incubator-sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andreas Schaefer (Confluence)" <conflue...@apache.org>
Subject [CONF] Apache Sling > Multitenancy Support Integration
Date Mon, 24 Feb 2014 16:36:00 GMT
<html>
    <head>
        <meta name="viewport" content="width=device-width" />
        <base href="https://cwiki.apache.org/confluence" />
        <style type="text/css">
    body, #email-content, #email-content-inner { font-family: Arial,FreeSans,Helvetica,sans-serif;
}
    body, p, blockquote, pre, code, td, th, li, dt, dd { font-size: 13px; }
    small { font-size: 11px; }

    body { width:100% !important; -webkit-font-smoothing: antialiased; }

    body,
    #email-wrapper { background-color: #f0f0f0; }
    #email-wrapper-inner { padding: 20px; text-align: center; }
    #email-content-inner { background-color: #fff; border: 1px solid #bbb; color: $menuTxtColour;
padding:20px; text-align:left; }
    #email-wrapper-inner > table { width: 100%; }
    #email-wrapper-inner.thin > table { margin: 0 auto; width: 50%; }
    #email-footer { padding: 0 16px 32px 16px; margin: 0; }

    .email-indent { margin: 8px 0 16px 0; }
    .email-comment { margin: 0 0 0 56px; }
    .email-comment.removed { background-color: #ffe7e7; border: 1px solid #df9898; padding:
0 8px;}

    #email-title-avatar { text-align: left; vertical-align: top; width: 48px; padding-right:
8px; }
    #email-title-flavor { margin: 0; padding: 0 0 4px 0; }
    #email-title-heading { font-size: 16px; line-height: 20px; min-height: 20px; margin: 0;
padding: 0; }
    #email-title .icon { border: 0; padding: 0 5px 0 0; text-align: left; vertical-align:
middle; }

    #email-actions { border-top: 1px solid #bbb; color: #505050; margin: 8px 0 0 0; padding:
0; }
    #email-actions td { padding-top: 8px; }
    #email-actions .left { max-width: 45%; text-align: left; }
    #email-actions .right { text-align: right; }
    .email-reply-divider { border-top: 1px solid #bbb; color: #505050; margin: 32px 0 8px
0; padding: 8px 0; }
    .email-section-title { border-bottom: 1px solid #bbb; margin: 8px 0; padding: 8px 0 0
0; }

    .email-metadata { color: #505050; }

    a { color: #326ca6; text-decoration: none; }
    a:hover { color: #336ca6; text-decoration: underline; }
    a:active {color: #326ca6; }

    a.email-footer-link { color: #505050; font-size: 11px; }

    .email-item-list { list-style: none; margin: 4px 0; padding-left: 0; }
    .email-item-list li { list-style: none; margin: 0; padding: 4px 0; }
    .email-list-divider { color: #505050; padding: 0 0.35em; }
    .email-operation-icon { padding-right: 5px; }

    .avatar { -ms-interpolation-mode: bicubic; border-radius: 3px;}
    .avatar-link { margin: 2px; }

    .tableview th { border-bottom: 1px solid #69C; font-weight: bold; text-align: left; }
    .tableview td { border-bottom: 1px solid #bbbbbb; text-align: left; padding: 4px 16px
4px 0; }

    .aui-message {  margin: 1em 0; padding: 8px; }
    .aui-message.info { background-color: #e0f0ff; border: 1px solid #9eb6d4; }
    .aui-message.success { background-color: #ddfade; border: 1px solid #93c49f; }
    .aui-message.error,
    .aui-message.removed { background-color: #ffe7e7; border: 1px solid #df9898; color: #000;
}

    .call-to-action-table { margin: 10px 1px 1px 1px;}
    .call-to-cancel-container, .call-to-action-container { padding: 5px 20px; }
    .call-to-cancel-container { border: 1px solid #aaa; background-color: #eee; border-radius:
3px; }
    .call-to-cancel-container a.call-to-cancel-button { background-color: #eee; font-size:
14px; line-height: 1; padding: 0; margin: 0; color: #666; font-family: sans-serif;}
    .call-to-action-container { border: 1px solid #486582;  background-color: #3068A2; border-radius:
3px; padding: 4px 10px; }
    .call-to-action-container a.call-to-action-button { background-color: #3068A2; font-size:
14px; line-height: 1; padding: 0; margin: 0; color: #fff; font-weight: bold; font-family:
sans-serif; }

    /** The span around the inline task checkbox image */
    .diff-inline-task-overlay {
        display: inline-block;
        text-align: center;
        height: 1.5em;
        padding: 5px 0px 1px 5px;
        margin-right: 5px;
        /** Unfortunately, the negative margin-left is stripped out in gmail */
        margin-left: -5px;
    }

            @media handheld, only screen and (max-device-width: 480px) {
        div, a, p, td, th, li, dt, dd { -webkit-text-size-adjust: auto; }
        small, small a { -webkit-text-size-adjust: 90%; }

        td[id=email-wrapper-inner] { padding: 2px !important; }
        td[id=email-content-inner] { padding: 8px !important; }
        td[id="email-wrapper-inner"][class="thin"] > table { text-align: left !important;
width: 100% !important; }
        td[id=email-footer] { padding: 8px 12px !important; }
        div[class=email-indent] { margin: 8px 0px !important; }
        div[class=email-comment] { margin: 0 !important; }

        p[id=email-title-flavor] a { display: block; } /* puts the username and the action
on separate lines */
        p[id=email-permalink] { padding: 4px 0 0 0 !important; }

        table[id=email-actions] td { padding-top: 0 !important; }
        table[id=email-actions] td.right { text-align: right !important; }
        table[id=email-actions] .email-list-item { display: block; margin: 1em 0 !important;
word-wrap: normal !important; }
        span[class=email-list-divider] { display: none; }
    }



        </style>
    </head>
    <body style="font-family: Arial, FreeSans, Helvetica, sans-serif; font-size: 13px;
width: 100%; -webkit-font-smoothing: antialiased; background-color: #f0f0f0">
        <table id="email-wrapper" width="100%" cellspacing="0" cellpadding="0" border="0"
style="background-color: #f0f0f0">
            <tbody>
                <tr valign="middle">
                    <td id="email-wrapper-inner" style="font-size: 13px; padding: 20px;
text-align: center">
                        <table id="email-content" cellspacing="0" cellpadding="0" border="0"
style="font-family: Arial, FreeSans, Helvetica, sans-serif; width: 100%">
                            <tbody>
                                <tr valign="top">
                                    <td id="email-content-inner" align="left" style="font-family:
Arial, FreeSans, Helvetica, sans-serif; font-size: 13px; background-color: #fff; border: 1px
solid #bbb; padding: 20px; text-align: left">
                                        <table id="email-title" cellpadding="0" cellspacing="0"
border="0" width="100%">
                                            <tbody>
                                                <tr>
                                                    <td id="email-title-avatar" rowspan="2"
style="font-size: 13px; text-align: left; vertical-align: top; width: 48px; padding-right:
8px"> <img class="avatar" src="cid:avatar_58fcc399ec7936aaac44cd6fe7e6af00" border="0"
height="48" width="48" style="-ms-interpolation-mode: bicubic; border-radius: 3px" /> </td>
                                                    <td valign="top" style="font-size:
13px">
                                                        <div id="email-title-flavor" class="email-metadata"
style="margin: 0; padding: 0 0 4px 0; color: #505050">
                                                            <a href="    https://cwiki.apache.org/confluence/display/~schaefera
" style="color:#326ca6;text-decoration:none;; color: #326ca6; text-decoration: none">Andreas
Schaefer</a> created a page:
                                                        </div> </td>
                                                </tr>
                                                <tr>
                                                    <td valign="top" style="font-size:
13px"> <h2 id="email-title-heading" style="font-size: 16px; line-height: 20px; min-height:
20px; margin: 0; padding: 0"> <a href="https://cwiki.apache.org/confluence/display/SLING/Multitenancy+Support+Integration"
style="color: #326ca6; text-decoration: none"> <img class="icon" src="cid:page-icon"
alt="" style="border: 0; padding: 0 5px 0 0; text-align: left; vertical-align: middle" />
<strong style="font-size:16px;line-height:20px;vertical-align:top;">Multitenancy Support
Integration</strong> </a> </h2> </td>
                                                </tr>
                                            </tbody>
                                        </table>
                                        <div class="email-indent" style="margin: 8px 0
16px 0">
                                            <div class="email-page">
                                                <h1 id="MultitenancySupportIntegration-TenantIntegration">Tenant
Integration</h1>
                                                <h2 id="MultitenancySupportIntegration-Introduction">Introduction</h2>
                                                <p style="font-size: 13px">Like with
tenants in an apparment complex tenants in Sling are <em>users</em> that have
their own space but share common amnemities like an elevator, laundry room and so on.<br
/>Now for Sling <strong>Tenants</strong>&nbsp;mean severals things and
this document wants to document them, their use cases and look for an implementation of the
requirements in Sling.</p>
                                                <p style="font-size: 13px">Currently
there is a <strong>Tenant</strong>&nbsp;module in the <strong>contrib/extensions</strong>&nbsp;package
which provides the following:</p>
                                                <ul>
                                                    <li style="font-size: 13px">Tenant</li>
                                                    <li style="font-size: 13px">Tenant
Manager and Provider interface</li>
                                                    <li style="font-size: 13px">TenantProviderImpl
that implements the Tenant Manager and Provider Interface</li>
                                                    <li style="font-size: 13px">TenantAdapterFactory
which can adapt a Resource or Resource Resolver to a Tenant</li>
                                                    <li style="font-size: 13px">Tenant
Customizer interface that lets a client add a service to further customize a Tenant during
creation and clean up during removal</li>
                                                </ul>
                                                <p style="font-size: 13px">This package
provides the basics but does not provide any implementation a multi-teant aware server. There
are also parts of the proposal missing like providing the Tenant on the Sling Http Servlet
Request.</p>
                                                <h2 id="MultitenancySupportIntegration-TenantDefinition">Tenant
Definition</h2>
                                                <p style="font-size: 13px">A full fledged
Tenant implementation would allow the Sling host to create a tenant, create group(s) / users(s)
to login as **tenant developer** on the site and provide a tenant specific view to the public.
This includes the following features:</p>
                                                <ol>
                                                    <li style="font-size: 13px"> <strong>Visibility</strong>:
A tenant developer and the public tenant viewer only see the tenant space and don't have access
to other tenants</li>
                                                    <li style="font-size: 13px"> <strong>Customization</strong>:
The Sling host can provide basic frameworks which then tenant then can overlay with its own
customization which includes:
                                                        <ol>
                                                            <li style="font-size: 13px">
<strong>Code</strong>: ESPs, JSPs and Servlets can be overlaid by a tenant to
provide its own view</li>
                                                            <li style="font-size: 13px">
<strong>I18N</strong>: Tenants must be able to overlay the Internationalization
so that they can provide and use their own translations</li>
                                                            <li style="font-size: 13px">
<strong>Content</strong>: Most tenants will provide their own content but the
host might provide some common content so there must be a way to fall back onto common content.</li>
                                                            <li style="font-size: 13px">
<strong>Discovery</strong>: A tenant must be discovered based on various data
like the logged in user, resource path, sub domain name, cookie (a service outside of Sling
is setting a tenant cookie) and others. This is especially important for the public view but
also for administrators which might want to see a particular tenant view without impersonating</li>
                                                        </ol> </li>
                                                    <li style="font-size: 13px"> <strong>Configuration</strong>:
Sling should provide a way to setup a tenant in a simple step. For that Sling should provide
its own Tenant Customizer which creates the necessary paths, groups / users and content folders.</li>
                                                </ol>
                                                <p style="font-size: 13px">&nbsp;</p>
                                                <h2 id="MultitenancySupportIntegration-Implementation">Implementation</h2>
                                                <p style="font-size: 13px">&nbsp;</p>
                                                <p style="font-size: 13px"> <strong>Visibility</strong>&nbsp;can
be accomplished by access permission for the **developer** and through Path Mapping for the
public view.</p>
                                                <p style="font-size: 13px"> <strong>Customization</strong>&nbsp;needs
a per-call extension of the Resource Resolver's Search Path. Currently the Search Path is
provided from the Resource Resolver Factory which is a system-wide setting delivering the
same resource. Tenants require an independent view of other tenants and therefore needs to
have their own Search Path so that the Resource Resolver can provide different, tenant specific
resources which is based on properties from the request. This is not per-se a Tenant specific
requirements and maybe others would like to use that feature but Tenants requires it to obtain
the Code, Internationalization and Content for a specific Tenant and avoiding to access resources
from other Tenants. Because the Servlet Resolver uses an Administrative Resource Resolver
it cannot know of the per-call Search Path and it also uses a Cache that stores the first
found Servlet in its cache. This requires a way to enhance the Administrative Resource Resolver's
Search Path (like an one-off Resource Resolver wrapper) for that call with the Search Path
from the incoming Resource Resolver and it would require to manage the cache differently so
that an overlay of a Tenant is cached per Tenant and not globally otherwise only the first
overlay of a Tenant is used through the server.</p>
                                                <p style="font-size: 13px"> <strong>Discovery</strong>:
The Tenant Adaptor Factory is assuming that tenants are either indified through a logged in
user or a given path but that is not always true. For example the host administrator might
want to edit some of the Tenants code or wants to review changes maybe to shared code / content
like a login page. Maybe a Service interface which a client could implement would give the
discovery more flexibility to that process. For example the tenant might be specified in a
subdomain (like tenan1t.myhost.com) and does request a shared page from the host. That page
then imports other pages (ESPs, JSPs, Servlets) like the header, footer or components of that
page which could might be customized by the Tenant through overlays. The resource path would
not indicate a Tenant and hence the overlays would be ignored.</p>
                                                <p style="font-size: 13px"> <strong>Configuration</strong>:
A sample project might be best to illustrate on how to handle tenants. This could server to
purposed. First to showcase the Tenant managment and can be used by clients as template to
implement their template handling.</p>
                                                <h2 id="MultitenancySupportIntegration-UseCasesandProposedSolutions">Use
Cases and Proposed Solutions</h2>
                                                <h3 id="MultitenancySupportIntegration-1.HostprovidesaFramework,TenantcanCustomizeIt">1.
Host provides a Framework, Tenant can Customize It</h3>
                                                <p style="font-size: 13px"> <strong>Use
Case</strong>: a Host provides a general framework to its tenants and gives the tenant
to opportunity to customize it through overlayings code, translations and content.</p>
                                                <p style="font-size: 13px"> <strong>Solution</strong>:
A per-call Search Path (first entries are the tenant specific search paths followed by the
Resource Resolver Factory Search Path) is set on the Resource Resolver of the call and on
the Resource Resolver of the Servlet Resolver. In the Servlet Resolver the cache handling
must be changed because we can now have multiple servlets, one for each tenant.</p>
                                                <h3 id="MultitenancySupportIntegration-2.HostwantstolimitwhatPartsareCustomizable">2.
Host wants to limit what Parts are Customizable</h3>
                                                <p style="font-size: 13px"> <strong>Use
Case</strong>: a Host wants to prevent the Tenant developer from customizing key parts
of its framework like the login page etc.<br /> <br /> <strong>Solution</strong>:
the Resource Resolver or Servlet Resolver needs to check the other resource candiates if they
are looked.</p>
                                                <h3 id="MultitenancySupportIntegration-3.TenantsareIsolated">3.
Tenants are Isolated</h3>
                                                <p style="font-size: 13px"> <strong>Use
Case</strong>: a Tenant Deverloper and Viewer should not see the parts of other Tenants.</p>
                                                <p style="font-size: 13px"> <strong>Solution</strong>:
The current security model should be enough to prevent access to other tenatns resources.
That said a Tenant Customizer could be used to make sure that ACLs are created and put into
place.</p>
                                                <p style="font-size: 13px">&nbsp;</p>
                                            </div>
                                        </div>
                                        <table id="email-actions" class="email-metadata"
cellspacing="0" cellpadding="0" border="0" width="100%" style="border-top: 1px solid #bbb;
color: #505050; margin: 8px 0 0 0; padding: 0; color: #505050">
                                            <tbody>
                                                <tr>
                                                    <td class="left" valign="top" style="font-size:
13px; padding-top: 8px; max-width: 45%; text-align: left"> <span class="email-list-item"><a
href="https://cwiki.apache.org/confluence/display/SLING/Multitenancy+Support+Integration"
style="color: #326ca6; text-decoration: none">View Online</a> </span> <span
class="email-list-divider" style="color: #505050; padding: 0 0.350em">&middot;</span>
<span class="email-list-item"><a href="https://cwiki.apache.org/confluence/plugins/likes/like.action?contentId=39620812"
style="color: #326ca6; text-decoration: none">Like</a> </span> <span class="email-list-divider"
style="color: #505050; padding: 0 0.350em">&middot;</span> <span class="email-list-item"><a
href="https://cwiki.apache.org/confluence/display/SLING/Multitenancy+Support+Integration?showComments=true&amp;showCommentArea=true#addcomment"
style="color: #326ca6; text-decoration: none">Add Comment</a> </span> </td>
                                                    <td class="right" width="50%" valign="top"
style="font-size: 13px; padding-top: 8px; text-align: right"> <span class="email-list-item"><a
href="https://cwiki.apache.org/confluence/users/removespacenotification.action?spaceKey=SLING"
style="color: #326ca6; text-decoration: none">Stop watching space</a> </span>
<span class="email-list-divider" style="color: #505050; padding: 0 0.350em">&middot;</span>
<span class="email-list-item"><a href="https://cwiki.apache.org/confluence/users/editmyemailsettings.action"
style="color: #326ca6; text-decoration: none">Manage Notifications</a> </span>
</td>
                                                </tr>
                                            </tbody>
                                        </table> </td>
                                </tr>
                            </tbody>
                        </table> </td>
                </tr>
                <tr>
                    <td id="email-footer" align="center" style="font-size: 13px; padding:
0 16px 32px 16px; margin: 0"> <small style="font-size: 11px"> This message was sent
by <a class="email-footer-link" style="color:#505050;font-size:11px;text-decoration:none;;
color: #326ca6; text-decoration: none; color: #505050; font-size: 11px" href="http://www.atlassian.com/software/confluence">Atlassian
Confluence</a> 5.0.3, <a class="email-footer-link" style="color:#505050;font-size:11px;text-decoration:none;;
color: #326ca6; text-decoration: none; color: #505050; font-size: 11px" href="http://www.atlassian.com/software/confluence/overview/team-collaboration-software?utm_source=email-footer">Team
Collaboration Software</a> </small> </td>
                </tr>
            </tbody>
        </table>
    </body>
</html>
Mime
View raw message