keycloak-aplcache
Changes
connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java 14(+1 -13)
model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java 15(+13 -2)
model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java 6(+6 -0)
model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java 2(+2 -0)
Details
diff --git a/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java b/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java
index d1e7ac6..be76cc9 100755
--- a/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java
+++ b/connections/infinispan/src/main/java/org/keycloak/connections/infinispan/DefaultInfinispanConnectionProviderFactory.java
@@ -66,19 +66,6 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
} else {
initEmbedded();
}
-
- // Backwards compatibility
- if (cacheManager.getCacheConfiguration(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME) == null) {
- logger.debugf("No configuration provided for '%s' cache. Using '%s' configuration as template",
- InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, InfinispanConnectionProvider.SESSION_CACHE_NAME);
-
- Configuration sessionCacheConfig = cacheManager.getCacheConfiguration(InfinispanConnectionProvider.SESSION_CACHE_NAME);
- if (sessionCacheConfig != null) {
- ConfigurationBuilder confBuilder = new ConfigurationBuilder().read(sessionCacheConfig);
- Configuration offlineSessionConfig = confBuilder.build();
- cacheManager.defineConfiguration(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, offlineSessionConfig);
- }
- }
}
}
}
@@ -139,6 +126,7 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
Configuration sessionCacheConfiguration = sessionConfigBuilder.build();
cacheManager.defineConfiguration(InfinispanConnectionProvider.SESSION_CACHE_NAME, sessionCacheConfiguration);
+ cacheManager.defineConfiguration(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, sessionCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME, sessionCacheConfiguration);
}
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl
index 3d4b77c..403fe34 100755
--- a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone.xsl
@@ -51,6 +51,7 @@
<local-cache name="realms"/>
<local-cache name="users"/>
<local-cache name="sessions"/>
+ <local-cache name="offlineSessions"/>
<local-cache name="loginFailures"/>
</cache-container>
<xsl:apply-templates select="node()|@*"/>
diff --git a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone-ha.xsl b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone-ha.xsl
index 31f681f..c068071 100755
--- a/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone-ha.xsl
+++ b/distribution/server-overlay/eap6/eap6-server-overlay/src/main/xslt/standalone-ha.xsl
@@ -43,6 +43,7 @@
<invalidation-cache name="realms" mode="SYNC"/>
<invalidation-cache name="users" mode="SYNC"/>
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
+ <distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
</cache-container>
<xsl:apply-templates select="node()|@*"/>
diff --git a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java
index 5a76153..5aec527 100755
--- a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java
+++ b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheRealmProviderFactory.java
@@ -17,9 +17,8 @@ import org.keycloak.models.KeycloakSession;
import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.cache.CacheRealmProvider;
import org.keycloak.models.cache.CacheRealmProviderFactory;
-import org.keycloak.models.cache.RealmCache;
+import org.keycloak.models.cache.entities.CachedClient;
import org.keycloak.models.cache.entities.CachedRealm;
-import org.keycloak.models.cache.entities.CachedUser;
import java.util.concurrent.ConcurrentHashMap;
@@ -143,11 +142,23 @@ public class InfinispanCacheRealmProviderFactory implements CacheRealmProviderFa
realmLookup.remove(realm.getName());
+ for (String r : realm.getRealmRoles().values()) {
+ realmCache.evictCachedRoleById(r);
+ }
+
for (String c : realm.getClients().values()) {
realmCache.evictCachedApplicationById(c);
}
log.tracev("Realm removed realm={0}", realm.getName());
+ } else if (object instanceof CachedClient) {
+ CachedClient client = (CachedClient) object;
+
+ for (String r : client.getRoles().values()) {
+ realmCache.evictCachedRoleById(r);
+ }
+
+ log.tracev("Client removed client={0}", client.getId());
}
}
}
diff --git a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java
index 4cd4f79..07e2d9a 100755
--- a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java
+++ b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java
@@ -161,6 +161,12 @@ public class InfinispanRealmCache implements RealmCache {
}
@Override
+ public void evictCachedRoleById(String id) {
+ logger.tracev("Evicting role {0}", id);
+ cache.evict(id);
+ }
+
+ @Override
public void addCachedRole(CachedRole role) {
if (!enabled) return;
logger.tracev("Adding role {0}", role.getId());
diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java
index e826ac1..56f9bc0 100755
--- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java
+++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java
@@ -37,6 +37,8 @@ public interface RealmCache {
void invalidateRole(CachedRole role);
+ void evictCachedRoleById(String id);
+
void addCachedRole(CachedRole role);
void invalidateCachedRoleById(String id);
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
index 038f43b..9d144e4 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java
@@ -264,8 +264,6 @@ public class RealmAdminResource {
if (!new RealmManager(session).removeRealm(realm)) {
throw new NotFoundException("Realm doesn't exist");
- } else {
- clearAdminEvents();
}
}
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java
index 604dcff..b2fb326 100644
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/admin/RealmTest.java
@@ -3,6 +3,9 @@ package org.keycloak.testsuite.admin;
import org.apache.commons.io.IOUtils;
import org.junit.Assert;
import org.junit.Test;
+import org.keycloak.admin.client.Keycloak;
+import org.keycloak.admin.client.resource.ServerInfoResource;
+import org.keycloak.models.Constants;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.ClientRepresentation;
@@ -91,6 +94,14 @@ public class RealmTest extends AbstractClientTest {
}
@Test
+ public void loginAfterRemoveRealm() {
+ realm.remove();
+
+ ServerInfoResource serverInfoResource = Keycloak.getInstance("http://localhost:8081/auth", "master", "admin", "admin", Constants.ADMIN_CLI_CLIENT_ID).serverInfo();
+ serverInfoResource.getInfo();
+ }
+
+ @Test
public void updateRealm() {
// first change
RealmRepresentation rep = realm.toRepresentation();
diff --git a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
index a69b733..b8002d3 100755
--- a/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
+++ b/testsuite/integration/src/test/java/org/keycloak/testsuite/oauth/RefreshTokenTest.java
@@ -332,6 +332,48 @@ public class RefreshTokenTest {
}
@Test
+ public void refreshTokenClientDisabled() throws Exception {
+ oauth.doLogin("test-user@localhost", "password");
+
+ Event loginEvent = events.expectLogin().assertEvent();
+
+ String sessionId = loginEvent.getSessionId();
+ String codeId = loginEvent.getDetails().get(Details.CODE_ID);
+
+ String code = oauth.getCurrentQuery().get(OAuth2Constants.CODE);
+
+ AccessTokenResponse response = oauth.doAccessTokenRequest(code, "password");
+ String refreshTokenString = response.getRefreshToken();
+ RefreshToken refreshToken = oauth.verifyRefreshToken(refreshTokenString);
+
+ events.expectCodeToToken(codeId, sessionId).assertEvent();
+
+ try {
+ keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+ appRealm.getClientByClientId(oauth.getClientId()).setEnabled(false);
+ }
+ });
+
+ response = oauth.doRefreshTokenRequest(refreshTokenString, "password");
+
+ assertEquals(400, response.getStatusCode());
+ assertEquals("invalid_client", response.getError());
+
+ events.expectRefresh(refreshToken.getId(), sessionId).user((String) null).session((String) null).clearDetails().error(Errors.CLIENT_DISABLED).assertEvent();
+ } finally {
+ keycloakRule.configure(new KeycloakRule.KeycloakSetup() {
+ @Override
+ public void config(RealmManager manager, RealmModel adminstrationRealm, RealmModel appRealm) {
+ appRealm.getClientByClientId(oauth.getClientId()).setEnabled(true);
+ }
+ });
+
+ }
+ }
+
+ @Test
public void refreshTokenUserSessionExpired() {
oauth.doLogin("test-user@localhost", "password");
diff --git a/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java b/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
index 150dbbd..1c255e9 100644
--- a/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
+++ b/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakServerDeploymentProcessor.java
@@ -60,6 +60,7 @@ public class KeycloakServerDeploymentProcessor implements DeploymentUnitProcesso
st.addDependency(cacheContainerService.append("realms"));
st.addDependency(cacheContainerService.append("users"));
st.addDependency(cacheContainerService.append("sessions"));
+ st.addDependency(cacheContainerService.append("offlineSessions"));
st.addDependency(cacheContainerService.append("loginFailures"));
}
}
diff --git a/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-infinispan.xml b/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-infinispan.xml
index 1d92afc..5da36aa 100644
--- a/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-infinispan.xml
+++ b/wildfly/server-subsystem/src/main/resources/subsystem-templates/keycloak-infinispan.xml
@@ -11,6 +11,7 @@
<local-cache name="realms"/>
<local-cache name="users"/>
<local-cache name="sessions"/>
+ <local-cache name="offlineSessions"/>
<local-cache name="loginFailures"/>
</cache-container>
<cache-container name="server" default-cache="default" module="org.wildfly.clustering.server">
@@ -59,6 +60,7 @@
<invalidation-cache name="realms" mode="SYNC"/>
<invalidation-cache name="users" mode="SYNC"/>
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
+ <distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
</cache-container>
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">