[keycloak-dev] Realm cache
Stian Thorgersen
sthorger at redhat.com
Thu Dec 3 07:50:49 EST 2015
There's still some outstanding issues with the realm cache. It works, but
can and should be improved for 1.8.
One issue was that once the realm is updated any methods on clients, roles
or groups returns the underlying adapter instead of the cache adapters. As
a work around in 1.7 it now ejects all clients for a realm when it sees any
changes.
We have a few potential ways to solve this:
a) try to always return cache adapters - I went down this road attacking it
from a few different approaches, but was never successful as there was
always something that didn't work
b) only cache realms and have everything else hang off it - this is my
preferred option for now. As long as updating clients requires invalidating
the realm it seems a bit over the top to have separate caches for everything
c) make the cache smarter - instead of invalidating a realm, make sure we
add/remove the clients, etc..
We also need more automated testing around clustering. Late in 1.7 release
process I identified that caches where invalidated when other nodes loaded
things to it, so effectively the cache wasn't working at all in a cluster.
Thoughts?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20151203/9428f2b1/attachment-0001.html
More information about the keycloak-dev
mailing list