[keycloak-dev] Preferred storage mechanism for custom settings

Stian Thorgersen sthorger at redhat.com
Mon Aug 15 06:51:03 EDT 2016 

Sounds like you're on the right track. You'd need to implement support for
Mongo as well though as we can't accept it otherwise.

With regards to tests I'd add
to org.keycloak.testsuite.admin.realm.RealmTest which would also make sure
attributes work correctly when added through the admin endpoints.

On 13 August 2016 at 16:47, Dmitry Telegin <mitya at cargosoft.ru> wrote:

> Hi,
>
> (As Stian is on vacation now, I'd appreciate if someone other helps me
> with this feature.)
>
> Please take a look https://github.com/keycloak/keycloak/compare/2.1.
> 0.Final...cargosoft:KEYCLOAK-3327
>
> (it has been branched off 2.1.0.Final for the ease of testing, I'll rebase
> it onto master if needed)
>
> o.k.models.RealmModel: added methods (borrowed signatures from
> jpa.RealmAdapter)
> o.k.models.jpa.RealmAdapter: added @Override annotations
> o.k.models.mongo.keycloak.adapters.RealmAdapter: added stubs (throwing
> UnsupportedOperationException)
> o.k.models.cache.infinispan.RealmAdapter: added attributes caching logic
> o.k.models.cache.infinispan.entities.CachedRealm: added attributes cache
> (as Map<String, String>)
>
> As for tests, I'm afraid I'll need some guidance.
> org.keycloak.testsuite.model.ModelTest seems appropriate for that; but it
> will need support for attributes in RealmRepresentation and RealmManager.
> Is this the right direction?
>
> Dmitry
>
>
>
> On 18 July 2016 at 22:35, Dmitry Telegin <mitya at cargosoft.ru> wrote:
>
> Stian,
>
> Here we go: https://issues.jboss.org/browse/KEYCLOAK-3327
>
> If the fix is somewhat trivial (i.e. a matter of adding fields and
> getters/setters) I think I could work on a PR as well.
>
>
> As the attributes are already available in the underlying entities it's
> just a matter of exposing through RealmModel and add tests for it.
>
>
>
> BTW, does this mean that all the custom entities provided via Entity SPI
> are not by default cache-enabled (and won't be synchronized between the
> nodes in clustered environment)?
> If so, will it be easy to cache-enable them? Is this just a matter of
> providing Infinispan adapters similar to existing ones for
> Realm/User/Role/Client etc.?
>
>
> There's no caching for custom entities. I'd recommend using Hibernate 2nd
> level cache for it as it's rather tricky to create a custom one. We have
> our custom one because we need to support Mongo as well as users from
> different sources (user federation and identity brokering).
>
>
>
> Ideally, I'd like to see a current domain-extension example augmented with
> Infinispan cache functionality. I've got some ideas on a detailed
> walkthrough tutorial for building complete, full-featured KeyCloak
> extensions (it's a big topic I'll elaborate on a bit later); I think
> Infinispan-enabled entities could be covered there, too.
>
>
> No chance we're adding cache for custom entities. It's just to hard to get
> right. For custom entities you should use Hibernate 2nd level cache.
>
>
>
> Regards,
> Dmitry
>
> В Пн, 18/07/2016 в 07:39 +0200, Stian Thorgersen пишет:
>
> Forgot that attributes are not exposed through RealmModel. You can't
> access the JPA RealmAdapter directly as you'll break the cache
> functionality. You can create a JIRA to request attributes added to
> RealmModel though.
>
> On 15 July 2016 at 20:28, Mitya <mitya at cargosoft.ru> wrote:
>
> Stian,
>
> In my provider, session.getContext().getRealm() returns an instance
> of org.keycloak.models.cache.infinispan.RealmAdapter. But in order to be
> able to manage attributes, we need an org.keycloak.models.jpa.RealmAdapter.
> What's the best way to obtain it?
>
> I've yet come up with the following:
>
> RealmModel realm = session.getContext().getRealm();
> RealmAdapter adapter = (RealmAdapter) session.getProvider(
> RealmProvider.class).getRealm(realm.getId());
>
>
> Realm attributes should be perfect for that
>
> On 12 July 2016 at 13:42, Mitya <mitya at cargosoft.ru> wrote:
>
> Hi,
>
> I'm developing a KeyCloak extension, and I want some custom (per-realm)
> parameters to be tuned via the GUI form. Speaking of the storage mechanism
> for my settings, are realm attributes suitable for that? or should I create
> a dedicated custom entity instead?
>
> Thx,
> Mitya
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160815/3f8ee2f0/attachment.html

More information about the keycloak-dev mailing list