My stuff is already in. So the conflict shouldn't be there though.
The main thing is, that when you invalidate something, there needs to be
put new entry to "invalidationEvents" set, which are events to be sent
to other cluster nodes. The existing methods (eg.
registerUserInvalidation) are already doing it. This will work
regardless if cache is fronted with userStorage() or userLocalStorage() .
Marek
On 21/11/16 17:18, Bill Burke wrote:
I think I made a mistake when User Storage Providers are importing
into
local cache. Currently KeycloakSession.userLocalStorage() does not have
a cache in front of it. The LDAP and Kerberos providers call this to
determine if the user has been imported or not. The thing is, the user
may already be cached and I think there is a possibility of updating the
user (on demand resync) and getting stale cache entries. Also, we don't
want a database hit every time there is validation happening.
So, I'm going to figure out a way to have the cache front the
userLocalStorage() method too like we do for userStorage(). This will
require some refactoring of UserCacheSession. Not sure if that will
conflict with Marek's work.
Bill
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev