From 96501760e007aa8d32830785e46a2eb3d70d7755 Mon Sep 17 00:00:00 2001
From: Hynek Mlnarik <hmlnarik@redhat.com>
Date: Thu, 25 Mar 2021 16:42:10 +0100
Subject: [PATCH] KEYCLOAK-17501 Add support for map storage in WildFly

---
 .../keycloak-model-map/main/module.xml        | 43 +++++++++++++++++++
 .../keycloak-services/main/module.xml         |  1 +
 distribution/server-dist/assembly.xml         |  7 +++
 .../map-storage-concurrenthashmap.cli         | 35 +++++++++++++++
 ...nispanActionTokenStoreProviderFactory.java |  5 +++
 ...nAuthenticationSessionProviderFactory.java |  6 +++
 ...nispanCodeToTokenStoreProviderFactory.java |  6 +++
 ...OAuth2DeviceTokenStoreProviderFactory.java |  6 +++
 ...actSessionMappingStoreProviderFactory.java |  7 ++-
 ...panSingleUseTokenStoreProviderFactory.java |  6 +++
 ...anStickySessionEncoderProviderFactory.java |  6 +++
 ...anTokenRevocationStoreProviderFactory.java |  5 +++
 ...nispanUserLoginFailureProviderFactory.java |  6 +++
 .../InfinispanUserSessionProviderFactory.java |  5 +++
 .../store/JPAAuthorizationStoreFactory.java   |  6 +++
 .../models/jpa/JpaClientProviderFactory.java  |  9 +++-
 .../jpa/JpaClientScopeProviderFactory.java    |  9 +++-
 .../models/jpa/JpaGroupProviderFactory.java   |  9 +++-
 .../models/jpa/JpaRealmProviderFactory.java   | 11 ++++-
 .../models/jpa/JpaRoleProviderFactory.java    |  9 +++-
 .../jpa/JpaServerInfoProviderFactory.java     |  9 +++-
 .../jpa/JpaUserCredentialStoreFactory.java    |  9 +++-
 .../models/jpa/JpaUserProviderFactory.java    |  9 +++-
 .../chm/ConcurrentHashMapStorageProvider.java | 23 +++++++---
 .../DefaultKeycloakSessionFactory.java        |  2 +-
 .../KeycloakProviderDependencyProcessor.java  |  2 +
 26 files changed, 235 insertions(+), 16 deletions(-)
 create mode 100755 distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-map/main/module.xml
 create mode 100644 distribution/server-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli

diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-map/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-map/main/module.xml
new file mode 100755
index 0000000000..41ee706f06
--- /dev/null
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-model-map/main/module.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2021 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+<module xmlns="urn:jboss:module:1.3" name="org.keycloak.keycloak-model-map">
+    <properties>
+        <property name="jboss.api" value="private"/>
+    </properties>
+
+    <resources>
+        <artifact name="${org.keycloak:keycloak-model-map}"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.transaction.api"/>
+        <module name="org.keycloak.keycloak-common"/>
+        <module name="org.keycloak.keycloak-core"/>
+        <module name="org.keycloak.keycloak-server-spi"/>
+        <module name="org.keycloak.keycloak-server-spi-private"/>
+        <module name="org.jboss.logging"/>
+        <module name="org.javassist"/>
+        <module name="javax.api"/>
+        <module name="com.fasterxml.jackson.core.jackson-core"/>
+        <module name="com.fasterxml.jackson.core.jackson-annotations"/>
+        <module name="com.fasterxml.jackson.core.jackson-databind"/>
+        <module name="com.fasterxml.jackson.datatype.jackson-datatype-jdk8"/>
+        <module name="com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider"/>
+    </dependencies>
+
+</module>
diff --git a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml
index fcd1e44cd5..5577e7c7ee 100755
--- a/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml
+++ b/distribution/feature-packs/server-feature-pack/src/main/resources/modules/system/layers/keycloak/org/keycloak/keycloak-services/main/module.xml
@@ -34,6 +34,7 @@
         <module name="org.keycloak.keycloak-server-spi" services="import"/>
         <module name="org.keycloak.keycloak-server-spi-private" services="import"/>
         <module name="org.keycloak.keycloak-model-jpa" services="import"/>
+        <module name="org.keycloak.keycloak-model-map" services="import"/>
         <module name="org.keycloak.keycloak-model-infinispan" services="import"/>
         <module name="org.keycloak.keycloak-saml-core-public" services="import"/>
         <module name="org.keycloak.keycloak-saml-core" services="import"/>
diff --git a/distribution/server-dist/assembly.xml b/distribution/server-dist/assembly.xml
index b44ffdd0e3..f6550de907 100755
--- a/distribution/server-dist/assembly.xml
+++ b/distribution/server-dist/assembly.xml
@@ -118,6 +118,13 @@
                 <include>licenses-${product.slot}/**</include>
             </includes>
         </fileSet>
+        <fileSet>
+            <directory>src/main/docs</directory>
+            <outputDirectory>docs</outputDirectory>
+            <includes>
+                <include>**</include>
+            </includes>
+        </fileSet>
     </fileSets>
 
     <files>
diff --git a/distribution/server-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli b/distribution/server-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli
new file mode 100644
index 0000000000..fcbc3c30d1
--- /dev/null
+++ b/distribution/server-dist/src/main/docs/examples/map-storage-concurrenthashmap.cli
@@ -0,0 +1,35 @@
+##
+## CLI script to set Keycloak to use map storage rather than the standard JPA.
+## The backend database is at this moment a ConcurrentHashMap-based storage
+## which is suitable for dev and testing in standalone node. It does not
+## support clustered deployments.
+##
+## Apply this file using the following command from the Keycloak root directory:
+##
+##   bin/jboss-cli.sh --file=docs/examples/map-storage-concurrenthashmap.cli
+##
+## This will modify standalone/configuration/standalone.xml
+##
+
+embed-server
+
+/subsystem=keycloak-server/spi=authorizationPersister:add(default-provider=map)
+/subsystem=keycloak-server/spi=client:add(default-provider=map)
+/subsystem=keycloak-server/spi=clientScope:add(default-provider=map)
+/subsystem=keycloak-server/spi=group:add(default-provider=map)
+/subsystem=keycloak-server/spi=realm:add(default-provider=map)
+/subsystem=keycloak-server/spi=role:add(default-provider=map)
+/subsystem=keycloak-server/spi=serverInfo:add(default-provider=map)
+/subsystem=keycloak-server/spi=serverInfo/provider=map:add(enabled=true,properties={resourcesVersionSeed=1JZ379bzyOCFA})
+/subsystem=keycloak-server/spi=user:add(default-provider=map)
+
+## For dev and single-node purposes, these are set to "map".
+## For clustered deployments, these should be "infinispan" as map storage does not support distributed storage yet
+/subsystem=keycloak-server/spi=authenticationSessions:add(default-provider=map)
+/subsystem=keycloak-server/spi=loginFailure:add(default-provider=map)
+/subsystem=keycloak-server/spi=userSessions:add(default-provider=map)
+
+/subsystem=keycloak-server/spi=mapStorage:add(default-provider=concurrenthashmap)
+/subsystem=keycloak-server/spi=mapStorage/provider=concurrenthashmap:add(properties={dir="${jboss.server.data.dir}/map"},enabled=true)
+
+quit
\ No newline at end of file
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanActionTokenStoreProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanActionTokenStoreProviderFactory.java
index 63882dc80c..6aee60f2a9 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanActionTokenStoreProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanActionTokenStoreProviderFactory.java
@@ -24,6 +24,7 @@ import org.keycloak.models.*;
 import org.keycloak.models.sessions.infinispan.entities.ActionTokenValueEntity;
 import org.keycloak.models.sessions.infinispan.entities.ActionTokenReducedKey;
 import org.infinispan.Cache;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 /**
  *
@@ -78,4 +79,8 @@ public class InfinispanActionTokenStoreProviderFactory implements ActionTokenSto
         return "infinispan";
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanAuthenticationSessionProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanAuthenticationSessionProviderFactory.java
index e580bbdc69..2ddd0a4144 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanAuthenticationSessionProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanAuthenticationSessionProviderFactory.java
@@ -48,6 +48,7 @@ import org.jboss.logging.Logger;
 public class InfinispanAuthenticationSessionProviderFactory implements AuthenticationSessionProviderFactory {
 
     private static final Logger log = Logger.getLogger(InfinispanAuthenticationSessionProviderFactory.class);
+    public static final int PROVIDER_PRIORITY = 1;
 
     private InfinispanKeyGenerator keyGenerator;
 
@@ -177,4 +178,9 @@ public class InfinispanAuthenticationSessionProviderFactory implements Authentic
     public String getId() {
         return PROVIDER_ID;
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanCodeToTokenStoreProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanCodeToTokenStoreProviderFactory.java
index 1e6504e089..f5944ced30 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanCodeToTokenStoreProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanCodeToTokenStoreProviderFactory.java
@@ -28,6 +28,7 @@ import org.keycloak.models.CodeToTokenStoreProviderFactory;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.sessions.infinispan.entities.ActionTokenValueEntity;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -74,4 +75,9 @@ public class InfinispanCodeToTokenStoreProviderFactory implements CodeToTokenSto
     public String getId() {
         return "infinispan";
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanOAuth2DeviceTokenStoreProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanOAuth2DeviceTokenStoreProviderFactory.java
index af1ae0d0c1..3d628f275d 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanOAuth2DeviceTokenStoreProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanOAuth2DeviceTokenStoreProviderFactory.java
@@ -26,6 +26,7 @@ import org.keycloak.models.OAuth2DeviceTokenStoreProviderFactory;
 import org.keycloak.models.sessions.infinispan.entities.ActionTokenValueEntity;
 
 import java.util.function.Supplier;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:h2-wada@nri.co.jp">Hiroyuki Wada</a>
@@ -68,4 +69,9 @@ public class InfinispanOAuth2DeviceTokenStoreProviderFactory implements OAuth2De
     public String getId() {
         return "infinispan";
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanSamlArtifactSessionMappingStoreProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanSamlArtifactSessionMappingStoreProviderFactory.java
index ea0b774b5f..d802be4fbd 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanSamlArtifactSessionMappingStoreProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanSamlArtifactSessionMappingStoreProviderFactory.java
@@ -24,10 +24,10 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.SamlArtifactSessionMappingStoreProvider;
 import org.keycloak.models.SamlArtifactSessionMappingStoreProviderFactory;
-import org.keycloak.models.sessions.infinispan.entities.ActionTokenValueEntity;
 
 import java.util.UUID;
 import java.util.function.Supplier;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author mhajas
@@ -74,4 +74,9 @@ public class InfinispanSamlArtifactSessionMappingStoreProviderFactory implements
     public String getId() {
         return "infinispan";
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanSingleUseTokenStoreProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanSingleUseTokenStoreProviderFactory.java
index e8a9fb8749..f402702113 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanSingleUseTokenStoreProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanSingleUseTokenStoreProviderFactory.java
@@ -31,6 +31,7 @@ import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.SingleUseTokenStoreProviderFactory;
 import org.keycloak.models.sessions.infinispan.entities.ActionTokenValueEntity;
 import org.keycloak.models.sessions.infinispan.util.InfinispanUtil;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -97,4 +98,9 @@ public class InfinispanSingleUseTokenStoreProviderFactory implements SingleUseTo
     public String getId() {
         return "infinispan";
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanStickySessionEncoderProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanStickySessionEncoderProviderFactory.java
index 70a1d5dc2c..1e762bc2de 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanStickySessionEncoderProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanStickySessionEncoderProviderFactory.java
@@ -23,6 +23,7 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.sessions.StickySessionEncoderProvider;
 import org.keycloak.sessions.StickySessionEncoderProviderFactory;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -65,4 +66,9 @@ public class InfinispanStickySessionEncoderProviderFactory implements StickySess
     public String getId() {
         return "infinispan";
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanTokenRevocationStoreProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanTokenRevocationStoreProviderFactory.java
index 48c847b322..6e9c8308ab 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanTokenRevocationStoreProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanTokenRevocationStoreProviderFactory.java
@@ -28,6 +28,7 @@ import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.TokenRevocationStoreProvider;
 import org.keycloak.models.TokenRevocationStoreProviderFactory;
 import org.keycloak.models.sessions.infinispan.entities.ActionTokenValueEntity;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
@@ -73,4 +74,8 @@ public class InfinispanTokenRevocationStoreProviderFactory implements TokenRevoc
         return "infinispan";
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserLoginFailureProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserLoginFailureProviderFactory.java
index 600c93903c..01958e3fd9 100644
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserLoginFailureProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserLoginFailureProviderFactory.java
@@ -50,6 +50,7 @@ import org.keycloak.models.utils.PostMigrationEvent;
 import java.io.Serializable;
 import java.util.Set;
 import java.util.function.BiFunction;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:mkanis@redhat.com">Martin Kanis</a>
@@ -211,4 +212,9 @@ public class InfinispanUserLoginFailureProviderFactory implements UserLoginFailu
     public String getId() {
         return PROVIDER_ID;
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java
index dff8f254a5..aa757a33ed 100755
--- a/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/sessions/infinispan/InfinispanUserSessionProviderFactory.java
@@ -65,6 +65,7 @@ import java.io.Serializable;
 import java.util.Set;
 import java.util.UUID;
 import java.util.function.BiFunction;
+import static org.keycloak.models.sessions.infinispan.InfinispanAuthenticationSessionProviderFactory.PROVIDER_PRIORITY;
 
 public class InfinispanUserSessionProviderFactory implements UserSessionProviderFactory {
 
@@ -334,5 +335,9 @@ public class InfinispanUserSessionProviderFactory implements UserSessionProvider
         return PROVIDER_ID;
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
 
diff --git a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAAuthorizationStoreFactory.java b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAAuthorizationStoreFactory.java
index 9f17606a71..24d0a2963e 100644
--- a/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAAuthorizationStoreFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/authorization/jpa/store/JPAAuthorizationStoreFactory.java
@@ -26,6 +26,7 @@ import org.keycloak.authorization.store.AuthorizationStoreFactory;
 import org.keycloak.authorization.store.StoreFactory;
 import org.keycloak.connections.jpa.JpaConnectionProvider;
 import org.keycloak.models.KeycloakSession;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
@@ -55,4 +56,9 @@ public class JPAAuthorizationStoreFactory implements AuthorizationStoreFactory {
     private EntityManager getEntityManager(KeycloakSession session) {
         return session.getProvider(JpaConnectionProvider.class).getEntityManager();
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java
index 9da10c5dd9..775bea54dd 100644
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientProviderFactory.java
@@ -25,6 +25,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 
 import javax.persistence.EntityManager;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_ID;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
 
 public class JpaClientProviderFactory implements ClientProviderFactory {
 
@@ -39,7 +41,7 @@ public class JpaClientProviderFactory implements ClientProviderFactory {
 
     @Override
     public String getId() {
-        return "jpa";
+        return PROVIDER_ID;
     }
 
     @Override
@@ -52,4 +54,9 @@ public class JpaClientProviderFactory implements ClientProviderFactory {
     public void close() {
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
+
 }
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientScopeProviderFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientScopeProviderFactory.java
index 22227f1f4a..9c4472319c 100644
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientScopeProviderFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaClientScopeProviderFactory.java
@@ -25,6 +25,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 
 import javax.persistence.EntityManager;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_ID;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
 
 public class JpaClientScopeProviderFactory implements ClientScopeProviderFactory {
 
@@ -38,7 +40,7 @@ public class JpaClientScopeProviderFactory implements ClientScopeProviderFactory
 
     @Override
     public String getId() {
-        return "jpa";
+        return PROVIDER_ID;
     }
 
     @Override
@@ -51,4 +53,9 @@ public class JpaClientScopeProviderFactory implements ClientScopeProviderFactory
     public void close() {
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
+
 }
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaGroupProviderFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaGroupProviderFactory.java
index 957e0c17e6..12decf4385 100644
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaGroupProviderFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaGroupProviderFactory.java
@@ -25,6 +25,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 
 import javax.persistence.EntityManager;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_ID;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
 
 public class JpaGroupProviderFactory implements GroupProviderFactory {
 
@@ -39,7 +41,7 @@ public class JpaGroupProviderFactory implements GroupProviderFactory {
 
     @Override
     public String getId() {
-        return "jpa";
+        return PROVIDER_ID;
     }
 
     @Override
@@ -52,4 +54,9 @@ public class JpaGroupProviderFactory implements GroupProviderFactory {
     public void close() {
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
+
 }
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProviderFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProviderFactory.java
index 6a60fed198..ed8caee925 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProviderFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRealmProviderFactory.java
@@ -40,6 +40,9 @@ public class JpaRealmProviderFactory implements RealmProviderFactory, ProviderEv
 
     private Runnable onClose;
 
+    public static final String PROVIDER_ID = "jpa";
+    public static final int PROVIDER_PRIORITY = 1;
+
     @Override
     public void init(Config.Scope config) {
     }
@@ -52,7 +55,7 @@ public class JpaRealmProviderFactory implements RealmProviderFactory, ProviderEv
 
     @Override
     public String getId() {
-        return "jpa";
+        return PROVIDER_ID;
     }
 
     @Override
@@ -83,4 +86,10 @@ public class JpaRealmProviderFactory implements RealmProviderFactory, ProviderEv
             create(e.getKeycloakSession()).preRemove(realm, role);
         }
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
+
 }
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRoleProviderFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRoleProviderFactory.java
index fd1059c260..a739ce8d3f 100644
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRoleProviderFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaRoleProviderFactory.java
@@ -25,6 +25,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 
 import javax.persistence.EntityManager;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_ID;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
 
 public class JpaRoleProviderFactory implements RoleProviderFactory {
 
@@ -38,7 +40,7 @@ public class JpaRoleProviderFactory implements RoleProviderFactory {
 
     @Override
     public String getId() {
-        return "jpa";
+        return PROVIDER_ID;
     }
 
     @Override
@@ -51,4 +53,9 @@ public class JpaRoleProviderFactory implements RoleProviderFactory {
     public void close() {
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
+
 }
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaServerInfoProviderFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaServerInfoProviderFactory.java
index 828dbaee94..53e1e03302 100644
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaServerInfoProviderFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaServerInfoProviderFactory.java
@@ -24,6 +24,8 @@ import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.models.ServerInfoProvider;
 import org.keycloak.models.ServerInfoProviderFactory;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_ID;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
 
 public class JpaServerInfoProviderFactory implements ServerInfoProviderFactory {
 
@@ -37,7 +39,7 @@ public class JpaServerInfoProviderFactory implements ServerInfoProviderFactory {
 
     @Override
     public String getId() {
-        return "jpa";
+        return PROVIDER_ID;
     }
 
     @Override
@@ -49,4 +51,9 @@ public class JpaServerInfoProviderFactory implements ServerInfoProviderFactory {
     @Override
     public void close() {
     }
+
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
 }
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserCredentialStoreFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserCredentialStoreFactory.java
index 550299ba8b..ccc374dbcd 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserCredentialStoreFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserCredentialStoreFactory.java
@@ -25,6 +25,8 @@ import org.keycloak.models.KeycloakSessionFactory;
 import org.keycloak.provider.ProviderFactory;
 
 import javax.persistence.EntityManager;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_ID;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -43,7 +45,7 @@ public class JpaUserCredentialStoreFactory implements ProviderFactory<UserCreden
 
     @Override
     public String getId() {
-        return "jpa";
+        return PROVIDER_ID;
     }
 
     @Override
@@ -56,4 +58,9 @@ public class JpaUserCredentialStoreFactory implements ProviderFactory<UserCreden
     public void close() {
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
+
 }
diff --git a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProviderFactory.java b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProviderFactory.java
index f94ca4658e..a6be0c0747 100755
--- a/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProviderFactory.java
+++ b/model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserProviderFactory.java
@@ -25,6 +25,8 @@ import org.keycloak.models.UserProvider;
 import org.keycloak.models.UserProviderFactory;
 
 import javax.persistence.EntityManager;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_ID;
+import static org.keycloak.models.jpa.JpaRealmProviderFactory.PROVIDER_PRIORITY;
 
 /**
  * @author <a href="mailto:bill@burkecentral.com">Bill Burke</a>
@@ -43,7 +45,7 @@ public class JpaUserProviderFactory implements UserProviderFactory {
 
     @Override
     public String getId() {
-        return "jpa";
+        return PROVIDER_ID;
     }
 
     @Override
@@ -56,4 +58,9 @@ public class JpaUserProviderFactory implements UserProviderFactory {
     public void close() {
     }
 
+    @Override
+    public int order() {
+        return PROVIDER_PRIORITY;
+    }
+
 }
diff --git a/model/map/src/main/java/org/keycloak/models/map/storage/chm/ConcurrentHashMapStorageProvider.java b/model/map/src/main/java/org/keycloak/models/map/storage/chm/ConcurrentHashMapStorageProvider.java
index 1e607a2231..07193f329a 100644
--- a/model/map/src/main/java/org/keycloak/models/map/storage/chm/ConcurrentHashMapStorageProvider.java
+++ b/model/map/src/main/java/org/keycloak/models/map/storage/chm/ConcurrentHashMapStorageProvider.java
@@ -57,13 +57,24 @@ public class ConcurrentHashMapStorageProvider implements MapStorageProvider {
 
     @Override
     public void init(Scope config) {
-        File f = new File(config.get("dir"));
-        try {
-            this.storageDirectory = f.exists()
-              ? f
-              : Files.createTempDirectory("storage-map-chm-").toFile();
-        } catch (IOException ex) {
+        final String dir = config.get("dir");
+        if (dir == null || dir.trim().isEmpty()) {
+            LOG.warn("No directory set, created objects will not survive server restart");
             this.storageDirectory = null;
+        } else {
+            File f = new File(dir);
+            try {
+                Files.createDirectories(f.toPath());
+                if (f.exists()) {
+                    this.storageDirectory = f;
+                } else {
+                    LOG.warnf("Directory cannot be used, created objects will not survive server restart: %s", dir);
+                    this.storageDirectory = null;
+                }
+            } catch (IOException ex) {
+                LOG.warnf("Directory cannot be used, created objects will not survive server restart: %s", dir);
+                this.storageDirectory = null;
+            }
         }
     }
 
diff --git a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
index a994c6e3b1..1edc4582bb 100755
--- a/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
+++ b/services/src/main/java/org/keycloak/services/DefaultKeycloakSessionFactory.java
@@ -225,7 +225,7 @@ public class DefaultKeycloakSessionFactory implements KeycloakSessionFactory, Pr
             String defaultProvider = Config.getProvider(spi.getName());
             if (defaultProvider != null) {
                 if (getProviderFactory(spi.getProviderClass(), defaultProvider) == null) {
-                    throw new RuntimeException("Failed to find provider " + provider + " for " + spi.getName());
+                    throw new RuntimeException("Failed to find provider " + defaultProvider + " for " + spi.getName());
                 }
             } else {
                 Map<String, ProviderFactory> factories = factoriesMap.get(spi.getProviderClass());
diff --git a/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakProviderDependencyProcessor.java b/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakProviderDependencyProcessor.java
index 3d6e367a56..b6e8134505 100644
--- a/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakProviderDependencyProcessor.java
+++ b/wildfly/server-subsystem/src/main/java/org/keycloak/subsystem/server/extension/KeycloakProviderDependencyProcessor.java
@@ -44,6 +44,7 @@ public class KeycloakProviderDependencyProcessor implements DeploymentUnitProces
     private static final ModuleIdentifier KEYCLOAK_SERVER_SPI = ModuleIdentifier.create("org.keycloak.keycloak-server-spi");
     private static final ModuleIdentifier KEYCLOAK_SERVER_SPI_PRIVATE = ModuleIdentifier.create("org.keycloak.keycloak-server-spi-private");
     private static final ModuleIdentifier KEYCLOAK_JPA = ModuleIdentifier.create("org.keycloak.keycloak-model-jpa");
+    private static final ModuleIdentifier KEYCLOAK_MAP = ModuleIdentifier.create("org.keycloak.keycloak-model-map");
     private static final ModuleIdentifier JAXRS = ModuleIdentifier.create("javax.ws.rs.api");
     private static final ModuleIdentifier RESTEASY = ModuleIdentifier.create("org.jboss.resteasy.resteasy-jaxrs");
     private static final ModuleIdentifier APACHE = ModuleIdentifier.create("org.apache.httpcomponents");
@@ -70,6 +71,7 @@ public class KeycloakProviderDependencyProcessor implements DeploymentUnitProces
             moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, RESTEASY, false, false, false, false));
             moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, APACHE, false, false, false, false));
             moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_JPA, false, false, false, false));
+            moduleSpecification.addSystemDependency(new ModuleDependency(moduleLoader, KEYCLOAK_MAP, false, false, false, false));
         }
     }