[keycloak-dev] KeycloakSession question

Bill Burke bburke at redhat.com
Fri Apr 10 12:28:51 EDT 2015


Adapters are created per KeycloakSession too (RealmAdapter, etc.).  If a 
write method is called on the adapter, you know that underlying instance 
must be synced at commit time.

So, here are the steps you should do:

1. Somebody accesses RealmModel
2. RealmAdapter is created, it delegates to shared in-memory model
3. If RealmAdapter write method is called copy in-memory model of 
RealmAdapter, make your changes within the copy
4. At commit, flush the changes to the RealmAdapter to main memory model 
and disk.

If you want to get more consistency, add a version field to in-memory 
model, that way you can do "optimistic" concurrency and abort the sync 
if the version field is changed.  We should actually probably do this 
with our JPA model too.

On 4/10/2015 11:55 AM, Stan Silvert wrote:
> On 4/10/2015 10:28 AM, Bill Burke wrote:
>> KeycloakSession is analogous to an EntityManager in JPA.  It only exists
>> for the duration of the request.  What you'd want is for File-based
>> storage to queue up writes and flush them when the KeycloakSession is
>> committed.
> That's basically what happens now.  The problem is that there is no
> concept of individual writes.  Every time you write, you must write the
> entire model.  With each KeycloakSession having its own copy of the
> model, one KeycloakSession can overwrite the changes of another.
>
> If you use a single shared in-memory model, you have to wait until
> everyone is done writing to it before you can save it to disk. That's
> the scheme I outlined below.  It sounds like it will work since we know
> that each KeycloakSession will end in a timely manner.
>
>>
>> On 4/10/2015 9:15 AM, Stan Silvert wrote:
>>> Is KeycloakSession always short-lived?
>>>
>>> If so, it might be relatively easy to make the JSON File based
>>> persistence more robust and probably fix the cache tests that currently
>>> fail with it.
>>>
>>> All KeycloakSessions would share the same in-memory model.  When a
>>> KeycloakSession ends and requests to write the model to disk, all new
>>> requests for access to the model are blocked.  When all active
>>> KeycloakSessions are done, we write out the model and unblock the new
>>> KeycloakSessions.
>>>
>>> But this only works if we can assume KeycloakSession is short-lived.
>>> _______________________________________________
>>> keycloak-dev mailing list
>>> keycloak-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com


More information about the keycloak-dev mailing list