SaaS lets service providers achieve economies of scale by offering hosted software applications, possibly providing services to previously unexploited market segments. The main advantage of multitenancy in SaaS solutions is that it allows the service provider to serve multiple client organizations. The best way to secure SaaS applications, where many users share the same resources, is through logical partitioning of data and configuration (based on tenant IDs) to guarantee safe multitenancy.
Securing a Multi-Tenant SaaS Java Application
shows how to implement an effective primary line of defense. The solution combines the use of Spring Security, a proven open source security framework, with Apache Directory Server, a popular Java-based open source Lightweight Directory Access Protocol (LDAP) v3 compliant server. The solution proposed is available as an example Java Web application that can be deployed on either Apache Tomcat or Apache Geronimo.
The article focuses on the mechanisms of authentication and authorization within a SaaS model.