I want to create a multi user api, where users log in to a restful service and have their own space for say a booking class. Bookings are not shared between users.
I'm struggling to understand what the best pattern is to create this, while utilizing as much as possible of the magic of spring boot.
I'm using Spring Boot JPA and defining a User and Booking class with @Entity.
My booking then references this user class. However is there a way I can use @RepositoryRestResource or a similar annotation to automatically isolate data models for each user then use Spring Security to secure the CRUD endpoint or do I need to create my own @RestResponse that looks up users based on their Authorization and then create a findByUser method to perform the isolation?
(note i'm new to Spring, Spring Boot etc)
Edit: it's been suggested I look into ACLs, but i'm struggling to find good SIMPLE resources explaining how they work
If you really have isolated data for each user and you want a transparent mechanism to be able to select or update only the data you are allowed to see you should look T eclipselink's multitenancy support.
http://wiki.eclipse.org/EclipseLink/Development/Indigo/Multi-Tenancy
Here is a question with accepted answer about setting this up in spring-data-jpa Multi tenancy with spring data jpa and eclipselink
Also hibernate seems to have support for multitenancy http://docs.jboss.org/hibernate/orm/5.0/userGuide/en-US/html_single/#d5e3197
But keep in mind that queries on multitenancy enabled entities are then always filtered by the tenant id - so the separation is quite strict.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With