[keycloak-dev] Cache policies and cache clearing
Bill Burke
bburke at redhat.com
Thu Aug 25 10:31:40 EDT 2016
I found out that if you call cache.clear() with a invalidation cache, it
only clears locally and not the entire cluster. I was thinking that we
could set a realm attribute of "not-valid-before" with a timestamp.
When something is accessed, check the timestamp vs. the time the thing
was inserted into the cache.
This is also important for the fine-grain cache policies I want to
implement for users. I want cache policies for users. Scheduled
evictions and/or max time in the cache. There could be realm-level
policies for all users everywhere, and per storage provider. I also
want the ability to clear the cache for a specific provider manually.
Using the Infinispan stream() api, IMO, is just not feasible. We don't
want to be iterating over thousands of users in the cache to see if they
should be invalidated or not. There's also the issue of making sure
this happens cluster-wide. So instead, just do a simple timestamp check
when the user is accessed.
Bill
More information about the keycloak-dev
mailing list