[keycloak-dev] KeycloakSession question
Stan Silvert
ssilvert at redhat.com
Fri Apr 10 12:50:17 EDT 2015
Besides needing to implement a way to make the in-memory copy, that
would leave me with the same problem I have now.
If I write the copy to disk, I might overwrite changes from some other
KeycloakSession. Remember, I have to write the whole model to disk and
my local model might be stale. This is the problem I have today as
every KeycloakSession has its own copy that was read from disk.
If I write from the master in-memory model, I need to wait for active
sessions to end before I write it out to disk. That's what I'm
proposing to do.
On 4/10/2015 12:28 PM, Bill Burke wrote:
> Adapters are created per KeycloakSession too (RealmAdapter, etc.). If a
> write method is called on the adapter, you know that underlying instance
> must be synced at commit time.
>
> So, here are the steps you should do:
>
> 1. Somebody accesses RealmModel
> 2. RealmAdapter is created, it delegates to shared in-memory model
> 3. If RealmAdapter write method is called copy in-memory model of
> RealmAdapter, make your changes within the copy
> 4. At commit, flush the changes to the RealmAdapter to main memory model
> and disk.
>
> If you want to get more consistency, add a version field to in-memory
> model, that way you can do "optimistic" concurrency and abort the sync
> if the version field is changed. We should actually probably do this
> with our JPA model too.
>
> On 4/10/2015 11:55 AM, Stan Silvert wrote:
>> On 4/10/2015 10:28 AM, Bill Burke wrote:
>>> KeycloakSession is analogous to an EntityManager in JPA. It only exists
>>> for the duration of the request. What you'd want is for File-based
>>> storage to queue up writes and flush them when the KeycloakSession is
>>> committed.
>> That's basically what happens now. The problem is that there is no
>> concept of individual writes. Every time you write, you must write the
>> entire model. With each KeycloakSession having its own copy of the
>> model, one KeycloakSession can overwrite the changes of another.
>>
>> If you use a single shared in-memory model, you have to wait until
>> everyone is done writing to it before you can save it to disk. That's
>> the scheme I outlined below. It sounds like it will work since we know
>> that each KeycloakSession will end in a timely manner.
>>
>>> On 4/10/2015 9:15 AM, Stan Silvert wrote:
>>>> Is KeycloakSession always short-lived?
>>>>
>>>> If so, it might be relatively easy to make the JSON File based
>>>> persistence more robust and probably fix the cache tests that currently
>>>> fail with it.
>>>>
>>>> All KeycloakSessions would share the same in-memory model. When a
>>>> KeycloakSession ends and requests to write the model to disk, all new
>>>> requests for access to the model are blocked. When all active
>>>> KeycloakSessions are done, we write out the model and unblock the new
>>>> KeycloakSessions.
>>>>
>>>> But this only works if we can assume KeycloakSession is short-lived.
>>>> _______________________________________________
>>>> keycloak-dev mailing list
>>>> keycloak-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
More information about the keycloak-dev
mailing list