[keycloak-dev] caching custom per-user objects
Bill Burke
bburke at redhat.com
Mon Aug 15 17:54:22 EDT 2016
I've run into a few places where I need to cache custom things per-user
that are evicted along with the user. I also need some fine grain
control of things that get cached with a user. Here are the scenarios
* UserStorageProvider SPI needs to cache something that doesn't fit with
the current UserModel metadata
* Certain credential types like HOTP need to be updated per login. We
don't want to cache these things, and we do not want to evict users in
the cache that use these credential types
* It should be possible to cache credentials that are validated by an
external provider. For example, password and LDAP. JBoss has
supported caching successfully validated credentials since forever.
I'm going to expose a new interface via KeycloakSession: UserCache
interface UserCache extends UserProvider {
boolean isCached(UserModel user);
void cacheWith(UserMode userl, Object key, Object value);
}
I'm also going to add a callback interface
interface OnUserCache {
void cacheUser(RealmModel realm, UserModel user, Map cache);
}
I originally thought about having a ProviderEvent for OnUserCache, but
this callback needs to be targeted to specific objects rather than
everything. i.e. a specific User Storage Provider rather than being
sent to every storage provider.
Bill
More information about the keycloak-dev
mailing list