Hello Wagner,
I am looking for a documentation for TSparkleTenantMiddleware with overview and all properties.
Is there such a thing?
I want to use multitenancy with JW Claim.
Best regards
Thomas
I have a lot of trouble finding the right way to handle it.
Demos and simple tests work perfectly, but incorporating all of that into a large project requires more knowledge. I can't find it.
Example:
In my server I use database queries internally (Aurelius).
For this I set this:
FAureliusObjectManager := TObjectManager.Create( FDBConnection, TMappingExplorer.Get( sys.ModelName));
FAureliusObjectManager.EnableFilter( 'TenantFilter').SetParam( 'tenant', cSysTenant);
But that doesn't work if the server receives calls via XData.
There I have
ObjManager := TXDataOperationContext.Current.GetManager;
-- do I have to set the filters again every time? --
Why do I have to set EnableFilter().SetParam( ParamName, ParamValue) if the ParamValue is only sent with the XData call?
Background:
(I always talk about XData with Aurelius.)
All tables have a tenant entry so that the program is multi-tenant capable. (With a few exceptions for the system tables).
Queries are carried out in 3 different ways.
- Internal queries that the service uses. (Without external calls).
- Calls via XData GET/POST/...
- Calls to service functions (I then have to use TXDataOperationContext.Current.GetManager there.)
The tenant filter must be effective everywhere and at all times.
How often and where do I have to set it?
I just need a bit more documentation on this.
Documentation on the interaction of Aurelius, Sparkle, XData in this functionality.
Thomas, in the case of your specific question, it's rather simple.
You always have to call the EnableFilter if you want queries to be filtered by tenant.
When you create the TObjectManager yourself, like in your first example, yes, you are able (and must) call EnableFilter yourself.
When you use a TObjectManage instance provided by XData (your second example), then the filter must be enabled in that manager as well. For that, you have the OnManagerCreated event which is called for each and every TObjectManager instance that XData creates. In such event, you have the opportunity to call EnableFilter as well.
Here is the reference for that in documentation:
https://doc.tmssoftware.com/biz/xdata/guide/events.html#onmanagercreate-event
Ok, thank you.
Do I then have to read the value for the filter myself?
Depending on whether it is passed as a header or JWT claim?
I suspect that the automatic function only works for the internal GET/PUT/POST calls. Is that correct?
Aren't you doing that already for the situations where you are creating the TObjectManager yourself?
Depending on whether it is passed as a header or JWT claim?
That's what the tenant middleware is for. If "extracts" the tenant id from several places possible places you predefine in advance, and then set the ITenant interface in Sparkle context. You can then just check for such interface to read the tenant id.
The master class about multi-tenant has several details about the process:
More specifically, there is a chapter about tenant middleware:
OK, if I am in a service function, I call this function, for example:
function TdmServer.GetXOCObjectManager: TObjectManager;
begin
Result := TXDataOperationContext.Current.GetManager;
Result.EnableFilter( 'TenantFilter').SetParam( 'tenant', {Get the tenant from the JWT Claim or from the http Header});
end;
The question is, do I read the user claim or the header myself or can I access a finished evaluation?
The middleware works perfectly as soon as I work with XDataClient.Get/POST/, on a table but not when I make a service call (WebClient.RawInvoke). (Or not?)
I can do it and it works.
The question is, DO I HAVE to do it this way?
Hello Wagner,
I found the Information in Video BIZ0510.
If I use the OnManagerCreate event, I have the parameter Args, that I can use.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.