Re: [keycloak-dev] Cache policies and cache clearing
Another alternative: Ensure that cache.clear() is called on all clusted
nodes.
I've added ClusterProvider some time ago. It allows to register listener
with the task, which can then be triggered on all cluster nodes.
First listener needs to be registered on every cluster node. Usually can
be done in SomeFactory.postInit() :
session.getProvider(ClusterProvider.class).registerListener("clear-cache",
new CacheListener() { ... });
then calling this when clearing cache is requested:
session.getProvider(ClusterProvider.class).notify("clear-cache", new
ClearCacheClusterEvent());
and CacheListener.run will be triggered on all cluster nodes.
ClearCacheClusterEvent needs to be serializable and can contain all the
context info, which cache should be cleared etc.
Marek
On 25/08/16 16:31, Bill Burke wrote:
I found out that if you call cache.clear() with a invalidation cache,
it
only clears locally and not the entire cluster. I was thinking that we
could set a realm attribute of "not-valid-before" with a timestamp.
When something is accessed, check the timestamp vs. the time the thing
was inserted into the cache.
This is also important for the fine-grain cache policies I want to
implement for users. I want cache policies for users. Scheduled
evictions and/or max time in the cache. There could be realm-level
policies for all users everywhere, and per storage provider. I also
want the ability to clear the cache for a specific provider manually.
Using the Infinispan stream() api, IMO, is just not feasible. We don't
want to be iterating over thousands of users in the cache to see if they
should be invalidated or not. There's also the issue of making sure
this happens cluster-wide. So instead, just do a simple timestamp check
when the user is accessed.
Bill
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev