Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.
11-20-2020 09:11 AM
Hello!
I am currently working on a project that uses Spring Data Neo4j, and I am working on migrating from version 5 to the latest version 6.
In the previous version, we used a particular approach with spring data where each tenant had a credential set unique to them. Apparently, it is important for security concerns that this behaviour is conserved with the migration to Spring Data Neo4j 6, and I am wondering if this is possible in any way, or if this is planned to be supported.
I saw that there is the DatabaseSelectionProvider that exists, but I think I can only specify a database name and not a credential set.
Any help on this?
Thank you!
11-23-2020 01:28 AM
The authentication is on a per-driver basis whereas in contrast the database selection can be done for every call. So we cannot easily provide other credentials without creating a whole new driver bean.
There is an alternative but not Neo4j DBMS driver solution for your problem, if this is what fits your need already. My colleague Michael wrote about this here https://medium.com/neo4j/reactive-multi-tenancy-with-neo4j-4-0-and-sdn-rx-d8ae0754c35
Due to the lack of anchors in Medium, I suggest to search for Configuration time to see if this is what you want and then read the rest of the post to get the setup the application is running with.
11-23-2020 10:46 AM
Thank you for your answer.
The reason I am asking this is because my company is in the process of getting the SOC2 certification, and with this certification, we need the database access to be as small as possible per DB user, in a way that we have every tenant's environment isolated as much as possible.
We require something bigger than a DatabaseSelector: We need a DataSourceSelector, so that we can change what user performs the request to the database, or even completely target another Neo4j instance for that tenant if we want.
This is something available out of the box with our PostgreSQL database with Hibernate, but always seemed to lack with the Neo4j implementation, and I sincerly hoped this would be part of the Spring Data Neo4j 6.0.
Anyway, if this is not planned to be supported, do you know a way we could overwrite some components of the library to make this possible?
11-24-2020 02:17 AM
Hi! I am unsure if this is about the same application but it definitly sounds so.
So here's an example on how to do different connections and different databases:
11-24-2020 12:22 PM
Thank you for this answer. The issue you sent me is not for my project, but it's indeed a similar issue.
I'm not really sure how to manage the multiple driver implementation when using spring, because in your example, you call different repositories, while I want to call the exact same repository with a different tenant context, and the spring repository should select the right driver in the background for that tenant.
I think this is a not so bad start anyway, so i'll look into the code to see how I could inject a different driver instance per tenant.
Thank you!
10-17-2022 08:40 AM
Hi, I am currently struggling with the same issue, trying to switch the exact same repository between different tenant contexts.
I have multiple databases running on the same server instance and they are dynamically created per tenant with different set of credentials.
Does anyone know if this is possible? I only found the same information when we can switch between different databases using DatabaseSelectionProvider, but it means that we have one user with access to all of them, which is not my case.
All the sessions of the conference are now available online