From 8d8fae5def832220cf00516e7709c7500fdb9aa8 Mon Sep 17 00:00:00 2001
From: Hynek Mlnarik <hmlnarik@redhat.com>
Date: Mon, 22 Jun 2020 10:02:08 +0200
Subject: [PATCH] KEYCLOAK-14533 Cleanup auth sessions immediately

---
 ...finispanAuthenticationSessionProvider.java | 21 ++++++-------------
 1 file changed, 6 insertions(+), 15 deletions(-)

diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanAuthenticationSessionProvider.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanAuthenticationSessionProvider.java
index dd0ce0675e..dae8a790d6 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanAuthenticationSessionProvider.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanAuthenticationSessionProvider.java
@@ -39,6 +39,7 @@ import org.keycloak.models.utils.RealmInfoUtil;
 import org.keycloak.sessions.AuthenticationSessionCompoundId;
 import org.keycloak.sessions.AuthenticationSessionProvider;
 import org.keycloak.sessions.RootAuthenticationSessionModel;
+import org.infinispan.AdvancedCache;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -108,25 +109,15 @@ public class InfinispanAuthenticationSessionProvider implements AuthenticationSe
 
         int expired = Time.currentTime() - RealmInfoUtil.getDettachedClientSessionLifespan(realm);
 
-
+        final AdvancedCache<String, RootAuthenticationSessionEntity> localCache = CacheDecorators.localCache(cache);
+        int localCacheSizePre = localCache.size();
         // Each cluster node cleanups just local sessions, which are those owned by himself (+ few more taking l1 cache into account)
-        Iterator<Map.Entry<String, RootAuthenticationSessionEntity>> itr = CacheDecorators.localCache(cache)
-                .entrySet()
-                .stream()
-                .filter(RootAuthenticationSessionPredicate.create(realm.getId()).expired(expired))
-                .iterator();
+        localCache.entrySet()
+                .removeIf(RootAuthenticationSessionPredicate.create(realm.getId()).expired(expired));
 
-        int counter = 0;
-        while (itr.hasNext()) {
-            counter++;
-            RootAuthenticationSessionEntity entity = itr.next().getValue();
-            tx.remove(cache, entity.getId());
-        }
-
-        log.debugf("Removed %d expired authentication sessions for realm '%s'", counter, realm.getName());
+        log.debugf("Removed %d expired authentication sessions for realm '%s'", localCache.size() - localCacheSizePre, realm.getName());
     }
 
-
     @Override
     public void onRealmRemoved(RealmModel realm) {
         // Send message to all DCs. The remoteCache will notify client listeners on all DCs for remove authentication sessions