On 25 August 2016 at 16:31, Bill Burke <bburke(a)redhat.com> wrote:
I found out that if you call cache.clear() with a invalidation cache,
it
only clears locally and not the entire cluster. I was thinking that we
could set a realm attribute of "not-valid-before" with a timestamp.
When something is accessed, check the timestamp vs. the time the thing
was inserted into the cache.
You 100% sure? I thought I checked that it worked.
This is also important for the fine-grain cache policies I want to
implement for users. I want cache policies for users. Scheduled
evictions and/or max time in the cache. There could be realm-level
policies for all users everywhere, and per storage provider. I also
want the ability to clear the cache for a specific provider manually.
Using the Infinispan stream() api, IMO, is just not feasible. We don't
want to be iterating over thousands of users in the cache to see if they
should be invalidated or not. There's also the issue of making sure
this happens cluster-wide. So instead, just do a simple timestamp check
when the user is accessed.
That's not going to be sufficient as we want a mechanism to completely
clear the caches. It's required for example if there's a memory problem or
another issue where you want to just start fresh. I think it's just a nice
fail-safe to have.
I don't honestly see what the purpose of a "not-valid-before" timestamp
would be. It doesn't seem to cover the use-case of clearing the cache if
there's an issue, so not sure what problem it's trying to solve.
Bill
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev