On 12/11/2011 02:33, Rajiv Mordani wrote:
> As part of Java EE 7 one of the areas of focus is - multi-tenancy / PaaS
> style deployments of applications. As I have sent previously to the EG
> the current proposal for Java EE Platform as for PaaS as it stands today
> is described at [1].
>
> I would like to start the discussion around the requirements for what it
> means for the Web Container. In particular for the multi-tenancy aspect
> in a PaaS environment, what are the customizations that each tenant can
> provide and how they will be reflected in the spec. Some initial
> thoughts that I had are listed below -
I think there is a more fundamental question to address before we get to
the level of detail below. My reading of [1] is that the workflow is:
a) an application is uploaded
b) one or more instances of an application is configured for a specific
tenant
c) the instance(s) are started
The question for me is where does the WAR feature in this? I see two
possible approaches:
1. The WAR is uploaded in a) with place-holders for tenant specific
information. The WAR from a) and the tenant specific information from b)
is passed to the container that creates a tenant specific instance for c)
2. An application template is uploaded in a) which is then combined with
tenant specific information from b) to create the WAR which is deployed
in c).
I think approach 2 is a lot simpler to work with as it means minimal
(no?) changes to the current specification as all the tenant specific
work happens during the deployment process before the WAR is deployed.
My discussions with various folks at JavaOne led me to understand this
was the intended approach and that multi-tenant WAR files were not the
intention.
> * URL mapping
> * init-params
> * Customization of resources to be loaded per tenant - style sheets,
> jsps, error pages etc
> * Customized DataSources and other resource-refs per tenant
> * session related configuration (timeout, tracking mode, isHttpOnly,
> security setting etc)
> * security roles constraints per tenant (should we allow every tenant
> to change this for the application)
Pretty much everything in web.xml needs to be parameterized. I have some
thoughts on the above but I'd like to address the more fundamental
question before delving into the detail.
> * keystores, certs for an application (can we even do this per tenant)
I don't think this is possible. Until the JRE supports SNI on the server
side I see no way to do this. Even that will require one host name per
tenant (not a bad thing).
Mark
> What else am I missing here?
>
> [1] http://java.net/downloads/javaee-spec/PaaS.pdf
>
> - Rajiv