<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">On 22/12/15 11:43, Jorge M. wrote:<br>
</div>
<blockquote
cite="mid:CAHEpHRKTABJekKKp3XG=Rj+d=R-k_W4fwTmv5tcO3oVc-918DA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div>
<div>Hi,<br>
<br>
"I think I'm in the right track now. I'm being able to call
the webservice before commit. However, when the user is
sucessfully created by the webservice, I need to update my
local user to add a property with the external user id. How
can I do that in the same transaction?<br>
I'm trying to set the property on the managed delegate user
model, but it has no effect."<br>
<br>
</div>
Is there any workaround for this? Basically, after the
webservice call (I'm doing the job with an approach based on
TxAwareLDAPUserModelDelegate) I need to get the previously
saved userStorage user, set an attribute and save it again. At
UserProvider interface I can't see any update method.<br>
</div>
</div>
</blockquote>
Yes, there is no any update method. It's because data of UserModel
are automatically persistent and attached with DB. For example if
you call:<br>
<br>
UserModel john = session.users().getUserByUsername("john");<br>
<br>
The "john" instance is persistent. So then if you call:<br>
<br>
john.setFirstName("Johnnn");<br>
<br>
the firstName is updated automatically in DB. No reason to call any
additional update method.<br>
<br>
So if you are really able to call your webservice before commit,
then you can just do something like:<br>
<br>
Object wsOutput = callYourWebService(...);<br>
john.setFirstName(wsOutput.getSomethingFromWSOutput);<br>
john.setAttribute("foo", wsOutput.getSomethingElseFromWSOutput);<br>
<br>
and it should work. If it doesn't work, then you're probably calling
your web service after DB commit (this is what
TxAwareLDAPUserModelDelegate is also doing btv. LDAP commit is send
after DB commit). <br>
<br>
We will likely improve that for 1.8 by allow enlist transaction with
priorities, which will allow to specify if your federationProvider
commit should be called before or after JPA commit (See my previous
email).<br>
<br>
Marek<br>
<blockquote
cite="mid:CAHEpHRKTABJekKKp3XG=Rj+d=R-k_W4fwTmv5tcO3oVc-918DA@mail.gmail.com"
type="cite">
<div dir="ltr">
<div><br>
</div>
Thanks<br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">2015-12-17 8:50 GMT+00:00 Stian
Thorgersen <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span>:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I guess in certain situations this can be
helpful. It doesn't solve the problem though so we need
something smarter at some point, but we don't have the
time to do it right now so would have to be for 2.x.</div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 14 December 2015 at 21:21,
Marek Posolda <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<div>I think yes. It should be quite easy to
change the signature of
KeycloakTransactionManager methods. Just
waiting if other team members agree and then
we can possibly change fix version of <a
moz-do-not-send="true"
href="https://issues.jboss.org/browse/KEYCLOAK-1075"
target="_blank"><a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-1075">https://issues.jboss.org/browse/KEYCLOAK-1075</a></a>
to 1.8 and do it for this release.<span><font
color="#888888"><br>
<br>
Marek</font></span>
<div>
<div><br>
<br>
On 14/12/15 17:15, Jorge M. wrote:<br>
</div>
</div>
</div>
<div>
<div>
<blockquote type="cite">
<p dir="ltr">I agree. I think that could
solve these issues. Is that something
that can go on a near release?</p>
<p dir="ltr">Thank yoy</p>
<div class="gmail_quote">On 11 Dec 2015
12:15, "Vlastimil Elias" <<a
moz-do-not-send="true"
href="mailto:velias@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:velias@redhat.com">velias@redhat.com</a></a>>
wrote:<br type="attribution">
<blockquote class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000" bgcolor="#FFFFFF">
<br>
<br>
<div>On 11.12.2015 12:19, Marek
Posolda wrote:<br>
</div>
<blockquote type="cite">
<div>I think what we can possibly
do is:<br>
<br>
1) Improve
KeycloakTransactionManager to
allow enlist with "priority" .
Instead of methods:<br>
<br>
void enlist(KeycloakTransaction
transaction);<br>
void
enlistAfterCompletion(KeycloakTransaction
transaction);<br>
<br>
we will have single method:<br>
<br>
void enlist(KeycloakTransaction
transaction, int priority);<br>
<br>
By default, JPA will enlist
transaction with priority 10 and
infinispan with priority 20 or
something like that.<br>
<br>
This change will allow to enlist
your transaction in your
FederationProvider with exact
priority. So you can choose
whether the commit will happenĀ
before JPA commit, or after JPA
commit or even after infinispan
commit etc.<br>
<br>
</div>
</blockquote>
<br>
+1, this may help to resolve current
problems<br>
<br>
<blockquote type="cite">
<div> 2) Make
TxAwareLDAPUserModelDelegate
class more generic and reusable
for other federation providers<br>
</div>
</blockquote>
<br>
may also help, but point 1 with
correct documentation is main what
we have to do<br>
<br>
Thanks<br>
<br>
Vlastimil<br>
<br>
<blockquote type="cite">
<div> <br>
Marek<span
style="background-color:#e4e4ff"><br>
<br>
</span> On 11/12/15 10:50,
Vlastimil Elias wrote:<br>
</div>
<blockquote type="cite"> Hi,<br>
<br>
I use similar approach and
problem is (at least I think)
that local DB transaction is
already commited when our code
runs. It has two negative
effects:<br>
- if remote service call is
successful you are not able to
write anything locally as Jorge
mentioned<br>
- if remote service call fails
local DB record is commited
already and it is hard to
implement correct error handling<br>
<br>
So I think User Federation SPI
should be extended by exact
method which allows atomic call
of backend during user creation
or update before local
transaction is commited. I
already created issue for it but
not resolved yet <a
moz-do-not-send="true"
href="https://issues.jboss.org/browse/KEYCLOAK-1075"
target="_blank"><a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-1075">https://issues.jboss.org/browse/KEYCLOAK-1075</a></a><br>
<br>
Vlastimil<br>
<br>
<div>On 10.12.2015 18:49, Jorge
M. wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">Hi,</p>
<p dir="ltr">I think I'm in
the right track now. I'm
being able to call the
webservice before commit.
However, when the user is
sucessfully created by the
webservice, I need to update
my local user to add a
property with the external
user id. How can I do that
in the same transaction?<br>
I'm trying to set the
property on the managed
delegate user model, but it
has no effect.</p>
<p dir="ltr">Thank you!</p>
<div class="gmail_quote">On 9
Dec 2015 18:39, "Marek
Posolda" <<a
moz-do-not-send="true"
href="mailto:mposolda@redhat.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:mposolda@redhat.com">mposolda@redhat.com</a></a>>
wrote:<br type="attribution">
<blockquote
class="gmail_quote"
style="margin:0 0 0
.8ex;border-left:1px #ccc
solid;padding-left:1ex">
<div text="#000000"
bgcolor="#FFFFFF">
<div>On 09/12/15 19:33,
Jorge M. wrote:<br>
</div>
<blockquote type="cite">
<p dir="ltr">I'm
developing a custom
federation that
communicates with my
user repository via
webservices. <br>
Probably this is a
very strange
scenario for a
federation but
that's the unique
way that I have to
communicate with the
repository.</p>
<p dir="ltr">My
problem is that, as
the webservices only
exposes methods such
as createUser and
updateUser, I'm
having problems with
registrations and
user profile updates
because I'm not
being able to do
atomic calls to the
webservice methods,
with all the
information that I
need.</p>
<p dir="ltr">As far as
I know, from the
properties file
example and from the
ldap federation
source (probably I'm
missing something)
it seems that the
federation api is
intended to update
and sync attribute
by attribute
(Keycloak <->
Federation). <br>
Am i wrong? Do you
suggest another
approach? Should I
give up from having
a federation that
uses a webservice?</p>
</blockquote>
You can use "transaction
wrapper", which will
allow you to store all
the updates to user
locally, but send the
UPDATE request to your
webservice later at
transaction commit time.
You may need to create
custom transaction and
enlist it with Keycloak
TransactionManager. <br>
<br>
This is what we have for
LDAP federation provider
right now. See <span
style="background-color:#e4e4ff">TxAwareLDAPUserModelDelegate.</span>
<br>
<br>
Marek<br>
<blockquote type="cite">
<p dir="ltr">Thank
you.</p>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
<pre cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-dev mailing list
<a moz-do-not-send="true" href="mailto:keycloak-dev@lists.jboss.org" target="_blank">keycloak-dev@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</blockquote>
<br>
<pre cols="72">--
Vlastimil Elias
Principal Software Engineer
Developer Portal Engineering Team</pre>
</div>
<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org"
target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
</blockquote>
<br>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org"
target="_blank">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>