diff --git a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java index 9b47f5035e..777345ef1e 100755 --- a/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java +++ b/core/src/main/java/org/keycloak/representations/idm/RealmRepresentation.java @@ -34,7 +34,9 @@ public class RealmRepresentation { protected Boolean resetPasswordAllowed; protected Boolean editUsernameAllowed; + @Deprecated protected Boolean userCacheEnabled; + @Deprecated protected Boolean realmCacheEnabled; //--- brute force settings @@ -367,22 +369,6 @@ public class RealmRepresentation { this.rememberMe = rememberMe; } - public Boolean isRealmCacheEnabled() { - return realmCacheEnabled; - } - - public void setRealmCacheEnabled(Boolean realmCacheEnabled) { - this.realmCacheEnabled = realmCacheEnabled; - } - - public Boolean isUserCacheEnabled() { - return userCacheEnabled; - } - - public void setUserCacheEnabled(Boolean userCacheEnabled) { - this.userCacheEnabled = userCacheEnabled; - } - public Boolean isVerifyEmail() { return verifyEmail; } diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/content/standalone/configuration/keycloak-server.json b/distribution/feature-packs/server-feature-pack/src/main/resources/content/standalone/configuration/keycloak-server.json index a5b4d1b827..b96d61b3cf 100644 --- a/distribution/feature-packs/server-feature-pack/src/main/resources/content/standalone/configuration/keycloak-server.json +++ b/distribution/feature-packs/server-feature-pack/src/main/resources/content/standalone/configuration/keycloak-server.json @@ -22,6 +22,18 @@ "provider": "jpa" }, + "userCache": { + "infinispan" : { + "enabled": true + } + }, + + "realmCache": { + "infinispan" : { + "enabled": true + } + }, + "userSessionPersister": { "provider": "jpa" }, diff --git a/docbook/auth-server-docs/reference/en/en-US/modules/providers.xml b/docbook/auth-server-docs/reference/en/en-US/modules/providers.xml index ac6479753f..1d9cf1c1ba 100755 --- a/docbook/auth-server-docs/reference/en/en-US/modules/providers.xml +++ b/docbook/auth-server-docs/reference/en/en-US/modules/providers.xml @@ -215,6 +215,21 @@ public class MyEventListenerProviderFactory implements EventListenerProviderFact "max": 100 } } +}]]> + + + +
+ Disabling a provider + + You can disable a provider by setting the enabled field for the provider to false in keycloak-server.json. + For example to disable the Infinispan user cache provider add: +
diff --git a/forms/common-themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties b/forms/common-themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties index bd0084011e..3adb152559 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties +++ b/forms/common-themes/src/main/resources/theme/base/admin/messages/admin-messages_en.properties @@ -66,10 +66,10 @@ i18n-enabled=Internationalization Enabled supported-locales=Supported Locales supported-locales.placeholder=Type a locale and enter default-locale=Default Locale -realm-cache-enabled=Realm Cache Enabled -realm-cache-enabled.tooltip=Enable/disable cache for realms, clients and roles. -user-cache-enabled=User Cache Enabled -user-cache-enabled.tooltip=Enable/disable cache for users and user role mappings. +realm-cache-clear=Realm Cache +realm-cache-clear.tooltip=Clears all entries from the realm cache (this will clear entries for all realms) +user-cache-clear=User Cache +user-cache-clear.tooltip=Clears all entries from the user cache (this will clear entries for all realms) revoke-refresh-token=Revoke Refresh Token revoke-refresh-token.tooltip=If enabled refresh tokens can only be used once. Otherwise refresh tokens are not revoked when used and can be used multiple times. sso-session-idle=SSO Session Idle diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js index 548c6e1ded..f58004d57c 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/controllers/realm.js @@ -349,8 +349,20 @@ module.controller('RealmThemeCtrl', function($scope, Current, Realm, realm, serv }, true); }); -module.controller('RealmCacheCtrl', function($scope, Current, Realm, realm, serverInfo, $http, $location, Dialog, Notifications) { - genericRealmUpdate($scope, Current, Realm, realm, serverInfo, $http, $location, Dialog, Notifications, "/realms/" + realm.realm + "/cache-settings"); +module.controller('RealmCacheCtrl', function($scope, realm, RealmClearUserCache, RealmClearRealmCache, Notifications) { + + $scope.clearUserCache = function() { + RealmClearUserCache.save({ realm: realm.realm}, function () { + Notifications.success("User cache cleared"); + }); + } + + $scope.clearRealmCache = function() { + RealmClearRealmCache.save({ realm: realm.realm}, function () { + Notifications.success("Realm cache cleared"); + }); + } + }); module.controller('RealmPasswordPolicyCtrl', function($scope, Realm, realm, $http, $location, Dialog, Notifications, PasswordPolicy) { diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js index 5e817442fc..7939403bcd 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/js/services.js @@ -595,6 +595,18 @@ module.factory('RealmPushRevocation', function($resource) { }); }); +module.factory('RealmClearUserCache', function($resource) { + return $resource(authUrl + '/admin/realms/:realm/clear-user-cache', { + realm : '@realm' + }); +}); + +module.factory('RealmClearRealmCache', function($resource) { + return $resource(authUrl + '/admin/realms/:realm/clear-realm-cache', { + realm : '@realm' + }); +}); + module.factory('RealmSessionStats', function($resource) { return $resource(authUrl + '/admin/realms/:realm/session-stats', { realm : '@realm' diff --git a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-cache-settings.html b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-cache-settings.html index db267969e9..29d978e3db 100755 --- a/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-cache-settings.html +++ b/forms/common-themes/src/main/resources/theme/base/admin/resources/partials/realm-cache-settings.html @@ -3,25 +3,19 @@
- +
- +
- {{:: 'realm-cache-enabled.tooltip' | translate}} + + {{:: 'realm-cache-clear.tooltip' | translate}}
- +
- -
- {{:: 'user-cache-enabled.tooltip' | translate}} -
- -
-
- - +
+ {{:: 'user-cache-clear.tooltip' | translate}}
diff --git a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheRealmProvider.java b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheRealmProvider.java index 478a087271..a8a6317255 100755 --- a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheRealmProvider.java +++ b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheRealmProvider.java @@ -38,22 +38,16 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { session.getTransaction().enlistAfterCompletion(getTransaction()); } + @Override + public void clear() { + cache.clear(); + } + @Override public MigrationModel getMigrationModel() { return getDelegate().getMigrationModel(); } - - @Override - public boolean isEnabled() { - return cache.isEnabled(); - } - - @Override - public void setEnabled(boolean enabled) { - cache.setEnabled(enabled); - } - @Override public RealmProvider getDelegate() { if (!transactionActive) throw new IllegalStateException("Cannot access delegate without a transaction"); @@ -149,7 +143,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { @Override public RealmModel createRealm(String name) { RealmModel realm = getDelegate().createRealm(name); - if (!cache.isEnabled()) return realm; registerRealmInvalidation(realm.getId()); return realm; } @@ -157,14 +150,12 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { @Override public RealmModel createRealm(String id, String name) { RealmModel realm = getDelegate().createRealm(id, name); - if (!cache.isEnabled()) return realm; registerRealmInvalidation(realm.getId()); return realm; } @Override public RealmModel getRealm(String id) { - if (!cache.isEnabled()) return getDelegate().getRealm(id); CachedRealm cached = cache.getCachedRealm(id); if (cached == null) { RealmModel model = getDelegate().getRealm(id); @@ -184,7 +175,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { @Override public RealmModel getRealmByName(String name) { - if (!cache.isEnabled()) return getDelegate().getRealmByName(name); CachedRealm cached = cache.getCachedRealmByName(name); if (cached == null) { RealmModel model = getDelegate().getRealmByName(name); @@ -218,7 +208,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { @Override public boolean removeRealm(String id) { - if (!cache.isEnabled()) return getDelegate().removeRealm(id); cache.invalidateCachedRealmById(id); RealmModel realm = getDelegate().getRealm(id); @@ -247,7 +236,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { @Override public RoleModel getRoleById(String id, RealmModel realm) { - if (!cache.isEnabled()) return getDelegate().getRoleById(id, realm); CachedRole cached = cache.getRole(id); if (cached != null && !cached.getRealm().equals(realm.getId())) { cached = null; @@ -276,7 +264,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { @Override public GroupModel getGroupById(String id, RealmModel realm) { - if (!cache.isEnabled()) return getDelegate().getGroupById(id, realm); CachedGroup cached = cache.getGroup(id); if (cached != null && !cached.getRealm().equals(realm.getId())) { cached = null; @@ -301,7 +288,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { @Override public ClientModel getClientById(String id, RealmModel realm) { - if (!cache.isEnabled()) return getDelegate().getClientById(id, realm); CachedClient cached = cache.getApplication(id); if (cached != null && !cached.getRealm().equals(realm.getId())) { cached = null; @@ -324,7 +310,6 @@ public class DefaultCacheRealmProvider implements CacheRealmProvider { } @Override public ClientTemplateModel getClientTemplateById(String id, RealmModel realm) { - if (!cache.isEnabled()) return getDelegate().getClientTemplateById(id, realm); CachedClientTemplate cached = cache.getClientTemplate(id); if (cached != null && !cached.getRealm().equals(realm.getId())) { cached = null; diff --git a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java index 12e5b5dfda..ee5f049ef3 100755 --- a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java +++ b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/DefaultCacheUserProvider.java @@ -22,8 +22,6 @@ public class DefaultCacheUserProvider implements CacheUserProvider { protected Set realmInvalidations = new HashSet<>(); protected Map managedUsers = new HashMap<>(); - protected boolean clearAll; - public DefaultCacheUserProvider(UserCache cache, KeycloakSession session) { this.cache = cache; this.session = session; @@ -32,13 +30,8 @@ public class DefaultCacheUserProvider implements CacheUserProvider { } @Override - public boolean isEnabled() { - return cache.isEnabled(); - } - - @Override - public void setEnabled(boolean enabled) { - cache.setEnabled(enabled); + public void clear() { + cache.clear(); } @Override @@ -73,9 +66,6 @@ public class DefaultCacheUserProvider implements CacheUserProvider { @Override public void commit() { if (delegate == null) return; - if (clearAll) { - cache.clear(); - } runInvalidations(); transactionActive = false; } @@ -110,7 +100,6 @@ public class DefaultCacheUserProvider implements CacheUserProvider { @Override public UserModel getUserById(String id, RealmModel realm) { - if (!cache.isEnabled()) return getDelegate().getUserById(id, realm); if (isRegisteredForInvalidation(realm, id)) { return getDelegate().getUserById(id, realm); } @@ -136,7 +125,6 @@ public class DefaultCacheUserProvider implements CacheUserProvider { username = username.toLowerCase(); - if (!cache.isEnabled()) return getDelegate().getUserByUsername(username, realm); if (realmInvalidations.contains(realm.getId())) { return getDelegate().getUserByUsername(username, realm); } @@ -164,7 +152,6 @@ public class DefaultCacheUserProvider implements CacheUserProvider { email = email.toLowerCase(); - if (!cache.isEnabled()) return getDelegate().getUserByEmail(email, realm); if (realmInvalidations.contains(realm.getId())) { return getDelegate().getUserByEmail(email, realm); } @@ -276,7 +263,6 @@ public class DefaultCacheUserProvider implements CacheUserProvider { @Override public boolean removeUser(RealmModel realm, UserModel user) { - if (!cache.isEnabled()) return getDelegate().removeUser(realm, user); registerUserInvalidation(realm, user.getId()); return getDelegate().removeUser(realm, user); } diff --git a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java index 07e2d9af7e..ffacc55871 100755 --- a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java +++ b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanRealmCache.java @@ -20,34 +20,23 @@ public class InfinispanRealmCache implements RealmCache { protected final Cache cache; protected final ConcurrentHashMap realmLookup; - protected volatile boolean enabled = true; public InfinispanRealmCache(Cache cache, ConcurrentHashMap realmLookup) { this.cache = cache; this.realmLookup = realmLookup; } + public Cache getCache() { + return cache; + } + @Override public void clear() { cache.clear(); } - @Override - public boolean isEnabled() { - return enabled; - } - - @Override - public void setEnabled(boolean enabled) { - if (this.enabled && !enabled) { - clear(); - } - this.enabled = enabled; - } - @Override public CachedRealm getCachedRealm(String id) { - if (!enabled) return null; return get(id, CachedRealm.class); } @@ -66,7 +55,6 @@ public class InfinispanRealmCache implements RealmCache { @Override public void addCachedRealm(CachedRealm realm) { - if (!enabled) return; logger.tracev("Adding realm {0}", realm.getId()); cache.putForExternalRead(realm.getId(), realm); realmLookup.put(realm.getName(), realm.getId()); @@ -74,14 +62,12 @@ public class InfinispanRealmCache implements RealmCache { @Override public CachedRealm getCachedRealmByName(String name) { - if (!enabled) return null; String id = realmLookup.get(name); return id != null ? getCachedRealm(id) : null; } @Override public CachedClient getApplication(String id) { - if (!enabled) return null; return get(id, CachedClient.class); } @@ -93,7 +79,6 @@ public class InfinispanRealmCache implements RealmCache { @Override public void addCachedClient(CachedClient app) { - if (!enabled) return; logger.tracev("Adding application {0}", app.getId()); cache.putForExternalRead(app.getId(), app); } @@ -112,7 +97,6 @@ public class InfinispanRealmCache implements RealmCache { @Override public CachedGroup getGroup(String id) { - if (!enabled) return null; return get(id, CachedGroup.class); } @@ -124,7 +108,6 @@ public class InfinispanRealmCache implements RealmCache { @Override public void addCachedGroup(CachedGroup role) { - if (!enabled) return; logger.tracev("Adding group {0}", role.getId()); cache.putForExternalRead(role.getId(), role); } @@ -144,7 +127,6 @@ public class InfinispanRealmCache implements RealmCache { @Override public CachedRole getRole(String id) { - if (!enabled) return null; return get(id, CachedRole.class); } @@ -168,7 +150,6 @@ public class InfinispanRealmCache implements RealmCache { @Override public void addCachedRole(CachedRole role) { - if (!enabled) return; logger.tracev("Adding role {0}", role.getId()); cache.putForExternalRead(role.getId(), role); } @@ -186,7 +167,6 @@ public class InfinispanRealmCache implements RealmCache { @Override public CachedClientTemplate getClientTemplate(String id) { - if (!enabled) return null; return get(id, CachedClientTemplate.class); } @@ -198,7 +178,6 @@ public class InfinispanRealmCache implements RealmCache { @Override public void addCachedClientTemplate(CachedClientTemplate app) { - if (!enabled) return; logger.tracev("Adding client template {0}", app.getId()); cache.putForExternalRead(app.getId(), app); } diff --git a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanUserCache.java b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanUserCache.java index c08566b6d5..0d4639caba 100755 --- a/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanUserCache.java +++ b/model/invalidation-cache/infinispan/src/main/java/org/keycloak/models/cache/infinispan/InfinispanUserCache.java @@ -28,19 +28,6 @@ public class InfinispanUserCache implements UserCache { this.emailLookup = emailLookup; } - @Override - public boolean isEnabled() { - return enabled; - } - - @Override - public void setEnabled(boolean enabled) { - if (this.enabled && !enabled) { - clear(); - } - this.enabled = enabled; - } - @Override public CachedUser getCachedUser(String realmId, String id) { if (realmId == null || id == null) return null; @@ -48,12 +35,6 @@ public class InfinispanUserCache implements UserCache { return user != null && realmId.equals(user.getRealm()) ? user : null; } - @Override - public void invalidateCachedUser(String realmId, CachedUser user) { - logger.tracev("Invalidating user {0}", user.getId()); - cache.remove(user.getId()); - } - @Override public void invalidateCachedUserById(String realmId, String id) { logger.tracev("Invalidating user {0}", id); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProvider.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProvider.java index 6386f9f482..e0582f5173 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProvider.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheRealmProvider.java @@ -7,11 +7,9 @@ import org.keycloak.models.RealmProvider; * @version $Revision: 1 $ */ public interface CacheRealmProvider extends RealmProvider { + void clear(); RealmProvider getDelegate(); - boolean isEnabled(); - void setEnabled(boolean enabled); - void registerRealmInvalidation(String id); void registerApplicationInvalidation(String id); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProvider.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProvider.java index ec0d021029..ac1f5da636 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProvider.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/CacheUserProvider.java @@ -8,8 +8,7 @@ import org.keycloak.models.UserProvider; * @version $Revision: 1 $ */ public interface CacheUserProvider extends UserProvider { + void clear(); UserProvider getDelegate(); - boolean isEnabled(); - void setEnabled(boolean enabled); void registerUserInvalidation(RealmModel realm, String id); } diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java index 56f9bc087b..002a77119b 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/RealmCache.java @@ -55,10 +55,6 @@ public interface RealmCache { void invalidateGroupById(String id); - boolean isEnabled(); - - void setEnabled(boolean enabled); - CachedClientTemplate getClientTemplate(String id); void invalidateClientTemplate(CachedClientTemplate app); diff --git a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserCache.java b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserCache.java index 9b0336fde5..6af0a292ac 100755 --- a/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserCache.java +++ b/model/invalidation-cache/model-adapters/src/main/java/org/keycloak/models/cache/UserCache.java @@ -7,12 +7,11 @@ import org.keycloak.models.cache.entities.CachedUser; * @version $Revision: 1 $ */ public interface UserCache { + void clear(); CachedUser getCachedUser(String realmId, String id); - void invalidateCachedUser(String realmId, CachedUser user); - void addCachedUser(String realmId, CachedUser user); CachedUser getCachedUserByUsername(String realmId, String name); @@ -23,7 +22,4 @@ public interface UserCache { void invalidateRealmUsers(String realmId); - boolean isEnabled(); - - void setEnabled(boolean enabled); } diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java index 26f52a2966..c8eb3baa04 100755 --- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java +++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSession.java @@ -1,25 +1,12 @@ package org.keycloak.services; -import org.jboss.logging.Logger; -import org.keycloak.models.KeycloakContext; -import org.keycloak.models.KeycloakSession; -import org.keycloak.models.KeycloakSessionFactory; -import org.keycloak.models.KeycloakTransactionManager; -import org.keycloak.models.RealmProvider; -import org.keycloak.models.UserFederationManager; -import org.keycloak.models.UserProvider; -import org.keycloak.models.UserSessionProvider; +import org.keycloak.models.*; import org.keycloak.models.cache.CacheRealmProvider; import org.keycloak.models.cache.CacheUserProvider; import org.keycloak.provider.Provider; import org.keycloak.provider.ProviderFactory; -import java.util.HashMap; -import java.util.HashSet; -import java.util.LinkedList; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; /** * @author Stian Thorgersen @@ -35,8 +22,6 @@ public class DefaultKeycloakSession implements KeycloakSession { private UserSessionProvider sessionProvider; private UserFederationManager federationManager; private KeycloakContext context; - - private static final Logger logger = Logger.getLogger(DefaultKeycloakSession.class); public DefaultKeycloakSession(DefaultKeycloakSessionFactory factory) { this.factory = factory; @@ -51,16 +36,18 @@ public class DefaultKeycloakSession implements KeycloakSession { } private RealmProvider getRealmProvider() { - if (factory.getDefaultProvider(CacheRealmProvider.class) != null) { - return getProvider(CacheRealmProvider.class); + CacheRealmProvider cache = getProvider(CacheRealmProvider.class); + if (cache != null) { + return cache; } else { return getProvider(RealmProvider.class); } } private UserProvider getUserProvider() { - if (factory.getDefaultProvider(CacheUserProvider.class) != null) { - return getProvider(CacheUserProvider.class); + CacheUserProvider cache = getProvider(CacheUserProvider.class); + if (cache != null) { + return cache; } else { return getProvider(UserProvider.class); } @@ -87,7 +74,6 @@ public class DefaultKeycloakSession implements KeycloakSession { userModel = getUserProvider(); } return userModel; - } public T getProvider(Class clazz) { diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java index 08699e07c8..7a7974a6ad 100755 --- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java +++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java @@ -79,20 +79,24 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory { } else { for (ProviderFactory factory : pm.load(spi)) { Config.Scope scope = Config.scope(spi.getName(), factory.getId()); - factory.init(scope); + if (scope.getBoolean("enabled", true)) { + factory.init(scope); - if (spi.isInternal() && !isInternal(factory)) { - log.warnv("{0} ({1}) is implementing the internal SPI {2}. This SPI is internal and may change without notice", factory.getId(), factory.getClass().getName(), spi.getName()); + if (spi.isInternal() && !isInternal(factory)) { + log.warnv("{0} ({1}) is implementing the internal SPI {2}. This SPI is internal and may change without notice", factory.getId(), factory.getClass().getName(), spi.getName()); + } + + factories.put(factory.getId(), factory); + } else { + log.debugv("SPI {0} provider {1} disabled", spi.getName(), factory.getId()); } - - factories.put(factory.getId(), factory); } if (factories.size() == 1) { provider = factories.values().iterator().next().getId(); this.provider.put(spi.getProviderClass(), provider); - log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider); + log.debugv("Loaded SPI {0} (provider = {1})", spi.getName(), provider); } else { log.debugv("Loaded SPI {0} (providers = {1})", spi.getName(), factories.keySet()); } diff --git a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java index a5c050d907..e282ef09c9 100755 --- a/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java +++ b/services/src/main/java/org/keycloak/services/resources/admin/RealmAdminResource.java @@ -191,16 +191,7 @@ public class RealmAdminResource { @Produces(MediaType.APPLICATION_JSON) public RealmRepresentation getRealm() { if (auth.hasView()) { - RealmRepresentation rep = ModelToRepresentation.toRepresentation(realm, false); - if (session.realms() instanceof CacheRealmProvider) { - CacheRealmProvider cacheRealmProvider = (CacheRealmProvider)session.realms(); - rep.setRealmCacheEnabled(cacheRealmProvider.isEnabled()); - } - if (session.userStorage() instanceof CacheUserProvider) { - CacheUserProvider cache = (CacheUserProvider)session.userStorage(); - rep.setUserCacheEnabled(cache.isEnabled()); - } - return rep; + return ModelToRepresentation.toRepresentation(realm, false); } else { auth.requireAny(); @@ -227,14 +218,6 @@ public class RealmAdminResource { logger.debug("updating realm: " + realm.getName()); try { RepresentationToModel.updateRealm(rep, realm); - if (rep.isRealmCacheEnabled() != null && session.realms() instanceof CacheRealmProvider) { - CacheRealmProvider cacheRealmProvider = (CacheRealmProvider)session.realms(); - cacheRealmProvider.setEnabled(rep.isRealmCacheEnabled()); - } - if (rep.isUserCacheEnabled() != null && session.userStorage() instanceof CacheUserProvider) { - CacheUserProvider cache = (CacheUserProvider)session.userStorage(); - cache.setEnabled(rep.isUserCacheEnabled()); - } // Refresh periodic sync tasks for configured federationProviders List federationProviders = realm.getUserFederationProviders(); @@ -724,4 +707,35 @@ public class RealmAdminResource { PartialImportManager partialImport = new PartialImportManager(rep, session, realm, adminEvent); return partialImport.saveResources(); } + + /** + * Clear realm cache + * + */ + @Path("clear-realm-cache") + @POST + public void clearRealmCache() { + auth.requireManage(); + adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + CacheRealmProvider cache = session.getProvider(CacheRealmProvider.class); + if (cache != null) { + cache.clear(); + } + } + + /** + * Clear user cache + * + */ + @Path("clear-user-cache") + @POST + public void clearUserCache() { + auth.requireManage(); + adminEvent.operation(OperationType.ACTION).resourcePath(uriInfo).success(); + CacheUserProvider cache = session.getProvider(CacheUserProvider.class); + if (cache != null) { + cache.clear(); + } + } + } diff --git a/testsuite/integration/src/test/resources/META-INF/keycloak-server.json b/testsuite/integration/src/test/resources/META-INF/keycloak-server.json index 8ea3789b1b..401fc6be0b 100755 --- a/testsuite/integration/src/test/resources/META-INF/keycloak-server.json +++ b/testsuite/integration/src/test/resources/META-INF/keycloak-server.json @@ -26,6 +26,18 @@ "provider": "${keycloak.userSessionPersister.provider:jpa}" }, + "userCache": { + "infinispan" : { + "enabled": true + } + }, + + "realmCache": { + "infinispan" : { + "enabled": true + } + }, + "timer": { "provider": "basic" },