SaaS (Software as a Service) has transformed how businesses deliver software โ scalable, subscription-based, and user-friendly. But building a SaaS platform comes with architectural challenges: multi-tenancy, authentication, billing, custom domains, onboarding flows, and more.
In this comprehensive guide, weโll explore how to build SaaS applications using Spring Boot 3, covering real-world concerns like multi-tenancy, data isolation, user management, role-based access control (RBAC), and extensibility โ all using the base package com.kscodes.springboot.advanced.
๐งฑ What is a SaaS Application?
A SaaS application is a centrally hosted software delivered to users over the internet โ usually subscription-based. Common traits include:
- Multi-tenancy: Each customer (tenant) has logically or physically separated data.
- Authentication & Access Control
- Self-Service Sign-up & Billing
- Modular architecture for extensibility
๐ ๏ธ Technologies Used
- Spring Boot 3.x
- Spring Security
- PostgreSQL
- Hibernate
- JWT / OAuth2
- Stripe (for billing)
- Docker
๐๏ธ Architecture Overview
|
1 2 3 4 5 6 7 8 9 10 11 12 |
com.kscodes.springboot.advanced โ โโโ common โ Shared components โโโ tenant โ Tenant context, interceptors โโโ security โ Auth + Role-based access โโโ user โ Signup, login, profile mgmt โโโ billing โ Stripe or mock integration โโโ features โ Modular feature implementations โโโ api โ REST controllers |
๐ 1. Tenant-Aware Multi-Tenancy (Schema-based)
Multi-tenancy can be implemented in various ways:
- Schema-per-tenant (recommended for SaaS)
- Database-per-tenant
- Row-based (single db with tenant_id)
๐ TenantContextHolder.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
package com.kscodes.springboot.advanced.tenant; public class TenantContextHolder { private static final ThreadLocal<String> currentTenant = new ThreadLocal<>(); public static void setTenantId(String tenantId) { currentTenant.set(tenantId); } public static String getTenantId() { return currentTenant.get(); } public static void clear() { currentTenant.remove(); } } |
๐ TenantInterceptor.java
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
package com.kscodes.springboot.advanced.tenant; import jakarta.servlet.*; import jakarta.servlet.http.HttpServletRequest; import org.springframework.stereotype.Component; @Component public class TenantInterceptor implements Filter { @Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws java.io.IOException, ServletException { HttpServletRequest req = (HttpServletRequest) request; String tenantId = req.getHeader("X-Tenant-ID"); // Extract tenant ID if (tenantId != null) { TenantContextHolder.setTenantId(tenantId); } try { chain.doFilter(request, response); } finally { TenantContextHolder.clear(); } } } |
๐ 2. Authentication & RBAC with JWT
๐งพ Roles
|
1 2 3 4 5 6 |
public enum Role { ROLE_USER, ROLE_ADMIN, ROLE_SUPERADMIN } |
๐ JWT-based Security
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 |
package com.kscodes.springboot.advanced.security; @Configuration @EnableWebSecurity public class SecurityConfig { @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http .csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests(auth -> auth .requestMatchers("/auth/**").permitAll() .anyRequest().authenticated()) .oauth2ResourceServer(oauth2 -> oauth2.jwt(Customizer.withDefaults())); return http.build(); } } |
๐ง 3. Self-Service Sign-up & User Management
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
package com.kscodes.springboot.advanced.user; @RestController @RequestMapping("/auth") public class AuthController { private final UserService userService; @PostMapping("/signup") public ResponseEntity<String> signup(@RequestBody SignupRequest request) { userService.register(request); return ResponseEntity.ok("User registered"); } } |
๐ณ 4. Billing Integration (Stripe-ready)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
package com.kscodes.springboot.advanced.billing; @Service public class BillingService { public void createCustomerSubscription(String userId, String planId) { // Call Stripe API } public void cancelSubscription(String userId) { // Call Stripe API } } |
๐ 5. Tenant-Based Data Isolation (JPA)
๐๏ธ MultiTenantConnectionProviderImpl
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
@Component public class MultiTenantConnectionProviderImpl extends AbstractDataSourceBasedMultiTenantConnectionProviderImpl { @Override protected DataSource selectAnyDataSource() { return defaultDataSource; } @Override protected DataSource selectDataSource(String tenantIdentifier) { return tenantDataSourceMap.get(tenantIdentifier); } } |
๐งช 6. API Endpoint Example
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
package com.kscodes.springboot.advanced.api; @RestController @RequestMapping("/dashboard") public class DashboardController { @GetMapping public String dashboard() { String tenant = TenantContextHolder.getTenantId(); return "Welcome to the dashboard of tenant: " + tenant; } } |
๐ 7. CI/CD & Dockerization
Dockerfile
|
1 2 3 4 5 6 |
FROM eclipse-temurin:21-jdk-alpine COPY target/saas-app.jar app.jar ENTRYPOINT ["java", "-jar", "/app.jar"] |
๐ฏ Best Practices
| Area | Best Practice |
|---|---|
| Multi-tenancy | Use schema-per-tenant for scale |
| Authentication | Use JWT + Spring Security |
| Billing | Use Stripe or Razorpay |
| Config Management | Centralize via Spring Config Server |
| Environment setup | Use Docker Compose |
โ Advantages of Spring Boot for SaaS
| Feature | Benefit |
|---|---|
| Spring Security | Out-of-the-box OAuth2, JWT, RBAC |
| Multi-Tenant JPA | Schema/DB separation |
| Auto-config | Fast bootstrapping for new services |
| Ecosystem | Rich libraries for billing, analytics, etc |
๐ก๏ธ SaaS Features You Can Extend
- Usage metering
- Invite-based sign-up
- Email verification
- Team management
- API rate limiting (via Bucket4j)
๐ Conclusion
Spring Boot 3 provides a solid foundation for building modern SaaS applications with Spring Boot. From multitenancy and authentication to billing and observability, the ecosystem is rich enough to help you build and scale your platform rapidly.
By structuring your code around tenants, ensuring proper isolation, and using proven SaaS patterns, you set yourself up for long-term growth and maintainability.