partitioning resources and users
I am building spring based system where in the requirement is that the users of group A are kept i开发者_Python百科n one set of machines and users of group B are in another set of machines. The servers for group A will hold data for only those groups users and same for the other group. I currently envision a authentication/redirector service (login service) which will redirect users to the correct servers. So the users could all come to login.example.com and be redirected to a.example.com and b.example.com
The thing is that it should be possible to seamlessly migrate a user from group A to group B and if a user wants to belong to group A and B it must be somehow possible.
I have been looking out for OAuth and some "hackey" ways of doing it but would like to know how this problem is handled by others.
If you have an architecture where you have seperate web servers and application servers then you can use the load balancing features of your web server to direct users to the appropriate application server.
Load balancing can be performed on a variety of properties of a HTTP request (it depends on the load balancing software you use) such as a HTTP header, request parameter etc. If you balance on a header value this allows you use a cookie to determine which application server the user is directed to.
This is my suggestion (you might be able to do it in another way) As you can assign a user to any of those servers I assume
- You need a central database to keep your users/passwords.
- In that users database you will need another table to define the membership of each user
- Use spring security to authenticate user. (you can use different authentication mechanisms here)
- in each server add a property file that defines the server number(ID)
- inject that resource into your spring context
- user declarative authorization in your code to make sure that the user belongs to the same group as the server ID provided in item 4
精彩评论