1.需求saas支付平台分测试环境和真实环境,用户可以切换环境来达到在不同环境发起支付业务流程,测试环境就是模拟测试数据,真实环境就发真实交易
2.系统内部的测试环境和真实环境的数据隔离:
多租户数据存储方案
a. 独立数据库:
”一个Tenant,一个Database“的数据存储方式。隔离级别最高、最安全,但成本也高
b. 共享数据库,隔离数据结构:
多个租户或所有租户共享一个Database,但一个Tenant,一个Schema(数据库user)的方式。
优点:
1.一定程度的逻辑数据隔离(并非完全),可满足较高程度的安全性保障;
2.每个数据库,可支持更多租户数量;
缺点:
1.恢复数据较困难,因为将牵扯到其他租户数据;
2.跨租户统计数据,实现难度大;
c. 共享数据结构,tenant_id字段隔离(推荐)
共享同一个数据库,同一个Schema,为每个需要隔离的业务表加上Tenant_ID字段,以实现租户数据间的隔离,这种共享数据程度最高,隔离级别最低
优点:
每个数据库可支持租户数量多,维护和购置服务器成本最低;
缺点:
- 隔离级别低,安全性低,开发时需做大量安全开发工作;
- 逐表逐条备份和还原数据,数据备份和恢复困难。
实践
使用mybatis-plus 3.4.3.4的多租户解决方案
3.4之前版本的多租户依赖分页插件,现在的版本已不推荐,现在使用
官文文档:https://mp.baomidou.com/guide/interceptor-tenant-line.html#tenantlineinnerinterceptor
1.打包jar供他人使用,结合springboot自动配置
目录:自动配置文件目录
-----RESOURCE
---------METE-INF
------------spring.factorties
# Auto Configure 类名路径自行更改
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
com.xxx.tenant.config.TenantFilterConfig,\
com.xxx.tenant.config.MybatisPlusConfig
2.MybatisPlusConfig
import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
import com.baomidou.mybatisplus.extension.plugins.handler.TenantLineHandler;
import com.baomidou.mybatisplus.extension.plugins.inner.TenantLineInnerInterceptor;
import net.sf.jsqlparser.expression.Expression;
import net.sf.jsqlparser.expression.StringValue;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.transaction.annotation.EnableTransactionManagement;
//import com.baomidou.mybatisplus.extension.plugins.OptimisticLockerInterceptor;
//import com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor;
/**
* MybatisPlusConfig
*
* @author rensh
* @version 1.10 2021/11/30
*/
@Configuration
//@EnableTransactionManagement(order = 3,proxyTargetClass = true)//启注解事务管理,等同于xml配置方式的 <tx:annotation-driven />
@EnableConfigurationProperties(TenantMybatisPlusProperties.class)
@MapperScan(basePackages = {"com.xxx.pay.**.mapper"})
public class MybatisPlusConfig {
@Autowired
private TenantMybatisPlusProperties tenantMybatisPlusProperties;
@Bean
public MybatisPlusInterceptor mybatisPlusInterceptor() {
MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
interceptor.addInnerInterceptor(new TenantLineInnerInterceptor(new TenantLineHandler() {
@Override
public Expression getTenantId() {
StringValue stringValue = new StringValue(TenantUtils.get());
System.out.println("MybatisPlusInterceptor tenantID = " + stringValue);
return new StringValue(TenantUtils.get());
}
// 这是 default 方法,默认返回 false 表示所有表都需要拼多租户条件
@Override
public boolean ignoreTable(String tableName) {
String[] ignoreTabs = tenantMybatisPlusProperties.getIgnoreTabs();
for (String ignoreTab : ignoreTabs) {
if (ignoreTab.equals(tableName)) {
System.out.println("不需要过滤表 = " + ignoreTab);
return true;
}
}
return false;
}
}));
// 如果用了分页插件注意先 add TenantLineInnerInterceptor 再 add PaginationInnerInterceptor
// 用了分页插件必须设置 MybatisConfiguration#useDeprecatedExecutor = false
// interceptor.addInnerInterceptor(new PaginationInnerInterceptor());
return interceptor;
}
}
3.TenantFilterConfig
@Configuration
public class TenantFilterConfig {
@Bean
@ConditionalOnMissingBean
public FilterRegistrationBean registerAuthFilter() {
FilterRegistrationBean registration = new FilterRegistrationBean();
TenantFilter tebonxTenantFilter = new TenantFilter();
registration.setFilter(tebonxTenantFilter);
registration.addUrlPatterns("/*");
registration.setName("tenantFilter");
registration.setOrder(100000); //值越小,Filter越靠前。
return registration;
}
@Bean
public RequestInterceptor requestInterceptor() {
return new SecuringRequestInterceptor();
}
}
4.SecuringRequestInterceptor 将tenantid 通过feign RequestTemplate 设置header信息的方式传递tenantid
import feign.RequestInterceptor;
import feign.RequestTemplate;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import javax.servlet.http.HttpServletRequest;
import java.util.Enumeration;
/**
* @author rensh
*/
@Component
public class SecuringRequestInterceptor implements RequestInterceptor {
@Override
public void apply(RequestTemplate requestTemplate) {
// ServletRequestAttributes attributes = (ServletRequestAttributes) RequestContextHolder
// .getRequestAttributes();
// HttpServletRequest request = attributes.getRequest();
//
// Enumeration<String> headers = request.getHeaders("livemode");
//
// while (headers.hasMoreElements()) { // typically there is only one (most servers enforce that)
// String value = headers.nextElement();
// String tenantId = "";
// if (StringUtils.isNotBlank(value)) {
// tenantId = "true".equals(value) ? "pro" : "test";
// } else {
// tenantId = "test";
// }
// TenantUtils.put(tenantId);
requestTemplate.header("livemode", TenantUtils.get());
}
// Enumeration<String> headerNames = request.getHeaderNames();
// if (headerNames != null) {
// while (headerNames.hasMoreElements()) {
// String name = headerNames.nextElement();
//
// String values = request.getHeader(name);
// requestTemplate.header(name, values);
// }
// }
// }
}
5.TenantFilter
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Enumeration;
public class TenantFilter implements Filter {
private static Logger log = LoggerFactory.getLogger(TenantFilter.class.getName());
private static String s_selfGroup;
public void initGroup(String group) {
s_selfGroup = group;
}
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
//如果请求中存在,那么就直接使用,如果没有,那么判断当前组是否非公共,
//如果是公共,并且没有租户信息,那么需要从oauth token中获取当前用户来判断
String tenantId = TenantUtils.get();
if (StringUtils.isBlank(tenantId)) {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
Enumeration<String> headers = request.getHeaders("livemode");
while (headers.hasMoreElements()) { // typically there is only one (most servers enforce that)
String value = headers.nextElement();
if (StringUtils.isNotBlank(value)) {
tenantId = value;
if ("true".equals(value)) {
tenantId = "pro";
} else if ("false".equals(value)) {
tenantId = "test";
}
} else {
log.error("用户访问租户信息为空:{},取默认值test", tenantId);
tenantId = "test";
}
log.debug("用户访问租户信息:{}", tenantId);
}
TenantUtils.put(tenantId);
System.out.println("filter_1:" + tenantId);
} else {
System.out.println("filter_2:" + tenantId);
}
filterChain.doFilter(servletRequest, servletResponse);
}
@Override
public void destroy() {
}
}
6.TenantMybatisPlusProperties
/**
* @author: rensh
* @since: 2021/11/30 18:24
*/
@ConfigurationProperties(prefix = "pay.xx")
public class TenantMybatisPlusProperties {
/**
* 不需要过滤的表名
*/
private String[] ignoreTabs;
public String[] getIgnoreTabs() {
return ignoreTabs;
}
public void setIgnoreTabs(String[] ignoreTabs) {
this.ignoreTabs = ignoreTabs;
}
}
7.TenantUtils
/**
* @author: rensh
* @since: 2021/11/26 14:15
*/
public class TenantUtils {
private static final ThreadLocal<String> TENANT_ID = new ThreadLocal<>();
public static String get() {
return TENANT_ID.get();
}
public static void put(String tenantId) {
TenantUtils.TENANT_ID.set(tenantId);
}
public static void remove() {
TenantUtils.TENANT_ID.remove();
}
8.pom
<dependencies>
<dependency>
<groupId>com.baomidou</groupId>
<artifactId>mybatis-plus-extension</artifactId>
<version>3.4.3.4</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.cloud</groupId>
<artifactId>spring-cloud-starter-openfeign</artifactId>
<version>2.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.4</version>
</dependency>
<!--springboot web 依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
<version>2.2.8.RELEASE</version>
</dependency>
</dependencies>
9.TenantMybatisPlusProperties.ignoreTabs 中配置不需要租户新的表
通过在bootstrap.pproperties 中配置的方式
pay.xx.ignoreTabs=base_dict_entry