭建一個(gè)極為簡(jiǎn)單的開(kāi)發(fā)環(huán)境吧!
新建SpringBoot環(huán)境
POM文件如下,主要集成了MybatisPlus以及H2數(shù)據(jù)庫(kù)(方便測(cè)試)
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.wuwenze</groupId>
<artifactId>mybatis-plus-multi-tenancy</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>mybatis-plus-multi-tenancy</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.0.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>com.google.guava</groupId>
<artifactId>guava</artifactId>
<version>19.0</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-boot-starter</artifactId>
<version>3.0.5</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus</artifactId>
<version>3.0.5</version>
</dependency>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-generator</artifactId>
<version>3.0.5</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
數(shù)據(jù)源配置(application.yml)
spring:
datasource:
driver-class-name: org.h2.Driver
schema: classpath:db/schema.sql
data: classpath:db/data.sql
url: jdbc:h2:mem:test
username: root
password: test
logging:
level:
com.wuwenze.mybatisplusmultitenancy: debug
對(duì)應(yīng)的H2數(shù)據(jù)庫(kù)初始化schema文件
#schema.sql
DROP TABLE IF EXISTS user;
CREATE TABLE user
(
id BIGINT(20) NOT NULL COMMENT '主鍵',
provider_id BIGINT(20) NOT NULL COMMENT '服務(wù)商ID',
name VARCHAR(30) NULL DEFAULT NULL COMMENT '姓名',
PRIMARY KEY (id)
);
#data.sql
INSERT INTO user (id, provider_id, name) VALUES (1, 1, 'Tony老師');
INSERT INTO user (id, provider_id, name) VALUES (2, 1, 'William老師');
INSERT INTO user (id, provider_id, name) VALUES (3, 2, '路人甲');
INSERT INTO user (id, provider_id, name) VALUES (4, 2, '路人乙');
INSERT INTO user (id, provider_id, name) VALUES (5, 2, '路人丙');
INSERT INTO user (id, provider_id, name) VALUES (6, 2, '路人丁');
MybatisPlus Config
基礎(chǔ)環(huán)境搭建完成厚宰,現(xiàn)在開(kāi)始配置MybatisPlus多租戶相關(guān)的實(shí)現(xiàn)腌巾。
1) 核心配置:TenantSqlParser
@Configuration
@MapperScan("com.wuwenze.mybatisplusmultitenancy.mapper")
public class MybatisPlusConfig {
private static final String SYSTEM_TENANT_ID = "provider_id";
private static final List<String> IGNORE_TENANT_TABLES = Lists.newArrayList("provider");
@Autowired
private ApiContext apiContext;
@Bean
public PaginationInterceptor paginationInterceptor() {
PaginationInterceptor paginationInterceptor = new PaginationInterceptor();
// SQL解析處理攔截:增加租戶處理回調(diào)。
TenantSqlParser tenantSqlParser = new TenantSqlParser()
.setTenantHandler(new TenantHandler() {
@Override
public Expression getTenantId() {
// 從當(dāng)前系統(tǒng)上下文中取出當(dāng)前請(qǐng)求的服務(wù)商ID铲觉,通過(guò)解析器注入到SQL中澈蝙。
Long currentProviderId = apiContext.getCurrentProviderId();
if (null == currentProviderId) {
throw new RuntimeException("#1129 getCurrentProviderId error.");
}
return new LongValue(currentProviderId);
}
@Override
public String getTenantIdColumn() {
return SYSTEM_TENANT_ID;
}
@Override
public boolean doTableFilter(String tableName) {
// 忽略掉一些表:如租戶表(provider)本身不需要執(zhí)行這樣的處理。
return IGNORE_TENANT_TABLES.stream().anyMatch((e) -> e.equalsIgnoreCase(tableName));
}
});
paginationInterceptor.setSqlParserList(Lists.newArrayList(tenantSqlParser));
return paginationInterceptor;
}
@Bean(name = "performanceInterceptor")
public PerformanceInterceptor performanceInterceptor() {
return new PerformanceInterceptor();
}
}
2) ApiContext
@Component
public class ApiContext {
private static final String KEY_CURRENT_PROVIDER_ID = "KEY_CURRENT_PROVIDER_ID";
private static final Map<String, Object> mContext = Maps.newConcurrentMap();
public void setCurrentProviderId(Long providerId) {
mContext.put(KEY_CURRENT_PROVIDER_ID, providerId);
}
public Long getCurrentProviderId() {
return (Long) mContext.get(KEY_CURRENT_PROVIDER_ID);
}
}
3) Entity撵幽、Mapper
@Data
@ToString
@Accessors(chain = true)
public class User {
private Long id;
private Long providerId;
private String name;
}
public interface UserMapper extends BaseMapper<User> {
}
單元測(cè)試
com.wuwenze.mybatisplusmultitenancy.MybatisPlusMultiTenancyApplicationTests
@Slf4j
@RunWith(SpringRunner.class)
@FixMethodOrder(MethodSorters.JVM)
@SpringBootTest(classes = MybatisPlusMultiTenancyApplication.class)
public class MybatisPlusMultiTenancyApplicationTests {
@Autowired
private ApiContext apiContext;
@Autowired
private UserMapper userMapper;
@Before
public void before() {
// 在上下文中設(shè)置當(dāng)前服務(wù)商的ID
apiContext.setCurrentProviderId(1L);
}
@Test
public void insert() {
User user = new User().setName("新來(lái)的Tom老師");
Assert.assertTrue(userMapper.insert(user) > 0);
user = userMapper.selectById(user.getId());
log.info("#insert user={}", user);
// 檢查插入的數(shù)據(jù)是否自動(dòng)填充了租戶ID
Assert.assertEquals(apiContext.getCurrentProviderId(), user.getProviderId());
}
@Test
public void selectList() {
userMapper.selectList(null).forEach((e) -> {
log.info("#selectList, e={}", e);
// 驗(yàn)證查詢的數(shù)據(jù)是否超出范圍
Assert.assertEquals(apiContext.getCurrentProviderId(), e.getProviderId());
});
}
}
運(yùn)行結(jié)果
2018-11-29 21:07:14.262 INFO 18688 --- [ main] .MybatisPlusMultiTenancyApplicationTests : Started MybatisPlusMultiTenancyApplicationTests in 2.629 seconds (JVM running for 3.904)
2018-11-29 21:07:14.554 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.insert : ==> Preparing: INSERT INTO user (id, name, provider_id) VALUES (?, ?, 1)
2018-11-29 21:07:14.577 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.insert : ==> Parameters: 1068129257418178562(Long), 新來(lái)的Tom老師(String)
2018-11-29 21:07:14.577 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.insert : <== Updates: 1
Time:0 ms - ID:com.wuwenze.mybatisplusmultitenancy.mapper.UserMapper.insert
Execute SQL:INSERT INTO user (id, name, provider_id) VALUES (?, ?, 1) {1: 1068129257418178562, 2: STRINGDECODE('\u65b0\u6765\u7684Tom\u8001\u5e08')}
2018-11-29 21:07:14.585 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.selectById : ==> Preparing: SELECT id, provider_id, name FROM user WHERE user.provider_id = 1 AND id = ?
2018-11-29 21:07:14.595 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.selectById : ==> Parameters: 1068129257418178562(Long)
2018-11-29 21:07:14.614 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.selectById : <== Total: 1
2018-11-29 21:07:14.615 INFO 18688 --- [ main] .MybatisPlusMultiTenancyApplicationTests : #insert user=User(id=1068129257418178562, providerId=1, name=新來(lái)的Tom老師)
Time:19 ms - ID:com.wuwenze.mybatisplusmultitenancy.mapper.UserMapper.selectById
Execute SQL:SELECT id, provider_id, name FROM user WHERE user.provider_id = 1 AND id = ? {1: 1068129257418178562}
2018-11-29 21:07:14.626 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.selectList : ==> Preparing: SELECT id, provider_id, name FROM user WHERE user.provider_id = 1
Time:0 ms - ID:com.wuwenze.mybatisplusmultitenancy.mapper.UserMapper.selectList
Execute SQL:SELECT id, provider_id, name FROM user WHERE user.provider_id = 1
2018-11-29 21:07:14.629 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.selectList : ==> Parameters:
2018-11-29 21:07:14.630 DEBUG 18688 --- [ main] c.w.m.mapper.UserMapper.selectList : <== Total: 3
2018-11-29 21:07:14.632 INFO 18688 --- [ main] .MybatisPlusMultiTenancyApplicationTests : #selectList, e=User(id=1, providerId=1, name=Tony老師)
2018-11-29 21:07:14.632 INFO 18688 --- [ main] .MybatisPlusMultiTenancyApplicationTests : #selectList, e=User(id=2, providerId=1, name=William老師)
2018-11-29 21:07:14.632 INFO 18688 --- [ main] .MybatisPlusMultiTenancyApplicationTests : #selectList, e=User(id=1068129257418178562, providerId=1, name=新來(lái)的Tom老師)
從打印的日志不難看出灯荧,這個(gè)方案相當(dāng)完美,僅需簡(jiǎn)單的配置并齐,讓開(kāi)發(fā)者完全忽略了(provider_id)字段的存在漏麦,同時(shí)又最大程度的保證了數(shù)據(jù)的安全性,可謂是一舉兩得况褪!
