<div dir="ltr">It is not expected behavior. Users should only be invalidated if changes are made.</div><div class="gmail_extra"><br><div class="gmail_quote">On 30 November 2015 at 07:01, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Just tested the same flow extensively with Keycloak 1.2.0 as well, and it seems the behavior is the same. Lots of MySQL select queries getting executed with each call. Seems there's a number of unnecessary cache invalidations going on which causes Keycloak to fetch data from the DB over and over.<br><br></div><div>Could you please confirm if this is the expected behavior? As far as I can see there's considerable performance degradation due to unnecessary cache invalidations.<br></div><div><br></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 27, 2015 at 8:42 PM, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">I'm invoking the following API call: https://{host}/auth/admin/realms/xxxxx/users/55ffe851-2d94-460e-88b9-bc7340531b56 (same realm and user ID over and over again). The two HA server(s) are idle apart from serving those calls. And I'm seeing the following SQL getting logged in my MySQL log for each and every call:<span><br><br>select userentity0_.ID as ID1_42_, userentity0_.CREATED_TIMESTAMP as
CREATED_2_42_, userentity0_.EMAIL as EMAIL3_42_,
userentity0_.EMAIL_CONSTRAINT as EMAIL_CO4_42_,
userentity0_.EMAIL_VERIFIED as EMAIL_VE5_42_, userentity0_.ENABLED as
ENABLED6_42_, userentity0_.federation_link as federati7_42_,
userentity0_.FIRST_NAME as FIRST_NA8_42_, userentity0_.LAST_NAME as
LAST_NAM9_42_, userentity0_.REALM_ID as REALM_I10_42_,
userentity0_.SERVICE_ACCOUNT_CLIENT_LINK as SERVICE11_42_,
userentity0_.TOTP as TOTP12_42_, userentity0_.USERNAME as USERNAM13_42_
from USER_ENTITY userentity0_ where userentity0_.ID='55ffe851-2d94-460e-88b9-bc7340531b56' and userentity0_.REALM_ID='xxxxx'<br><br><br></span></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 27, 2015 at 8:03 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Strange - what are you doing and what are the SQL queries?</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 27 November 2015 at 15:23, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Yes Stian, that I understand. But the problem here is even if I execute continuous user retrieval calls (same user - no other functionality in between), still MySQL select queries get executed for each call. So there lies an issue isn't it?<br><br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 27, 2015 at 6:48 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Things are still fetched from MySQL. Realms, clients, users, etc.. are then kept in the cache, but if it changes it's re-loaded from MySQL. We use an invalidation cache, not a distributed cache.</div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On 27 November 2015 at 14:04, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><p dir="ltr">What I mean is, if it were working, I shouldn't see mysql queries getting executed right? So my guess is data is still fetched from the db instead of the cache.</p><div><div>
<div class="gmail_quote">On Nov 27, 2015 5:52 PM, "Stian Thorgersen" <<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>> wrote:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Yup, so it's working now?</div><div class="gmail_extra"><br><div class="gmail_quote">On 27 November 2015 at 13:20, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Apologies, keycloak-server.json entries should change to:<br><br><span> "realm": {<br> "provider": "jpa"<br> },<br><br> "user": {<br> "provider": "jpa"<br> },<br><br> "userSessionPersister": {<br> "provider": "jpa"<br> },</span><br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Nov 27, 2015 at 5:49 PM, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div><div><div><div><div>Hi Stian,<br><br></div>As per the migration guide, I should have Infinispan up and running for realms, users and user sessions without doing any specific changes. keycloak-server.json was reverted back to have the following entries:<br>...<span><br> "realm": {<br> "provider": "infinispan"<br> },<br><br> "user": {<br> "provider": "infinispan"<br> },<br><br> "userSessionPersister": {<br> "provider": "infinispan"<br> },<br>...<br><br></span></div>In the Admin Console I have both Realm Cache and User Cache enables. I see certain Infinispan related logs getting logged as well. <br><br>However, at the same time, I see MySQL queries getting executed for all user retrieval API invocations (even if the same user is retrieved continuously):<br>...<br>select userentity0_.ID as ID1_42_, userentity0_.CREATED_TIMESTAMP as CREATED_2_42_, userentity0_.EMAIL as EMAIL3_42_, userentity0_.EMAIL_CONSTRAINT as EMAIL_CO4_42_, userentity0_.EMAIL_VERIFIED as EMAIL_VE5_42_, userentity0_.ENABLED as ENABLED6_42_, userentity0_.federation_link as federati7_42_, userentity0_.FIRST_NAME as FIRST_NA8_42_, userentity0_.LAST_NAME as LAST_NAM9_42_, userentity0_.REALM_ID as REALM_I10_42_, userentity0_.SERVICE_ACCOUNT_CLIENT_LINK as SERVICE11_42_, userentity0_.TOTP as TOTP12_42_, userentity0_.USERNAME as USERNAM13_42_ from USER_ENTITY userentity0_ where userentity0_.ID='55ffe851-2d94-460e-88b9-bc7340531b56' and userentity0_.REALM_ID='xxxxx'<br>...<br> <br></div>So it seems something is wrong here. Could you point out any areas that I could further look into?<br><br><br></div>Regards,<br></div>Lohitha.<br></div><div><div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Nov 26, 2015 at 7:58 PM, Stian Thorgersen <span dir="ltr"><<a href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Please read the migration guide</div><div class="gmail_extra"><br><div class="gmail_quote"><div><div>On 26 November 2015 at 14:53, Lohitha Chiranjeewa <span dir="ltr"><<a href="mailto:kalc04@gmail.com" target="_blank">kalc04@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div><div dir="ltr"><div><div><div><div><div><div><div>Hi,<br><br></div>We're in the process of assessing the impact on upgrading from Keycloak 1.2.0 to 1.6.1. We came across an issue when trying to enable Infinispan cache through the keycloak-server.json file as we used to do in 1.2.0.<br><br></div>We have the following entries in 1.6.1:<br> "realm": {<br> "provider": "infinispan"<br> },<br><br> "user": {<br> "provider": "infinispan"<br> },<br><br> "userSessionPersister": {<br> "provider": "infinispan"<br> },<br>.........<br> "connectionsInfinispan": {<br> "default" : {<br> "cacheContainer" : "java:comp/env/infinispan/Keycloak"<br> }<br> }<br><br></div>All configurations in 1.6.1 standalone-ha.xml file remains comparable (and correct to the best of our knowledge) with the ones in 1.2.0.<br><br></div>With the above configs, when we start the Keycloak service the following error(s) get logged:<br><br>18:03:31,610 ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 64) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./auth: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./auth: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)<br> at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85)<br> at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) [rt.jar:1.7.0_45]<br> at java.util.concurrent.FutureTask.run(FutureTask.java:262) [rt.jar:1.7.0_45]<br> at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_45]<br> at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_45]<br> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]<br> at org.jboss.threads.JBossThread.run(JBossThread.java:320) [jboss-threads-2.2.0.Final.jar:2.2.0.Final]<br>Caused by: java.lang.RuntimeException: Failed to construct public org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)<br> at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:160)<br> at org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2211)<br> at org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:295)<br> at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:236)<br> at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)<br> at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)<br> at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)<br> at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)<br> at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)<br> at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:230)<br> at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:131)<br> at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:511)<br> at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)<br> at org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)<br> ... 6 more<br>Caused by: java.lang.RuntimeException: Failed to find provider infinispan for realm<br> at org.keycloak.services.DefaultKeycloakSessionFactory.init(DefaultKeycloakSessionFactory.java:66)<br> at org.keycloak.services.resources.KeycloakApplication.createSessionFactory(KeycloakApplication.java:162)<br> at org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:62)<br> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [rt.jar:1.7.0_45]<br> at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) [rt.jar:1.7.0_45]<br> at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [rt.jar:1.7.0_45]<br> at java.lang.reflect.Constructor.newInstance(Constructor.java:526) [rt.jar:1.7.0_45]<br> at org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:148)<br> ... 19 more<br><br><br></div>Is the new way to enable Infinispan different to what we had earlier? If so, can someone please point out the correct way?<br><br><br></div>Regards,<br></div>Lohitha.<br><div><div><div><div><div><br><div><br></div></div></div></div></div></div></div>
<br></div></div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</blockquote></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>