Runtime
Configuration
The datasources for the components can be configured either in the application-externaldatasources.properties
file or the application-jndidatasources.properties
. When configuring external datasources, the externaldatasources
profile should be enabled. When configuration JNDI datasources the jndidatasources
profile should be enabled.
JDBC datasources
### Comments SQL Store ###
blueriq.datasource.comments-sql-store.tenants.google.url=jdbc:oracle:thin:@localhost:1521:orcl
blueriq.datasource.comments-sql-store.tenants.google.username=google
blueriq.datasource.comments-sql-store.tenants.google.password=welcome
blueriq.datasource.comments-sql-store.tenants.apple.url=jdbc:oracle:thin:@localhost:1521:orcl
blueriq.datasource.comments-sql-store.tenants.apple.username=apple
blueriq.datasource.comments-sql-store.tenants.apple.password=welcome
blueriq.datasource.comments-sql-store.driverClassName=oracle.jdbc.driver.OracleDriver
blueriq.hibernate.comments-sql-store.hbm2ddl.auto=validate
blueriq.hibernate.comments-sql-store.dialect=org.hibernate.dialect.Oracle12cDialect
### Process SQL Store ###
blueriq.datasource.process-sql-store.tenants.google.url=jdbc:oracle:thin:@localhost:1521:orcl
blueriq.datasource.process-sql-store.tenants.google.username=google
blueriq.datasource.process-sql-store.tenants.google.password=welcome
blueriq.datasource.process-sql-store.tenants.apple.url=jdbc:oracle:thin:@localhost:1521:orcl
blueriq.datasource.process-sql-store.tenants.apple.username=apple
blueriq.datasource.process-sql-store.tenants.apple.password=welcome
blueriq.datasource.process-sql-store.driverClassName=oracle.jdbc.driver.OracleDriver
blueriq.hibernate.process-sql-store.hbm2ddl.auto=validate
blueriq.hibernate.process-sql-store.dialect=org.hibernate.dialect.Oracle12cDialect
### Trace SQL Store ###
blueriq.datasource.trace-sql-store.tenants.google.url=jdbc:oracle:thin:@localhost:1521:orcl
blueriq.datasource.trace-sql-store.tenants.google.username=google
blueriq.datasource.trace-sql-store.tenants.google.password=welcome
blueriq.datasource.trace-sql-store.tenants.apple.url=jdbc:oracle:thin:@localhost:1521:orcl
blueriq.datasource.trace-sql-store.tenants.apple.username=apple
blueriq.datasource.trace-sql-store.tenants.apple.password=welcome
blueriq.datasource.trace-sql-store.driverClassName=oracle.jdbc.driver.OracleDriver
blueriq.hibernate.trace-sql-store.hbm2ddl.auto=validate
blueriq.hibernate.trace-sql-store.dialect=org.hibernate.dialect.Oracle12cDialect
JNDI datasources
### Comments SQL Store ###
blueriq.datasource.comments-sql-store.tenants.google.jndiName=java:/comp/env/jdbc/google
blueriq.datasource.comments-sql-store.tenants.apple.jndiName=java:/comp/env/jdbc/apple
blueriq.hibernate.comments-sql-store.hbm2ddl.auto=validate
blueriq.hibernate.comments-sql-store.dialect=org.hibernate.dialect.Oracle12cDialect
### Process SQL Store ###
blueriq.datasource.process-sql-store.tenants.google.jndiName=java:/comp/env/jdbc/google
blueriq.datasource.process-sql-store.tenants.apple.jndiName=java:/comp/env/jdbc/apple
blueriq.hibernate.process-sql-store.hbm2ddl.auto=validate
blueriq.hibernate.process-sql-store.dialect=org.hibernate.dialect.Oracle12cDialect
### Trace SQL Store ###
blueriq.datasource.trace-sql-store.tenants.google.jndiName=java:/comp/env/jdbc/google
blueriq.datasource.trace-sql-store.tenants.apple.jndiName=java:/comp/env/jdbc/apple
blueriq.hibernate.trace-sql-store.hbm2ddl.auto=validate
blueriq.hibernate.trace-sql-store.dialect=org.hibernate.dialect.Oracle12cDialect
CMIS
To configure CMIS in a multi-tenant environment, Blueriq supports setting the following properties per tenant:
- user
- password
- servicesUrl
- repositoryId
The rest of the CMIS properties are the same for all tenants. See How to setup a CMIS connection for the further configuration.
Note that it is not necessary to override the above properties for each tenant. If they are not defined for a tenant, the normal (not tenant-specific) properties are used.
Below is a sample configuration for two tenants, where the 'google' tenant uses the standard servicesUrl, while the 'apple' tenant overrides this.
# common
blueriq.cmis.services-url=http://host:8080/alfresco/api/-default-/public/cmis/versions/1.1/atom
blueriq.cmis.object-type-id=D:my:objectType
blueriq.cmis.binding-type=atompub
# multi-tenant google
blueriq.cmis.tenants.google.user=admin
blueriq.cmis.tenants.google.password=adminpass
blueriq.cmis.tenants.google.repository-id=google
# multi-tenant apple
blueriq.cmis.tenants.apple.services-url=http://apple.local:8080/alfresco/api/-default-/public/cmis/versions/1.1/atom
blueriq.cmis.tenants.apple.user=apple
blueriq.cmis.tenants.apple.password=applepassword
blueriq.cmis.tenants.apple.repository-id=apple
Connections
The file system connection requires a different connection to the file system for each tenant. This way of storing data allows the data of different tenants to be stored on the same file system. For long term storage, a better way to store files is to use a DMS (Document Management System) instead. This can be achieved using the CMIS connection.
blueriq.connection.connectionName.filesystem.tenants.google.path=C:/google/files
blueriq.connection.connectionName.filesystem.tenants.apple.path=C:/apple/files
Rest & soap
The rest and soap filesystem connections can also be configured for each tenant. Most properties will be the same for each tenant, except for url, username and password. These can be configured for each tenant. In a multi-tenancy setup, two additional (optional) properties are added for soap and rest connections. It is possible to pass the tenant with your rest call, for example when you want to call a BAARS or an external application that is multi-tenant as well. To do this the tenant header should be enabled with the property tenantIdEnabled and the header can be set in the property tenantHeaderName. An example setup will look as follows:
# rest
blueriq.connection.RestCall.http.tenantIdEnabled=true
blueriq.connection.RestCall.http.tenantHeaderName=Tenant-Id
blueriq.connection.RestCall.http.tenants.blueriq.url=http://something
blueriq.connection.RestCall.http.tenants.blueriq.username=username
blueriq.connection.RestCall.http.tenants.blueriq.password=password
# soap
blueriq.connection.SoapService.soap.tenantIdEnabled=true
blueriq.connection.SoapService.soap.tenantHeaderName=Tenant-Id
blueriq.connection.SoapService.soap.tenants.blueriq.url=http://something
blueriq.connection.SoapService.soap.tenants.blueriq.username=username
blueriq.connection.SoapService.soap.tenants.blueriq.password=password
DCM Lists Client
When multi-tenancy is enabled, the runtime will send the X-TENANT-ID
HTTP header to the DCM lists service whenever an HTTP request is made. To use a separate RabbitMQ instance for each tenant, additional configuration is required in application-dcm-lists-client.properties
.
blueriq.dcm.lists-client.rabbitmq.tenants.google.host=localhost
blueriq.dcm.lists-client.rabbitmq.tenants.google.port=5672
blueriq.dcm.lists-client.rabbitmq.tenants.google.username=google
blueriq.dcm.lists-client.rabbitmq.tenants.google.password=welcome
blueriq.dcm.lists-client.rabbitmq.tenants.google.exchangeName=processEvents
blueriq.dcm.lists-client.rabbitmq.tenants.google.virtualHost=google
blueriq.dcm.lists-client.rabbitmq.tenants.google.queueNames=dcmListsService
blueriq.dcm.lists-client.rabbitmq.tenants.apple.host=localhost
blueriq.dcm.lists-client.rabbitmq.tenants.apple.port=5672
blueriq.dcm.lists-client.rabbitmq.tenants.apple.username=apple
blueriq.dcm.lists-client.rabbitmq.tenants.apple.password=welcome
blueriq.dcm.lists-client.rabbitmq.tenants.apple.exchangeName=processEvents
blueriq.dcm.lists-client.rabbitmq.tenants.apple.virtualHost=apple
blueriq.dcm.lists-client.rabbitmq.tenants.apple.queueNames=dcmListsService
DCM / Case Engine
The DCM module provides the Service call type: DCM_CaseCreate service call type that you can use to start a case by publishing data on a queue. The Case Engine will consume messages from the queue and start the case asynchronously. Below are examples on how to configure the RabbitMQ instance for each tenant.
blueriq.dcm.rabbitmq.tenants.google.host=localhost
blueriq.dcm.rabbitmq.tenants.google.port=5672
blueriq.dcm.rabbitmq.tenants.google.username=google
blueriq.dcm.rabbitmq.tenants.google.password=welcome
blueriq.dcm.rabbitmq.tenants.google.exchangeName=processEvents
blueriq.dcm.rabbitmq.tenants.google.virtualHost=google
blueriq.dcm.rabbitmq.tenants.apple.host=localhost
blueriq.dcm.rabbitmq.tenants.apple.port=5672
blueriq.dcm.rabbitmq.tenants.apple.username=apple
blueriq.dcm.rabbitmq.tenants.apple.password=welcome
blueriq.dcm.rabbitmq.tenants.apple.exchangeName=processEvents
blueriq.dcm.rabbitmq.tenants.apple.virtualHost=apple
# DCM Events
blueriq.dcm.rabbitmq.tenants.google.host=localhost
blueriq.dcm.rabbitmq.tenants.google.port=5672
blueriq.dcm.rabbitmq.tenants.google.username=google
blueriq.dcm.rabbitmq.tenants.google.password=welcome
blueriq.dcm.rabbitmq.tenants.google.exchangeName=processEvents
blueriq.dcm.rabbitmq.tenants.google.virtualHost=google
blueriq.dcm.rabbitmq.tenants.apple.host=localhost
blueriq.dcm.rabbitmq.tenants.apple.port=5672
blueriq.dcm.rabbitmq.tenants.apple.username=apple
blueriq.dcm.rabbitmq.tenants.apple.password=welcome
blueriq.dcm.rabbitmq.tenants.apple.exchangeName=processEvents
blueriq.dcm.rabbitmq.tenants.apple.virtualHost=apple
#Trace Event Publisher
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.google.host=localhost
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.google.port=5672
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.google.username=google
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.google.password=welcome
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.google.virtualHost=google
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.google.exchangeName=traceEvents
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.apple.host=localhost
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.apple.port=5672
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.apple.username=apple
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.apple.password=welcome
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.apple.virtualHost=apple
blueriq.trace.event.publisher.channel.amqp.rabbitmq.tenants.apple.exchangeName=traceEvents
# Trace Event Listener
blueriq.trace.event.listener.amqp.rabbitmq.tenants.google.host=localhost
blueriq.trace.event.listener.amqp.rabbitmq.tenants.google.port=5672
blueriq.trace.event.listener.amqp.rabbitmq.tenants.google.username=google
blueriq.trace.event.listener.amqp.rabbitmq.tenants.google.password=welcome
blueriq.trace.event.listener.amqp.rabbitmq.tenants.google.virtualHost=google
blueriq.trace.event.listener.amqp.rabbitmq.tenants.google.queueNames=traceQueue
blueriq.trace.event.listener.amqp.rabbitmq.tenants.apple.host=localhost
blueriq.trace.event.listener.amqp.rabbitmq.tenants.apple.port=5672
blueriq.trace.event.listener.amqp.rabbitmq.tenants.apple.username=apple
blueriq.trace.event.listener.amqp.rabbitmq.tenants.apple.password=welcome
blueriq.trace.event.listener.amqp.rabbitmq.tenants.apple.virtualHost=apple
blueriq.trace.event.listener.amqp.rabbitmq.tenants.apple.queueNames=traceQueue
# Timeline Event Publisher
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.google.host=localhost
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.google.port=5672
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.google.username=google
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.google.password=welcome
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.google.virtualHost=google
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.google.exchangeName=timelineEvents
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.apple.host=localhost
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.apple.port=5672
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.apple.username=apple
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.apple.password=welcome
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.apple.virtualHost=apple
blueriq.timeline.event.publisher.channel.amqp.rabbitmq.tenants.apple.exchangeName=timelineEvents
# Timeline Event Listener
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.google.host=localhost
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.google.port=5672
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.google.username=google
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.google.password=welcome
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.google.virtualHost=google
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.google.queueNames=timelineQueue
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.apple.host=localhost
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.apple.port=5672
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.apple.username=apple
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.apple.password=welcome
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.apple.virtualHost=apple
blueriq.timeline.event.listener.amqp.rabbitmq.tenants.apple.queueNames=timelineQueue
# Audit Event Publisher
blueriq.audit.rabbitmq.tenants.google.host=localhost
blueriq.audit.rabbitmq.tenants.google.port=5672
blueriq.audit.rabbitmq.tenants.google.username=google
blueriq.audit.rabbitmq.tenants.google.password=welcome
blueriq.audit.rabbitmq.tenants.google.virtualHost=google
blueriq.audit.rabbitmq.tenants.google.exchangeName=auditEvents
blueriq.audit.rabbitmq.tenants.apple.host=localhost
blueriq.audit.rabbitmq.tenants.apple.port=5672
blueriq.audit.rabbitmq.tenants.apple.username=apple
blueriq.audit.rabbitmq.tenants.apple.password=welcome
blueriq.audit.rabbitmq.tenants.apple.virtualHost=apple
blueriq.audit.rabbitmq.tenants.apple.exchangeName=auditEvents
Authentication - OAuth2 and Keycloak
In single-tenant mode as well as in multi-tenancy mode, OAuth2 and Keycloak can be used for the authentication mechanism. The difference with multi-tenancy is that the application now expects a claim to be present in the JWT token with the claim path name "tenant" and with the tenant name as value. This claim name is customizable if the tenant is present in the JWT token with a different claim name.
Customizing the tenant path
The tenant claim can be customized using a JsonPath expression in the same way the roles-path and username-path can be set.
blueriq:
jwt:
tenant-path: $.custom_tenant_claim_path