[KEYCLOAK-3390] - Updating authorization objects doesn't invalidate cache in cluster

This commit is contained in:
Pedro Igor 2016-08-12 11:15:13 -03:00
parent 27187c11f1
commit bfe10e34e7
13 changed files with 28 additions and 13 deletions

View file

@ -89,6 +89,7 @@
<local-cache name="sessions"/>
<local-cache name="offlineSessions"/>
<local-cache name="loginFailures"/>
<local-cache name="authorization "/>
<local-cache name="work"/>
</cache-container>
<xsl:apply-templates select="node()|@*"/>

View file

@ -8,6 +8,7 @@ embed-server --server-config=standalone-ha.xml
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:add(mode="SYNC",owners="1")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:add(mode="SYNC",owners="1")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:add(mode="SYNC",owners="1")
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization:add(mode="SYNC",owners="1")
/subsystem=infinispan/cache-container=keycloak/replicated-cache=work:add(mode="SYNC")
/extension=org.keycloak.keycloak-server-subsystem/:add(module=org.keycloak.keycloak-server-subsystem)
/subsystem=keycloak-server:add(web-context=auth)

View file

@ -108,7 +108,7 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
cacheManager.defineConfiguration(InfinispanConnectionProvider.USER_REVISIONS_CACHE_NAME, getRevisionCacheConfig(true, maxEntries));
cacheManager.getCache(InfinispanConnectionProvider.USER_REVISIONS_CACHE_NAME, true);
cacheManager.getCache(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME, true);
logger.debugv("Using container managed Infinispan cache container, lookup={1}", cacheContainerLookup);
} catch (Exception e) {
throw new RuntimeException("Failed to retrieve cache container", e);
@ -161,6 +161,7 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
cacheManager.defineConfiguration(InfinispanConnectionProvider.SESSION_CACHE_NAME, sessionCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.OFFLINE_SESSION_CACHE_NAME, sessionCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.LOGIN_FAILURE_CACHE_NAME, sessionCacheConfiguration);
cacheManager.defineConfiguration(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME, sessionCacheConfiguration);
ConfigurationBuilder replicationConfigBuilder = new ConfigurationBuilder();
if (clustered) {
@ -178,9 +179,6 @@ public class DefaultInfinispanConnectionProviderFactory implements InfinispanCon
cacheManager.defineConfiguration(InfinispanConnectionProvider.REALM_REVISIONS_CACHE_NAME, getRevisionCacheConfig(false, InfinispanConnectionProvider.REALM_REVISIONS_CACHE_DEFAULT_MAX));
cacheManager.getCache(InfinispanConnectionProvider.REALM_CACHE_NAME, true);
cacheManager.defineConfiguration(InfinispanConnectionProvider.AUTHORIZATION_CACHE_NAME,
new ConfigurationBuilder().eviction().type(EvictionType.COUNT).size(100).simpleCache(true).build());
long maxEntries = cacheManager.getCache(InfinispanConnectionProvider.USER_CACHE_NAME).getCacheConfiguration().eviction().maxEntries();
if (maxEntries <= 0) {
maxEntries = InfinispanConnectionProvider.USER_REVISIONS_CACHE_DEFAULT_MAX;

View file

@ -389,7 +389,7 @@ public class CachedPolicyStore implements PolicyStore {
if (this.updated == null) {
this.updated = getDelegate().findById(getId());
if (this.updated == null) throw new IllegalStateException("Not found in database");
transaction.whenCommit(() -> cache.evict(getCacheKeyForPolicy(getId())));
transaction.whenCommit(() -> cache.remove(getCacheKeyForPolicy(getId())));
}
return this.updated;

View file

@ -169,7 +169,7 @@ public class CachedResourceServerStore implements ResourceServerStore {
if (this.updated == null) {
this.updated = getDelegate().findById(getId());
if (this.updated == null) throw new IllegalStateException("Not found in database");
transaction.whenCommit(() -> cache.evict(getCacheKeyForResourceServer(getId())));
transaction.whenCommit(() -> cache.remove(getCacheKeyForResourceServer(getId())));
}
return this.updated;

View file

@ -270,7 +270,7 @@ public class CachedResourceStore implements ResourceStore {
if (this.updated == null) {
this.updated = getDelegate().findById(getId());
if (this.updated == null) throw new IllegalStateException("Not found in database");
transaction.whenCommit(() -> cache.evict(getCacheKeyForResource(getId())));
transaction.whenCommit(() -> cache.remove(getCacheKeyForResource(getId())));
}
return this.updated;

View file

@ -175,7 +175,7 @@ public class CachedScopeStore implements ScopeStore {
if (this.updated == null) {
this.updated = getDelegate().findById(getId());
if (this.updated == null) throw new IllegalStateException("Not found in database");
transaction.whenCommit(() -> cache.evict(getCacheKeyForScope(getId())));
transaction.whenCommit(() -> cache.remove(getCacheKeyForScope(getId())));
}
return this.updated;

View file

@ -22,10 +22,10 @@ import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.models.entities.AbstractIdentifiableEntity;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import java.io.Serializable;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
@ -34,7 +34,9 @@ import java.util.stream.Collectors;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedPolicy implements Policy {
public class CachedPolicy implements Policy, Serializable {
private static final long serialVersionUID = -144247681046298128L;
private String id;
private String type;

View file

@ -22,6 +22,7 @@ import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import java.io.Serializable;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
@ -29,7 +30,9 @@ import java.util.stream.Collectors;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedResource implements Resource {
public class CachedResource implements Resource, Serializable {
private static final long serialVersionUID = -6886179034626995165L;
private final String id;
private String resourceServerId;

View file

@ -21,10 +21,14 @@ package org.keycloak.models.authorization.infinispan.entities;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import java.io.Serializable;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedResourceServer implements ResourceServer {
public class CachedResourceServer implements ResourceServer, Serializable {
private static final long serialVersionUID = 5054253390723121289L;
private final String id;
private String clientId;

View file

@ -21,10 +21,14 @@ package org.keycloak.models.authorization.infinispan.entities;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import java.io.Serializable;
/**
* @author <a href="mailto:psilva@redhat.com">Pedro Igor</a>
*/
public class CachedScope implements Scope {
public class CachedScope implements Scope, Serializable {
private static final long serialVersionUID = -3919706923417065454L;
private final String id;
private String resourceServerId;

View file

@ -63,6 +63,7 @@ public class KeycloakServerDeploymentProcessor implements DeploymentUnitProcesso
st.addDependency(cacheContainerService.append("offlineSessions"));
st.addDependency(cacheContainerService.append("loginFailures"));
st.addDependency(cacheContainerService.append("work"));
st.addDependency(cacheContainerService.append("authorization"));;
}
}

View file

@ -95,6 +95,7 @@
<distributed-cache name="sessions" mode="SYNC" owners="1"/>
<distributed-cache name="offlineSessions" mode="SYNC" owners="1"/>
<distributed-cache name="loginFailures" mode="SYNC" owners="1"/>
<distributed-cache name="authorization" mode="SYNC" owners="1"/>
<replicated-cache name="work" mode="SYNC" />
</cache-container>
<cache-container name="server" aliases="singleton cluster" default-cache="default" module="org.wildfly.clustering.server">