keycloak-aplcache
Changes
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClient.java 3(+0 -3)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClientTemplate.java 3(+0 -3)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedGroup.java 1(+0 -1)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRealm.java 7(+1 -6)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRole.java 1(+0 -1)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java 16(+6 -10)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientQuery.java 2(+0 -2)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientTemplateQuery.java 2(+0 -2)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/GroupQuery.java 2(+0 -2)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleListQuery.java 3(+0 -3)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleQuery.java 2(+0 -2)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserListQuery.java 49(+49 -0)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserQuery.java 11(+11 -0)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java 6(+3 -3)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheUserProviderFactory.java 114(+6 -108)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheManager.java 162(+162 -0)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java 27(+15 -12)
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheManager.java 68(+18 -50)
Details
diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/cache.xml b/docbook/auth-server-docs/reference/en/en-US/modules/cache.xml
index 4d68eb4..dec9ecf 100755
--- a/docbook/auth-server-docs/reference/en/en-US/modules/cache.xml
+++ b/docbook/auth-server-docs/reference/en/en-US/modules/cache.xml
@@ -23,11 +23,21 @@
</para>
<section>
+ <title>Eviction and Expiration</title>
+
+ <para>
+ By default the user cache contains a maximum of 10000 entries. This is not 10000 users, but 10000 entries in the cache. You can change the maximum
+ number of entries by editing the server configuration <literal>standalone.xml</literal> or <literal>standalone-ha.xml</literal>.
+ Locate the element <literal>cache-container name="keycloak"</literal> and change the eviction policy for the <literal>users</literal> cache. For
+ more information see <ulink url="https://docs.jboss.org/author/display/WFLY10/Infinispan+Subsystem">Infinispan Subsystem documentation</ulink>.
+ </para>
+ </section>
+
+ <section>
<title>Disabling Caches</title>
<para>
- The realm and user caches can be cleared through the management console. To
- disable the realm or user cache, you must edit the <literal>keycloak-server.json</literal> file
- in your distribution. Here's what the config looks like initially.
+ To disable the realm or user cache, you must edit the <literal>keycloak-server.json</literal> file
+ in your distribution. Here's what the config looks like initially.
</para>
<para>
<programlisting><![CDATA[
@@ -44,7 +54,7 @@
},
]]></programlisting>
</para>
- <para>You must then change it to:
+ <para>To disable the cache set the enabled field to false for the cache you want to disable:
<programlisting><![CDATA[
"userCache": {
"infinispan" : {
@@ -60,11 +70,12 @@
]]></programlisting>
</para>
</section>
+
<section>
<title>Clear Caches</title>
<para>
- To clear the realm or user cache, go to the Keycloak admin console Realm Settings->Cache Config page. Disable the cache
- you want. This will cause the cache to be cleared.
+ To clear the realm or user cache, go to the Keycloak admin console Realm Settings->Cache Config page. On this page you can clear the realm cache
+ or the user cache. This will clear the caches for all realms and not only the selected realm.
</para>
</section>
</chapter>
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java
index 2094fa2..02b1f8a 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/ClientAdapter.java
@@ -17,11 +17,20 @@
package org.keycloak.models.cache.infinispan;
-import org.keycloak.models.*;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientTemplateModel;
+import org.keycloak.models.ProtocolMapperModel;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleContainerModel;
+import org.keycloak.models.RoleModel;
import org.keycloak.models.cache.CacheRealmProvider;
import org.keycloak.models.cache.infinispan.entities.CachedClient;
-import java.util.*;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClient.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClient.java
index cac6bc6..b4b6729 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClient.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClient.java
@@ -20,11 +20,8 @@ package org.keycloak.models.cache.infinispan.entities;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
-import org.keycloak.models.cache.infinispan.RealmCache;
-import java.io.Serializable;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedList;
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClientTemplate.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClientTemplate.java
index e0f7e88..41ddece 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClientTemplate.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedClientTemplate.java
@@ -20,11 +20,8 @@ package org.keycloak.models.cache.infinispan.entities;
import org.keycloak.models.ClientTemplateModel;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.RealmProvider;
import org.keycloak.models.RoleModel;
-import org.keycloak.models.cache.infinispan.RealmCache;
-import java.io.Serializable;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedGroup.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedGroup.java
index b29125a..01ba0cd 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedGroup.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedGroup.java
@@ -22,7 +22,6 @@ import org.keycloak.models.GroupModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
-import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRealm.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRealm.java
index b93da32..f82923a 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRealm.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRealm.java
@@ -18,6 +18,7 @@
package org.keycloak.models.cache.infinispan.entities;
import org.keycloak.common.enums.SslRequired;
+import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.AuthenticatorConfigModel;
@@ -29,19 +30,13 @@ import org.keycloak.models.IdentityProviderModel;
import org.keycloak.models.OTPPolicy;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.RealmProvider;
import org.keycloak.models.RequiredActionProviderModel;
import org.keycloak.models.RequiredCredentialModel;
-import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProviderModel;
-import org.keycloak.models.cache.infinispan.RealmCache;
-import org.keycloak.common.util.MultivaluedHashMap;
-import java.io.Serializable;
import java.security.PrivateKey;
import java.security.PublicKey;
-import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRole.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRole.java
index 44a5dc2..0dff46b 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRole.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedRole.java
@@ -20,7 +20,6 @@ package org.keycloak.models.cache.infinispan.entities;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
-import java.io.Serializable;
import java.util.HashSet;
import java.util.Set;
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java
index c1bf4cd..ccd6668 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java
@@ -17,14 +17,13 @@
package org.keycloak.models.cache.infinispan.entities;
+import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.models.GroupModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserModel;
-import org.keycloak.common.util.MultivaluedHashMap;
-import java.io.Serializable;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
@@ -34,8 +33,7 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
-public class CachedUser implements Serializable {
- private String id;
+public class CachedUser extends AbstractRevisioned implements InRealm {
private String realm;
private String username;
private Long createdTimestamp;
@@ -53,8 +51,10 @@ public class CachedUser implements Serializable {
private Set<String> roleMappings = new HashSet<>();
private Set<String> groups = new HashSet<>();
- public CachedUser(RealmModel realm, UserModel user) {
- this.id = user.getId();
+
+
+ public CachedUser(Long revision, RealmModel realm, UserModel user) {
+ super(revision, user.getId());
this.realm = realm.getId();
this.username = user.getUsername();
this.createdTimestamp = user.getCreatedTimestamp();
@@ -80,10 +80,6 @@ public class CachedUser implements Serializable {
}
}
- public String getId() {
- return id;
- }
-
public String getRealm() {
return realm;
}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientQuery.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientQuery.java
index e58b921..ce1ab51 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientQuery.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientQuery.java
@@ -1,7 +1,5 @@
package org.keycloak.models.cache.infinispan.entities;
-import org.keycloak.models.cache.infinispan.entities.InRealm;
-
import java.util.Set;
/**
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientTemplateQuery.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientTemplateQuery.java
index e07f7ab..a6fcebf 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientTemplateQuery.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/ClientTemplateQuery.java
@@ -1,7 +1,5 @@
package org.keycloak.models.cache.infinispan.entities;
-import org.keycloak.models.cache.infinispan.entities.InRealm;
-
import java.util.Set;
/**
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/GroupQuery.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/GroupQuery.java
index 905d271..8c19e67 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/GroupQuery.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/GroupQuery.java
@@ -1,7 +1,5 @@
package org.keycloak.models.cache.infinispan.entities;
-import org.keycloak.models.cache.infinispan.entities.InRealm;
-
import java.util.Set;
/**
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleListQuery.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleListQuery.java
index 4b0ab08..21a73ad 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleListQuery.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleListQuery.java
@@ -1,9 +1,6 @@
package org.keycloak.models.cache.infinispan.entities;
import org.keycloak.models.RealmModel;
-import org.keycloak.models.cache.infinispan.entities.AbstractRevisioned;
-import org.keycloak.models.cache.infinispan.entities.ClientQuery;
-import org.keycloak.models.cache.infinispan.entities.RoleQuery;
import java.util.HashSet;
import java.util.Set;
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleQuery.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleQuery.java
index 6635831..a6c22e3 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleQuery.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleQuery.java
@@ -1,7 +1,5 @@
package org.keycloak.models.cache.infinispan.entities;
-import org.keycloak.models.cache.infinispan.entities.InRealm;
-
import java.util.Set;
/**
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserListQuery.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserListQuery.java
new file mode 100755
index 0000000..c19e7aa
--- /dev/null
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserListQuery.java
@@ -0,0 +1,49 @@
+package org.keycloak.models.cache.infinispan.entities;
+
+import org.keycloak.models.RealmModel;
+
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public class UserListQuery extends AbstractRevisioned implements UserQuery {
+ private final Set<String> users;
+ private final String realm;
+ private final String realmName;
+
+ public UserListQuery(Long revisioned, String id, RealmModel realm, Set<String> users) {
+ super(revisioned, id);
+ this.realm = realm.getId();
+ this.realmName = realm.getName();
+ this.users = users;
+ }
+
+ public UserListQuery(Long revisioned, String id, RealmModel realm, String user) {
+ super(revisioned, id);
+ this.realm = realm.getId();
+ this.realmName = realm.getName();
+ this.users = new HashSet<>();
+ this.users.add(user);
+ }
+
+ @Override
+ public Set<String> getUsers() {
+ return users;
+ }
+
+ @Override
+ public String getRealm() {
+ return realm;
+ }
+
+ @Override
+ public String toString() {
+ return "UserListQuery{" +
+ "id='" + getId() + "'" +
+ "realmName='" + realmName + '\'' +
+ '}';
+ }
+}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserQuery.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserQuery.java
new file mode 100755
index 0000000..5f890a2
--- /dev/null
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserQuery.java
@@ -0,0 +1,11 @@
+package org.keycloak.models.cache.infinispan.entities;
+
+import java.util.Set;
+
+/**
+ * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
+ * @version $Revision: 1 $
+ */
+public interface UserQuery extends InRealm {
+ Set<String> getUsers();
+}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/GroupListQuery.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/GroupListQuery.java
index b4cb353..1fa4411 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/GroupListQuery.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/GroupListQuery.java
@@ -2,10 +2,8 @@ package org.keycloak.models.cache.infinispan;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.infinispan.entities.AbstractRevisioned;
-import org.keycloak.models.cache.infinispan.entities.ClientQuery;
import org.keycloak.models.cache.infinispan.entities.GroupQuery;
-import java.util.HashSet;
import java.util.Set;
/**
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java
index fb9946b..f32ac69 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java
@@ -35,12 +35,12 @@ public class InfinispanCacheRealmProviderFactory implements CacheRealmProviderFa
private static final Logger log = Logger.getLogger(InfinispanCacheRealmProviderFactory.class);
- protected volatile StreamRealmCache realmCache;
+ protected volatile RealmCacheManager realmCache;
@Override
public CacheRealmProvider create(KeycloakSession session) {
lazyInit(session);
- return new StreamCacheRealmProvider(realmCache, session);
+ return new RealmCacheSession(realmCache, session);
}
private void lazyInit(KeycloakSession session) {
@@ -49,7 +49,7 @@ public class InfinispanCacheRealmProviderFactory implements CacheRealmProviderFa
if (realmCache == null) {
Cache<String, Revisioned> cache = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.REALM_CACHE_NAME);
Cache<String, Long> revisions = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.VERSION_CACHE_NAME);
- realmCache = new StreamRealmCache(cache, revisions);
+ realmCache = new RealmCacheManager(cache, revisions);
}
}
}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheUserProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheUserProviderFactory.java
index e8657ff..4b16110 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheUserProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheUserProviderFactory.java
@@ -18,9 +18,6 @@
package org.keycloak.models.cache.infinispan;
import org.infinispan.Cache;
-import org.infinispan.notifications.Listener;
-import org.infinispan.notifications.cachelistener.annotation.*;
-import org.infinispan.notifications.cachelistener.event.*;
import org.jboss.logging.Logger;
import org.keycloak.Config;
import org.keycloak.connections.infinispan.InfinispanConnectionProvider;
@@ -28,9 +25,7 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.cache.CacheUserProvider;
import org.keycloak.models.cache.CacheUserProviderFactory;
-import org.keycloak.models.cache.infinispan.entities.CachedUser;
-
-import java.util.concurrent.ConcurrentHashMap;
+import org.keycloak.models.cache.infinispan.entities.Revisioned;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
@@ -39,25 +34,23 @@ public class InfinispanCacheUserProviderFactory implements CacheUserProviderFact
private static final Logger log = Logger.getLogger(InfinispanCacheUserProviderFactory.class);
- protected volatile InfinispanUserCache userCache;
+ protected volatile UserCacheManager userCache;
- protected final RealmLookup usernameLookup = new RealmLookup();
- protected final RealmLookup emailLookup = new RealmLookup();
@Override
public CacheUserProvider create(KeycloakSession session) {
lazyInit(session);
- return new DefaultCacheUserProvider(userCache, session);
+ return new UserCacheSession(userCache, session);
}
private void lazyInit(KeycloakSession session) {
if (userCache == null) {
synchronized (this) {
if (userCache == null) {
- Cache<String, CachedUser> cache = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.USER_CACHE_NAME);
- cache.addListener(new CacheListener());
- userCache = new InfinispanUserCache(cache, usernameLookup, emailLookup);
+ Cache<String, Revisioned> cache = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.USER_CACHE_NAME);
+ Cache<String, Long> revisions = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.VERSION_CACHE_NAME);
+ userCache = new UserCacheManager(cache, revisions);
}
}
}
@@ -81,100 +74,5 @@ public class InfinispanCacheUserProviderFactory implements CacheUserProviderFact
return "default";
}
- @Listener
- public class CacheListener {
-
- @CacheEntryCreated
- public void userCreated(CacheEntryCreatedEvent<String, CachedUser> event) {
- if (!event.isPre()) {
- CachedUser user = event.getValue();
- if (user != null) {
- String realm = user.getRealm();
-
- usernameLookup.put(realm, user.getUsername(), user.getId());
- if (user.getEmail() != null) {
- emailLookup.put(realm, user.getEmail(), user.getId());
- }
-
- log.tracev("User added realm={0}, id={1}, username={2}", realm, user.getId(), user.getUsername());
- }
- }
- }
-
- @CacheEntryRemoved
- public void userRemoved(CacheEntryRemovedEvent<String, CachedUser> event) {
- if (event.isPre()) {
- CachedUser user = event.getValue();
- if (user != null) {
- removeUser(user);
-
- log.tracev("User invalidated realm={0}, id={1}, username={2}", user.getRealm(), user.getId(), user.getUsername());
- }
- }
- }
-
- @CacheEntryInvalidated
- public void userInvalidated(CacheEntryInvalidatedEvent<String, CachedUser> event) {
- if (event.isPre()) {
- CachedUser user = event.getValue();
- if (user != null) {
- removeUser(user);
-
- log.tracev("User invalidated realm={0}, id={1}, username={2}", user.getRealm(), user.getId(), user.getUsername());
- }
- }
- }
-
- @CacheEntriesEvicted
- public void userEvicted(CacheEntriesEvictedEvent<String, CachedUser> event) {
- for (CachedUser user : event.getEntries().values()) {
- removeUser(user);
-
- log.tracev("User evicted realm={0}, id={1}, username={2}", user.getRealm(), user.getId(), user.getUsername());
- }
- }
-
- private void removeUser(CachedUser cachedUser) {
- String realm = cachedUser.getRealm();
- usernameLookup.remove(realm, cachedUser.getUsername());
- if (cachedUser.getEmail() != null) {
- emailLookup.remove(realm, cachedUser.getEmail());
- }
- }
-
- }
-
- static class RealmLookup {
-
- protected final ConcurrentHashMap<String, ConcurrentHashMap<String, String>> lookup = new ConcurrentHashMap<>();
-
- public void put(String realm, String key, String value) {
- ConcurrentHashMap<String, String> map = lookup.get(realm);
- if(map == null) {
- map = new ConcurrentHashMap<>();
- ConcurrentHashMap<String, String> p = lookup.putIfAbsent(realm, map);
- if (p != null) {
- map = p;
- }
- }
- map.put(key, value);
- }
-
- public String get(String realm, String key) {
- ConcurrentHashMap<String, String> map = lookup.get(realm);
- return map != null ? map.get(key) : null;
- }
-
- public void remove(String realm, String key) {
- ConcurrentHashMap<String, String> map = lookup.get(realm);
- if (map != null) {
- map.remove(key);
- if (map.isEmpty()) {
- lookup.remove(realm);
- }
- }
- }
-
- }
}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java
index 837010c..425ad88 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmAdapter.java
@@ -19,7 +19,22 @@ package org.keycloak.models.cache.infinispan;
import org.keycloak.Config;
import org.keycloak.common.enums.SslRequired;
-import org.keycloak.models.*;
+import org.keycloak.models.AuthenticationExecutionModel;
+import org.keycloak.models.AuthenticationFlowModel;
+import org.keycloak.models.AuthenticatorConfigModel;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.ClientTemplateModel;
+import org.keycloak.models.GroupModel;
+import org.keycloak.models.IdentityProviderMapperModel;
+import org.keycloak.models.IdentityProviderModel;
+import org.keycloak.models.OTPPolicy;
+import org.keycloak.models.PasswordPolicy;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RequiredActionProviderModel;
+import org.keycloak.models.RequiredCredentialModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserFederationMapperModel;
+import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.cache.CacheRealmProvider;
import org.keycloak.models.cache.infinispan.entities.CachedRealm;
import org.keycloak.models.utils.KeycloakModelUtils;
@@ -28,7 +43,13 @@ import java.security.Key;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.*;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.LinkedList;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheManager.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheManager.java
new file mode 100755
index 0000000..55e3b38
--- /dev/null
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheManager.java
@@ -0,0 +1,162 @@
+/*
+ * Copyright 2016 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.keycloak.models.cache.infinispan;
+
+import org.infinispan.Cache;
+import org.infinispan.notifications.Listener;
+import org.jboss.logging.Logger;
+import org.keycloak.models.cache.infinispan.entities.CachedClient;
+import org.keycloak.models.cache.infinispan.entities.CachedClientTemplate;
+import org.keycloak.models.cache.infinispan.entities.CachedGroup;
+import org.keycloak.models.cache.infinispan.entities.CachedRealm;
+import org.keycloak.models.cache.infinispan.entities.CachedRole;
+import org.keycloak.models.cache.infinispan.entities.Revisioned;
+import org.keycloak.models.cache.infinispan.stream.ClientQueryPredicate;
+import org.keycloak.models.cache.infinispan.stream.ClientTemplateQueryPredicate;
+import org.keycloak.models.cache.infinispan.stream.GroupQueryPredicate;
+import org.keycloak.models.cache.infinispan.stream.HasRolePredicate;
+import org.keycloak.models.cache.infinispan.stream.InClientPredicate;
+import org.keycloak.models.cache.infinispan.stream.InRealmPredicate;
+import org.keycloak.models.cache.infinispan.stream.RealmQueryPredicate;
+
+import java.util.Map;
+import java.util.Set;
+import java.util.function.Predicate;
+
+/**
+ * @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
+ */
+@Listener
+public class RealmCacheManager extends CacheManager {
+
+ protected static final Logger logger = Logger.getLogger(RealmCacheManager.class);
+
+ public RealmCacheManager(Cache<String, Revisioned> cache, Cache<String, Long> revisions) {
+ super(cache, revisions);
+ }
+
+
+ public void realmInvalidation(String id, Set<String> invalidations) {
+ Predicate<Map.Entry<String, Revisioned>> predicate = getRealmInvalidationPredicate(id);
+ addInvalidations(predicate, invalidations);
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getRealmInvalidationPredicate(String id) {
+ return RealmQueryPredicate.create().realm(id);
+ }
+
+ public void clientInvalidation(String id, Set<String> invalidations) {
+ addInvalidations(getClientInvalidationPredicate(id), invalidations);
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getClientInvalidationPredicate(String id) {
+ return ClientQueryPredicate.create().client(id);
+ }
+
+ public void roleInvalidation(String id, Set<String> invalidations) {
+ addInvalidations(getRoleInvalidationPredicate(id), invalidations);
+
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getRoleInvalidationPredicate(String id) {
+ return HasRolePredicate.create().role(id);
+ }
+
+ public void groupInvalidation(String id, Set<String> invalidations) {
+ addInvalidations(getGroupInvalidationPredicate(id), invalidations);
+
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getGroupInvalidationPredicate(String id) {
+ return GroupQueryPredicate.create().group(id);
+ }
+
+ public void clientTemplateInvalidation(String id, Set<String> invalidations) {
+ addInvalidations(getClientTemplateInvalidationPredicate(id), invalidations);
+
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getClientTemplateInvalidationPredicate(String id) {
+ return ClientTemplateQueryPredicate.create().template(id);
+ }
+
+ public void realmRemoval(String id, Set<String> invalidations) {
+ Predicate<Map.Entry<String, Revisioned>> predicate = getRealmRemovalPredicate(id);
+ addInvalidations(predicate, invalidations);
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getRealmRemovalPredicate(String id) {
+ Predicate<Map.Entry<String, Revisioned>> predicate = null;
+ predicate = RealmQueryPredicate.create().realm(id)
+ .or(InRealmPredicate.create().realm(id));
+ return predicate;
+ }
+
+ public void clientAdded(String realmId, String id, Set<String> invalidations) {
+ addInvalidations(getClientAddedPredicate(realmId), invalidations);
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getClientAddedPredicate(String realmId) {
+ return ClientQueryPredicate.create().inRealm(realmId);
+ }
+
+ public void clientRemoval(String realmId, String id, Set<String> invalidations) {
+ Predicate<Map.Entry<String, Revisioned>> predicate = null;
+ predicate = getClientRemovalPredicate(realmId, id);
+ addInvalidations(predicate, invalidations);
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getClientRemovalPredicate(String realmId, String id) {
+ Predicate<Map.Entry<String, Revisioned>> predicate;
+ predicate = ClientQueryPredicate.create().inRealm(realmId)
+ .or(ClientQueryPredicate.create().client(id))
+ .or(InClientPredicate.create().client(id));
+ return predicate;
+ }
+
+ public void roleRemoval(String id, Set<String> invalidations) {
+ addInvalidations(getRoleRemovalPredicate(id), invalidations);
+
+ }
+
+ public Predicate<Map.Entry<String, Revisioned>> getRoleRemovalPredicate(String id) {
+ return getRoleInvalidationPredicate(id);
+ }
+
+ @Override
+ protected Predicate<Map.Entry<String, Revisioned>> getInvalidationPredicate(Object object) {
+ if (object instanceof CachedRealm) {
+ CachedRealm cached = (CachedRealm)object;
+ return getRealmRemovalPredicate(cached.getId());
+ } else if (object instanceof CachedClient) {
+ CachedClient cached = (CachedClient)object;
+ Predicate<Map.Entry<String, Revisioned>> predicate = getClientRemovalPredicate(cached.getRealm(), cached.getId());
+ return predicate;
+ } else if (object instanceof CachedRole) {
+ CachedRole cached = (CachedRole)object;
+ return getRoleRemovalPredicate(cached.getId());
+ } else if (object instanceof CachedGroup) {
+ CachedGroup cached = (CachedGroup)object;
+ return getGroupInvalidationPredicate(cached.getId());
+ } else if (object instanceof CachedClientTemplate) {
+ CachedClientTemplate cached = (CachedClientTemplate)object;
+ return getClientTemplateInvalidationPredicate(cached.getId());
+ }
+ return null;
+ }
+}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UpdateCounter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UpdateCounter.java
index 8097074..966b1f4 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UpdateCounter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UpdateCounter.java
@@ -9,13 +9,13 @@ import java.util.concurrent.atomic.AtomicLong;
*/
public class UpdateCounter {
- private static final AtomicLong counter = new AtomicLong();
+ private final AtomicLong counter = new AtomicLong();
- public static long current() {
+ public long current() {
return counter.get();
}
- public static long next() {
+ public long next() {
return counter.incrementAndGet();
}
diff --git a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserAdapter.java b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserAdapter.java
index 6421ca2..f628bb5 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserAdapter.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserAdapter.java
@@ -17,12 +17,24 @@
package org.keycloak.models.cache.infinispan;
-import org.keycloak.models.*;
-import org.keycloak.models.cache.CacheUserProvider;
+import org.keycloak.models.ClientModel;
+import org.keycloak.models.GroupModel;
+import org.keycloak.models.KeycloakSession;
+import org.keycloak.models.RealmModel;
+import org.keycloak.models.RoleContainerModel;
+import org.keycloak.models.RoleModel;
+import org.keycloak.models.UserConsentModel;
+import org.keycloak.models.UserCredentialModel;
+import org.keycloak.models.UserCredentialValueModel;
+import org.keycloak.models.UserModel;
import org.keycloak.models.cache.infinispan.entities.CachedUser;
import org.keycloak.models.utils.KeycloakModelUtils;
-import java.util.*;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -31,11 +43,11 @@ import java.util.*;
public class UserAdapter implements UserModel {
protected UserModel updated;
protected CachedUser cached;
- protected CacheUserProvider userProviderCache;
+ protected UserCacheSession userProviderCache;
protected KeycloakSession keycloakSession;
protected RealmModel realm;
- public UserAdapter(CachedUser cached, CacheUserProvider userProvider, KeycloakSession keycloakSession, RealmModel realm) {
+ public UserAdapter(CachedUser cached, UserCacheSession userProvider, KeycloakSession keycloakSession, RealmModel realm) {
this.cached = cached;
this.userProviderCache = userProvider;
this.keycloakSession = keycloakSession;
@@ -44,7 +56,7 @@ public class UserAdapter implements UserModel {
protected void getDelegateForUpdate() {
if (updated == null) {
- userProviderCache.registerUserInvalidation(realm, getId());
+ userProviderCache.registerUserInvalidation(realm, cached);
updated = userProviderCache.getDelegate().getUserById(getId(), realm);
if (updated == null) throw new IllegalStateException("Not found in database");
}
diff --git a/server-spi/src/main/java/org/keycloak/models/cache/CacheUserProvider.java b/server-spi/src/main/java/org/keycloak/models/cache/CacheUserProvider.java
index d9c9e56..63c9706 100755
--- a/server-spi/src/main/java/org/keycloak/models/cache/CacheUserProvider.java
+++ b/server-spi/src/main/java/org/keycloak/models/cache/CacheUserProvider.java
@@ -27,5 +27,4 @@ import org.keycloak.models.UserProvider;
public interface CacheUserProvider extends UserProvider {
void clear();
UserProvider getDelegate();
- void registerUserInvalidation(RealmModel realm, String id);
}
diff --git a/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-infinispan.xml b/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-infinispan.xml
index 79f741a..837407a 100755
--- a/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-infinispan.xml
+++ b/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-infinispan.xml
@@ -26,7 +26,9 @@
<replacement placeholder="CACHE-CONTAINERS">
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
<local-cache name="realms"/>
- <local-cache name="users"/>
+ <local-cache name="users">
+ <eviction max-entries="10000" strategy="LRU"/>
+ </local-cache>
<local-cache name="sessions"/>
<local-cache name="offlineSessions"/>
<local-cache name="loginFailures"/>
@@ -87,7 +89,9 @@
<cache-container name="keycloak" jndi-name="infinispan/Keycloak">
<transport lock-timeout="60000"/>
<invalidation-cache name="realms" mode="SYNC"/>
- <invalidation-cache name="users" mode="SYNC"/>
+ <invalidation-cache name="users" mode="SYNC">
+ <eviction max-entries="10000" strategy="LRU"/>
+ </invalidation-cache>
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>