libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

refactor user cache

Browse source
This commit is contained in:
Bill Burke 2016-03-10 12:57:20 -05:00
parent cd299c995b
commit 82ad26189f
16 changed files with 290 additions and 312 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/CacheManager.java vendored
View file

@ -23,24 +23,26 @@ public abstract class CacheManager {
protected static final Logger logger = Logger.getLogger(CacheManager.class);
protected final Cache<String, Long> revisions;
protected final Cache<String, Revisioned> cache;
protected final UpdateCounter counter = new UpdateCounter();
public CacheManager(Cache<String, Revisioned> cache, Cache<String, Long> revisions) {
this.cache = cache;
this.revisions = revisions;
this.cache.addListener(this);
}
public Cache<String, Revisioned> getCache() {
return cache;
}
public Cache<String, Long> getRevisions() {
return revisions;
public long getCurrentCounter() {
return counter.current();
}
public Long getCurrentRevision(String id) {
Long revision = revisions.get(id);
if (revision == null) {
revision = UpdateCounter.current();
revision = counter.current();
}
// if you do cache.remove() on node 1 and the entry doesn't exist on node 2, node 2 never receives a invalidation event
// so, we do this to force this.
@ -85,7 +87,7 @@ public abstract class CacheManager {
}
protected void bumpVersion(String id) {
long next = UpdateCounter.next();
long next = counter.next();
Object rev = revisions.put(id, next);
}
@ -97,7 +99,7 @@ public abstract class CacheManager {
Long rev = revisions.get(id);
if (rev == null) {
if (id.endsWith("realm.clients")) RealmCacheManager.logger.trace("addRevisioned rev == null realm.clients");
rev = UpdateCounter.current();
rev = counter.current();
revisions.put(id, rev);
}
revisions.startBatch();

108
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanCacheUserProviderFactory.java vendored
View file

@ -29,6 +29,7 @@ import org.keycloak.models.KeycloakSessionFactory;
import org.keycloak.models.cache.CacheUserProvider;
import org.keycloak.models.cache.CacheUserProviderFactory;
import org.keycloak.models.cache.infinispan.entities.CachedUser;
import org.keycloak.models.cache.infinispan.entities.Revisioned;
import java.util.concurrent.ConcurrentHashMap;
@ -39,25 +40,23 @@ public class InfinispanCacheUserProviderFactory implements CacheUserProviderFact
private static final Logger log = Logger.getLogger(InfinispanCacheUserProviderFactory.class);
protected volatile InfinispanUserCache userCache;
protected volatile UserCacheManager userCache;
protected final RealmLookup usernameLookup = new RealmLookup();
protected final RealmLookup emailLookup = new RealmLookup();
@Override
public CacheUserProvider create(KeycloakSession session) {
lazyInit(session);
return new DefaultCacheUserProvider(userCache, session);
return new UserCacheSession(userCache, session);
}
private void lazyInit(KeycloakSession session) {
if (userCache == null) {
synchronized (this) {
if (userCache == null) {
Cache<String, CachedUser> cache = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.USER_CACHE_NAME);
cache.addListener(new CacheListener());
userCache = new InfinispanUserCache(cache, usernameLookup, emailLookup);
Cache<String, Revisioned> cache = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.USER_CACHE_NAME);
Cache<String, Long> revisions = session.getProvider(InfinispanConnectionProvider.class).getCache(InfinispanConnectionProvider.VERSION_CACHE_NAME);
userCache = new UserCacheManager(cache, revisions);
}
}
}
@ -81,100 +80,5 @@ public class InfinispanCacheUserProviderFactory implements CacheUserProviderFact
return "default";
}
@Listener
public class CacheListener {
@CacheEntryCreated
public void userCreated(CacheEntryCreatedEvent<String, CachedUser> event) {
if (!event.isPre()) {
CachedUser user = event.getValue();
if (user != null) {
String realm = user.getRealm();
usernameLookup.put(realm, user.getUsername(), user.getId());
if (user.getEmail() != null) {
emailLookup.put(realm, user.getEmail(), user.getId());
}
log.tracev("User added realm={0}, id={1}, username={2}", realm, user.getId(), user.getUsername());
}
}
}
@CacheEntryRemoved
public void userRemoved(CacheEntryRemovedEvent<String, CachedUser> event) {
if (event.isPre()) {
CachedUser user = event.getValue();
if (user != null) {
removeUser(user);
log.tracev("User invalidated realm={0}, id={1}, username={2}", user.getRealm(), user.getId(), user.getUsername());
}
}
}
@CacheEntryInvalidated
public void userInvalidated(CacheEntryInvalidatedEvent<String, CachedUser> event) {
if (event.isPre()) {
CachedUser user = event.getValue();
if (user != null) {
removeUser(user);
log.tracev("User invalidated realm={0}, id={1}, username={2}", user.getRealm(), user.getId(), user.getUsername());
}
}
}
@CacheEntriesEvicted
public void userEvicted(CacheEntriesEvictedEvent<String, CachedUser> event) {
for (CachedUser user : event.getEntries().values()) {
removeUser(user);
log.tracev("User evicted realm={0}, id={1}, username={2}", user.getRealm(), user.getId(), user.getUsername());
}
}
private void removeUser(CachedUser cachedUser) {
String realm = cachedUser.getRealm();
usernameLookup.remove(realm, cachedUser.getUsername());
if (cachedUser.getEmail() != null) {
emailLookup.remove(realm, cachedUser.getEmail());
}
}
}
static class RealmLookup {
protected final ConcurrentHashMap<String, ConcurrentHashMap<String, String>> lookup = new ConcurrentHashMap<>();
public void put(String realm, String key, String value) {
ConcurrentHashMap<String, String> map = lookup.get(realm);
if(map == null) {
map = new ConcurrentHashMap<>();
ConcurrentHashMap<String, String> p = lookup.putIfAbsent(realm, map);
if (p != null) {
map = p;
}
}
map.put(key, value);
}
public String get(String realm, String key) {
ConcurrentHashMap<String, String> map = lookup.get(realm);
return map != null ? map.get(key) : null;
}
public void remove(String realm, String key) {
ConcurrentHashMap<String, String> map = lookup.get(realm);
if (map != null) {
map.remove(key);
if (map.isEmpty()) {
lookup.remove(realm);
}
}
}
}
}

88
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanUserCache.java vendored
View file

@ -1,88 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.cache.infinispan;
import org.infinispan.Cache;
import org.jboss.logging.Logger;
import org.keycloak.models.cache.infinispan.entities.CachedUser;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
public class InfinispanUserCache implements UserCache {
protected static final Logger logger = Logger.getLogger(InfinispanUserCache.class);
protected volatile boolean enabled = true;
protected final Cache<String, CachedUser> cache;
protected final InfinispanCacheUserProviderFactory.RealmLookup usernameLookup;
protected final InfinispanCacheUserProviderFactory.RealmLookup emailLookup;
public InfinispanUserCache(Cache<String, CachedUser> cache, InfinispanCacheUserProviderFactory.RealmLookup usernameLookup, InfinispanCacheUserProviderFactory.RealmLookup emailLookup) {
this.cache = cache;
this.usernameLookup = usernameLookup;
this.emailLookup = emailLookup;
}
@Override
public CachedUser getCachedUser(String realmId, String id) {
if (realmId == null || id == null) return null;
CachedUser user = cache.get(id);
return user != null && realmId.equals(user.getRealm()) ? user : null;
}
@Override
public void invalidateCachedUserById(String realmId, String id) {
logger.tracev("Invalidating user {0}", id);
cache.remove(id);
}
@Override
public void addCachedUser(String realmId, CachedUser user) {
logger.tracev("Adding user {0}", user.getId());
cache.putForExternalRead(user.getId(), user);
}
@Override
public CachedUser getCachedUserByUsername(String realmId, String name) {
String id = usernameLookup.get(realmId, name);
return id != null ? getCachedUser(realmId, id) : null;
}
@Override
public CachedUser getCachedUserByEmail(String realmId, String email) {
String id = emailLookup.get(realmId, email);
return id != null ? getCachedUser(realmId, id) : null;
}
@Override
public void invalidateRealmUsers(String realmId) {
logger.tracev("Invalidating users for realm {0}", realmId);
cache.clear();
}
@Override
public void clear() {
cache.clear();
}
}

1
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheManager.java vendored
View file

@ -48,7 +48,6 @@ public class RealmCacheManager extends CacheManager {
public RealmCacheManager(Cache<String, Revisioned> cache, Cache<String, Long> revisions) {
super(cache, revisions);
this.cache.addListener(this);
}

18
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java vendored
View file

@ -131,7 +131,7 @@ public class RealmCacheSession implements CacheRealmProvider {
public RealmCacheSession(RealmCacheManager cache, KeycloakSession session) {
this.cache = cache;
this.session = session;
this.startupRevision = UpdateCounter.current();
this.startupRevision = cache.getCurrentCounter();
session.getTransaction().enlistPrepare(getPrepareTransaction());
session.getTransaction().enlistAfterCompletion(getAfterTransaction());
}
@ -380,6 +380,14 @@ public class RealmCacheSession implements CacheRealmProvider {
return getDelegate().removeRealm(id);
}
protected void invalidateClient(RealmModel realm, ClientModel client) {
invalidations.add(client.getId());
invalidations.add(getRealmClientsQueryCacheKey(realm.getId()));
invalidations.add(getClientByClientIdCacheKey(client.getClientId(), realm));
listInvalidations.add(realm.getId());
}
@Override
public ClientModel addClient(RealmModel realm, String clientId) {
ClientModel client = getDelegate().addClient(realm, clientId);
@ -395,8 +403,7 @@ public class RealmCacheSession implements CacheRealmProvider {
private ClientModel addedClient(RealmModel realm, ClientModel client) {
logger.trace("added Client.....");
// need to invalidate realm client query cache every time as it may not be loaded on this node, but loaded on another
invalidations.add(getRealmClientsQueryCacheKey(realm.getId()));
invalidations.add(client.getId());
invalidateClient(realm, client);
cache.clientAdded(realm.getId(), client.getId(), invalidations);
// this is needed so that a new client that hasn't been committed isn't cached in a query
listInvalidations.add(realm.getId());
@ -464,10 +471,7 @@ public class RealmCacheSession implements CacheRealmProvider {
ClientModel client = getClientById(id, realm);
if (client == null) return false;
// need to invalidate realm client query cache every time client list is changed
invalidations.add(getRealmClientsQueryCacheKey(realm.getId()));
invalidations.add(getClientByClientIdCacheKey(client.getClientId(), realm));
listInvalidations.add(realm.getId());
registerClientInvalidation(id);
invalidateClient(realm, client);
cache.clientRemoval(realm.getId(), id, invalidations);
for (RoleModel role : client.getRoles()) {
cache.roleInvalidation(role.getId(), invalidations);

6
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UpdateCounter.java vendored
View file

@ -9,13 +9,13 @@ import java.util.concurrent.atomic.AtomicLong;
*/
public class UpdateCounter {
private static final AtomicLong counter = new AtomicLong();
private final AtomicLong counter = new AtomicLong();
public static long current() {
public long current() {
return counter.get();
}
public static long next() {
public long next() {
return counter.incrementAndGet();
}

6
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserAdapter.java vendored
View file

@ -31,11 +31,11 @@ import java.util.*;
public class UserAdapter implements UserModel {
protected UserModel updated;
protected CachedUser cached;
protected CacheUserProvider userProviderCache;
protected UserCacheSession userProviderCache;
protected KeycloakSession keycloakSession;
protected RealmModel realm;
public UserAdapter(CachedUser cached, CacheUserProvider userProvider, KeycloakSession keycloakSession, RealmModel realm) {
public UserAdapter(CachedUser cached, UserCacheSession userProvider, KeycloakSession keycloakSession, RealmModel realm) {
this.cached = cached;
this.userProviderCache = userProvider;
this.keycloakSession = keycloakSession;
@ -44,7 +44,7 @@ public class UserAdapter implements UserModel {
protected void getDelegateForUpdate() {
if (updated == null) {
userProviderCache.registerUserInvalidation(realm, getId());
userProviderCache.registerUserInvalidation(realm, cached);
updated = userProviderCache.getDelegate().getUserById(getId(), realm);
if (updated == null) throw new IllegalStateException("Not found in database");
}

42
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCache.java vendored
View file

@ -1,42 +0,0 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.cache.infinispan;
import org.keycloak.models.cache.infinispan.entities.CachedUser;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface UserCache {
void clear();
CachedUser getCachedUser(String realmId, String id);
void addCachedUser(String realmId, CachedUser user);
CachedUser getCachedUserByUsername(String realmId, String name);
CachedUser getCachedUserByEmail(String realmId, String name);
void invalidateCachedUserById(String realmId, String id);
void invalidateRealmUsers(String realmId);
}

58
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheManager.java vendored Executable file
View file

@ -0,0 +1,58 @@
/*
* Copyright 2016 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.models.cache.infinispan;
import org.infinispan.Cache;
import org.infinispan.notifications.Listener;
import org.jboss.logging.Logger;
import org.keycloak.models.RealmModel;
import org.keycloak.models.cache.infinispan.entities.CachedUser;
import org.keycloak.models.cache.infinispan.entities.Revisioned;
import org.keycloak.models.cache.infinispan.stream.InRealmPredicate;
import java.util.Map;
import java.util.Set;
import java.util.function.Predicate;
/**
* @author <a href="mailto:sthorger@redhat.com">Stian Thorgersen</a>
*/
@Listener
public class UserCacheManager extends CacheManager {
protected static final Logger logger = Logger.getLogger(UserCacheManager.class);
protected volatile boolean enabled = true;
public UserCacheManager(Cache<String, Revisioned> cache, Cache<String, Long> revisions) {
super(cache, revisions);
}
@Override
public void clear() {
cache.clear();
}
@Override
protected Predicate<Map.Entry<String, Revisioned>> getInvalidationPredicate(Object object) {
return null;
}
public void invalidateRealmUsers(String realm, Set<String> invalidations) {
addInvalidations(InRealmPredicate.create().realm(realm), invalidations);
}
}

185
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java → model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/UserCacheSession.java vendored
View file

@ -17,9 +17,11 @@
package org.keycloak.models.cache.infinispan;
import org.jboss.logging.Logger;
import org.keycloak.models.*;
import org.keycloak.models.cache.CacheUserProvider;
import org.keycloak.models.cache.infinispan.entities.CachedUser;
import org.keycloak.models.cache.infinispan.entities.UserListQuery;
import java.util.*;
@ -27,21 +29,24 @@ import java.util.*;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class DefaultCacheUserProvider implements CacheUserProvider {
protected UserCache cache;
public class UserCacheSession implements CacheUserProvider {
protected static final Logger logger = Logger.getLogger(UserCacheSession.class);
protected UserCacheManager cache;
protected KeycloakSession session;
protected UserProvider delegate;
protected boolean transactionActive;
protected boolean setRollbackOnly;
protected final long startupRevision;
protected Map<String, String> userInvalidations = new HashMap<>();
protected Set<String> invalidations = new HashSet<>();
protected Set<String> realmInvalidations = new HashSet<>();
protected Map<String, UserModel> managedUsers = new HashMap<>();
public DefaultCacheUserProvider(UserCache cache, KeycloakSession session) {
public UserCacheSession(UserCacheManager cache, KeycloakSession session) {
this.cache = cache;
this.session = session;
this.startupRevision = cache.getCurrentCounter();
session.getTransaction().enlistAfterCompletion(getTransaction());
}
@ -55,20 +60,22 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
if (!transactionActive) throw new IllegalStateException("Cannot access delegate without a transaction");
if (delegate != null) return delegate;
delegate = session.getProvider(UserProvider.class);
return delegate;
}
@Override
public void registerUserInvalidation(RealmModel realm, String id) {
userInvalidations.put(id, realm.getId());
public void registerUserInvalidation(RealmModel realm,CachedUser user) {
invalidations.add(user.getId());
if (user.getEmail() != null) invalidations.add(getUserByEmailCacheKey(realm.getId(), user.getEmail()));
invalidations.add(getUserByUsernameCacheKey(realm.getId(), user.getUsername()));
}
protected void runInvalidations() {
for (Map.Entry<String, String> invalidation : userInvalidations.entrySet()) {
cache.invalidateCachedUserById(invalidation.getValue(), invalidation.getKey());
}
for (String realmId : realmInvalidations) {
cache.invalidateRealmUsers(realmId);
cache.invalidateRealmUsers(realmId, invalidations);
}
for (String invalidation : invalidations) {
cache.invalidateObject(invalidation);
}
}
@ -111,81 +118,145 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
}
private boolean isRegisteredForInvalidation(RealmModel realm, String userId) {
return realmInvalidations.contains(realm.getId()) || userInvalidations.containsKey(userId);
return realmInvalidations.contains(realm.getId()) || invalidations.contains(userId);
}
@Override
public UserModel getUserById(String id, RealmModel realm) {
logger.infov("getuserById {0}", id);
if (isRegisteredForInvalidation(realm, id)) {
logger.info("registered for invalidation return delegate");
return getDelegate().getUserById(id, realm);
}
CachedUser cached = cache.getCachedUser(realm.getId(), id);
CachedUser cached = cache.get(id, CachedUser.class);
if (cached == null) {
logger.info("not cached");
Long loaded = cache.getCurrentRevision(id);
UserModel model = getDelegate().getUserById(id, realm);
if (model == null) return null;
if (managedUsers.containsKey(id)) return managedUsers.get(id);
if (userInvalidations.containsKey(id)) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(realm.getId(), cached);
if (model == null) {
logger.info("delegate returning null");
return null;
}
if (managedUsers.containsKey(id)) {
logger.info("return managedusers");
return managedUsers.get(id);
}
if (invalidations.contains(id)) return model;
cached = new CachedUser(loaded, realm, model);
cache.addRevisioned(cached, startupRevision);
} else if (managedUsers.containsKey(id)) {
logger.info("return managedusers");
return managedUsers.get(id);
}
logger.info("returning new cache adapter");
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
managedUsers.put(id, adapter);
return adapter;
}
public String getUserByUsernameCacheKey(String realmId, String username) {
return realmId + ".username." + username;
}
public String getUserByEmailCacheKey(String realmId, String email) {
return realmId + ".email." + email;
}
@Override
public UserModel getUserByUsername(String username, RealmModel realm) {
logger.infov("getUserByUsername: {0}", username);
username = username.toLowerCase();
if (realmInvalidations.contains(realm.getId())) {
logger.infov("realmInvalidations");
return getDelegate().getUserByUsername(username, realm);
}
CachedUser cached = cache.getCachedUserByUsername(realm.getId(), username);
if (cached == null) {
UserModel model = getDelegate().getUserByUsername(username, realm);
if (model == null) return null;
if (managedUsers.containsKey(model.getId())) return managedUsers.get(model.getId());
if (userInvalidations.containsKey(model.getId())) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(realm.getId(), cached);
} else if (userInvalidations.containsKey(cached.getId())) {
return getDelegate().getUserById(cached.getId(), realm);
} else if (managedUsers.containsKey(cached.getId())) {
return managedUsers.get(cached.getId());
String cacheKey = getUserByUsernameCacheKey(realm.getId(), username);
if (invalidations.contains(cacheKey)) {
logger.infov("invalidations");
return getDelegate().getUserByUsername(username, realm);
}
UserListQuery query = cache.get(cacheKey, UserListQuery.class);
String userId = null;
if (query == null) {
logger.infov("query null");
Long loaded = cache.getCurrentRevision(cacheKey);
UserModel model = getDelegate().getUserByUsername(username, realm);
if (model == null) {
logger.infov("model from delegate null");
return null;
}
userId = model.getId();
query = new UserListQuery(loaded, cacheKey, realm, model.getId());
cache.addRevisioned(query, startupRevision);
if (invalidations.contains(userId)) return model;
if (managedUsers.containsKey(userId)) {
logger.infov("return managed user");
return managedUsers.get(userId);
}
CachedUser cached = cache.get(userId, CachedUser.class);
if (cached == null) {
cached = new CachedUser(loaded, realm, model);
cache.addRevisioned(cached, startupRevision);
}
logger.info("return new cache adapter");
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
managedUsers.put(userId, adapter);
return adapter;
} else {
userId = query.getUsers().iterator().next();
if (invalidations.contains(userId)) {
logger.infov("invalidated cache return delegate");
return getDelegate().getUserByUsername(username, realm);
}
logger.info("return getUserById");
return getUserById(userId, realm);
}
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
managedUsers.put(cached.getId(), adapter);
return adapter;
}
@Override
public UserModel getUserByEmail(String email, RealmModel realm) {
if (email == null) return null;
email = email.toLowerCase();
if (realmInvalidations.contains(realm.getId())) {
return getDelegate().getUserByEmail(email, realm);
}
CachedUser cached = cache.getCachedUserByEmail(realm.getId(), email);
if (cached == null) {
String cacheKey = getUserByEmailCacheKey(realm.getId(), email);
if (invalidations.contains(cacheKey)) {
return getDelegate().getUserByEmail(email, realm);
}
UserListQuery query = cache.get(cacheKey, UserListQuery.class);
String userId = null;
if (query == null) {
Long loaded = cache.getCurrentRevision(cacheKey);
UserModel model = getDelegate().getUserByEmail(email, realm);
if (model == null) return null;
if (userInvalidations.containsKey(model.getId())) return model;
cached = new CachedUser(realm, model);
cache.addCachedUser(realm.getId(), cached);
} else if (userInvalidations.containsKey(cached.getId())) {
return getDelegate().getUserByEmail(email, realm);
} else if (managedUsers.containsKey(cached.getId())) {
return managedUsers.get(cached.getId());
userId = model.getId();
query = new UserListQuery(loaded, cacheKey, realm, model.getId());
cache.addRevisioned(query, startupRevision);
if (invalidations.contains(userId)) return model;
if (managedUsers.containsKey(userId)) return managedUsers.get(userId);
CachedUser cached = cache.get(userId, CachedUser.class);
if (cached == null) {
cached = new CachedUser(loaded, realm, model);
cache.addRevisioned(cached, startupRevision);
}
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
managedUsers.put(userId, adapter);
return adapter;
} else {
userId = query.getUsers().iterator().next();
if (invalidations.contains(userId)) {
return getDelegate().getUserByEmail(email, realm);
}
return getUserById(userId, realm);
}
UserAdapter adapter = new UserAdapter(cached, this, session, realm);
managedUsers.put(cached.getId(), adapter);
return adapter;
}
@Override
@ -266,6 +337,8 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
@Override
public UserModel addUser(RealmModel realm, String id, String username, boolean addDefaultRoles, boolean addDefaultRequiredActions) {
UserModel user = getDelegate().addUser(realm, id, username, addDefaultRoles, addDefaultRoles);
// just in case the transaction is rolled back you need to invalidate the user and all cache queries for that user
invalidateUser(realm, user);
managedUsers.put(user.getId(), user);
return user;
}
@ -273,13 +346,23 @@ public class DefaultCacheUserProvider implements CacheUserProvider {
@Override
public UserModel addUser(RealmModel realm, String username) {
UserModel user = getDelegate().addUser(realm, username);
// just in case the transaction is rolled back you need to invalidate the user and all cache queries for that user
invalidateUser(realm, user);
managedUsers.put(user.getId(), user);
return user;
}
protected void invalidateUser(RealmModel realm, UserModel user) {
// just in case the transaction is rolled back you need to invalidate the user and all cache queries for that user
invalidations.add(user.getId());
if (user.getEmail() != null) invalidations.add(getUserByEmailCacheKey(realm.getId(), user.getEmail()));
invalidations.add(getUserByUsernameCacheKey(realm.getId(), user.getUsername()));
}
@Override
public boolean removeUser(RealmModel realm, UserModel user) {
registerUserInvalidation(realm, user.getId());
invalidateUser(realm, user);
return getDelegate().removeUser(realm, user);
}

13
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/CachedUser.java vendored
View file

@ -34,8 +34,7 @@ import java.util.Set;
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class CachedUser implements Serializable {
private String id;
public class CachedUser extends AbstractRevisioned implements InRealm {
private String realm;
private String username;
private Long createdTimestamp;
@ -53,8 +52,10 @@ public class CachedUser implements Serializable {
private Set<String> roleMappings = new HashSet<>();
private Set<String> groups = new HashSet<>();
public CachedUser(RealmModel realm, UserModel user) {
this.id = user.getId();
public CachedUser(Long revision, RealmModel realm, UserModel user) {
super(revision, user.getId());
this.realm = realm.getId();
this.username = user.getUsername();
this.createdTimestamp = user.getCreatedTimestamp();
@ -80,10 +81,6 @@ public class CachedUser implements Serializable {
}
}
public String getId() {
return id;
}
public String getRealm() {
return realm;
}

49
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserListQuery.java vendored Executable file
View file

@ -0,0 +1,49 @@
package org.keycloak.models.cache.infinispan.entities;
import org.keycloak.models.RealmModel;
import java.util.HashSet;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public class UserListQuery extends AbstractRevisioned implements UserQuery {
private final Set<String> users;
private final String realm;
private final String realmName;
public UserListQuery(Long revisioned, String id, RealmModel realm, Set<String> users) {
super(revisioned, id);
this.realm = realm.getId();
this.realmName = realm.getName();
this.users = users;
}
public UserListQuery(Long revisioned, String id, RealmModel realm, String user) {
super(revisioned, id);
this.realm = realm.getId();
this.realmName = realm.getName();
this.users = new HashSet<>();
this.users.add(user);
}
@Override
public Set<String> getUsers() {
return users;
}
@Override
public String getRealm() {
return realm;
}
@Override
public String toString() {
return "UserListQuery{" +
"id='" + getId() + "'" +
"realmName='" + realmName + '\'' +
'}';
}
}

11
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/UserQuery.java vendored Executable file
View file

@ -0,0 +1,11 @@
package org.keycloak.models.cache.infinispan.entities;
import java.util.Set;
/**
* @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
* @version $Revision: 1 $
*/
public interface UserQuery extends InRealm {
Set<String> getUsers();
}

1
server-spi/src/main/java/org/keycloak/models/cache/CacheUserProvider.java vendored
View file

@ -27,5 +27,4 @@ import org.keycloak.models.UserProvider;
public interface CacheUserProvider extends UserProvider {
void clear();
UserProvider getDelegate();
void registerUserInvalidation(RealmModel realm, String id);
}

2
testsuite/integration/src/test/java/org/keycloak/testsuite/OAuthClient.java
View file

@ -93,7 +93,7 @@ public class OAuthClient {
public AuthorizationCodeResponse doLogin(String username, String password) {
openLoginForm();
String src = driver.getPageSource();
driver.findElement(By.id("username")).sendKeys(username);
driver.findElement(By.id("password")).sendKeys(password);
driver.findElement(By.name("login")).click();

2
testsuite/integration/src/test/java/org/keycloak/testsuite/federation/ldap/base/LDAPGroupMapperTest.java Normal file → Executable file
View file

@ -190,6 +190,7 @@ public class LDAPGroupMapperTest {
public void test02_readOnlyGroupMappings() {
KeycloakSession session = keycloakRule.startSession();
try {
System.out.println("starting test02_readOnlyGroupMappings");
RealmModel appRealm = session.realms().getRealmByName("test");
UserFederationMapperModel mapperModel = appRealm.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
@ -221,6 +222,7 @@ public class LDAPGroupMapperTest {
Assert.assertTrue(maryGroups.contains(group12));
// Assert that access through DB will have just DB mapped groups
System.out.println("******");
UserModel maryDB = session.userStorage().getUserByUsername("marykeycloak", appRealm);
Set<GroupModel> maryDBGroups = maryDB.getGroups();
Assert.assertFalse(maryDBGroups.contains(group1));