[keycloak-user] How to enable Infinispan cache for realms, users and user sessions in Keycloak 1.6.1?
Stian Thorgersen
sthorger at redhat.com
Fri Nov 27 08:18:30 EST 2015
Things are still fetched from MySQL. Realms, clients, users, etc.. are then
kept in the cache, but if it changes it's re-loaded from MySQL. We use an
invalidation cache, not a distributed cache.
On 27 November 2015 at 14:04, Lohitha Chiranjeewa <kalc04 at gmail.com> wrote:
> What I mean is, if it were working, I shouldn't see mysql queries getting
> executed right? So my guess is data is still fetched from the db instead of
> the cache.
> On Nov 27, 2015 5:52 PM, "Stian Thorgersen" <sthorger at redhat.com> wrote:
>
>> Yup, so it's working now?
>>
>> On 27 November 2015 at 13:20, Lohitha Chiranjeewa <kalc04 at gmail.com>
>> wrote:
>>
>>> Apologies, keycloak-server.json entries should change to:
>>>
>>> "realm": {
>>> "provider": "jpa"
>>> },
>>>
>>> "user": {
>>> "provider": "jpa"
>>> },
>>>
>>> "userSessionPersister": {
>>> "provider": "jpa"
>>> },
>>>
>>> On Fri, Nov 27, 2015 at 5:49 PM, Lohitha Chiranjeewa <kalc04 at gmail.com>
>>> wrote:
>>>
>>>> Hi Stian,
>>>>
>>>> As per the migration guide, I should have Infinispan up and running for
>>>> realms, users and user sessions without doing any specific changes.
>>>> keycloak-server.json was reverted back to have the following entries:
>>>> ...
>>>> "realm": {
>>>> "provider": "infinispan"
>>>> },
>>>>
>>>> "user": {
>>>> "provider": "infinispan"
>>>> },
>>>>
>>>> "userSessionPersister": {
>>>> "provider": "infinispan"
>>>> },
>>>> ...
>>>>
>>>> In the Admin Console I have both Realm Cache and User Cache enables. I
>>>> see certain Infinispan related logs getting logged as well.
>>>>
>>>> However, at the same time, I see MySQL queries getting executed for all
>>>> user retrieval API invocations (even if the same user is retrieved
>>>> continuously):
>>>> ...
>>>> select userentity0_.ID as ID1_42_, userentity0_.CREATED_TIMESTAMP as
>>>> CREATED_2_42_, userentity0_.EMAIL as EMAIL3_42_,
>>>> userentity0_.EMAIL_CONSTRAINT as EMAIL_CO4_42_, userentity0_.EMAIL_VERIFIED
>>>> as EMAIL_VE5_42_, userentity0_.ENABLED as ENABLED6_42_,
>>>> userentity0_.federation_link as federati7_42_, userentity0_.FIRST_NAME as
>>>> FIRST_NA8_42_, userentity0_.LAST_NAME as LAST_NAM9_42_,
>>>> userentity0_.REALM_ID as REALM_I10_42_,
>>>> userentity0_.SERVICE_ACCOUNT_CLIENT_LINK as SERVICE11_42_,
>>>> userentity0_.TOTP as TOTP12_42_, userentity0_.USERNAME as USERNAM13_42_
>>>> from USER_ENTITY userentity0_ where
>>>> userentity0_.ID='55ffe851-2d94-460e-88b9-bc7340531b56' and
>>>> userentity0_.REALM_ID='xxxxx'
>>>> ...
>>>>
>>>> So it seems something is wrong here. Could you point out any areas that
>>>> I could further look into?
>>>>
>>>>
>>>> Regards,
>>>> Lohitha.
>>>>
>>>> On Thu, Nov 26, 2015 at 7:58 PM, Stian Thorgersen <sthorger at redhat.com>
>>>> wrote:
>>>>
>>>>> Please read the migration guide
>>>>>
>>>>> On 26 November 2015 at 14:53, Lohitha Chiranjeewa <kalc04 at gmail.com>
>>>>> wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> We're in the process of assessing the impact on upgrading from
>>>>>> Keycloak 1.2.0 to 1.6.1. We came across an issue when trying to enable
>>>>>> Infinispan cache through the keycloak-server.json file as we used to do in
>>>>>> 1.2.0.
>>>>>>
>>>>>> We have the following entries in 1.6.1:
>>>>>> "realm": {
>>>>>> "provider": "infinispan"
>>>>>> },
>>>>>>
>>>>>> "user": {
>>>>>> "provider": "infinispan"
>>>>>> },
>>>>>>
>>>>>> "userSessionPersister": {
>>>>>> "provider": "infinispan"
>>>>>> },
>>>>>> .........
>>>>>> "connectionsInfinispan": {
>>>>>> "default" : {
>>>>>> "cacheContainer" : "java:comp/env/infinispan/Keycloak"
>>>>>> }
>>>>>> }
>>>>>>
>>>>>> All configurations in 1.6.1 standalone-ha.xml file remains comparable
>>>>>> (and correct to the best of our knowledge) with the ones in 1.2.0.
>>>>>>
>>>>>> With the above configs, when we start the Keycloak service the
>>>>>> following error(s) get logged:
>>>>>>
>>>>>> 18:03:31,610 ERROR [org.jboss.msc.service.fail] (ServerService Thread
>>>>>> Pool -- 64) MSC000001: Failed to start service
>>>>>> jboss.undertow.deployment.default-server.default-host./auth:
>>>>>> org.jboss.msc.service.StartException in service
>>>>>> jboss.undertow.deployment.default-server.default-host./auth:
>>>>>> java.lang.RuntimeException: Failed to construct public
>>>>>> org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
>>>>>> at
>>>>>> org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:85)
>>>>>> at
>>>>>> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
>>>>>> [rt.jar:1.7.0_45]
>>>>>> at java.util.concurrent.FutureTask.run(FutureTask.java:262)
>>>>>> [rt.jar:1.7.0_45]
>>>>>> at
>>>>>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>>>>>> [rt.jar:1.7.0_45]
>>>>>> at
>>>>>> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>>>>>> [rt.jar:1.7.0_45]
>>>>>> at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_45]
>>>>>> at org.jboss.threads.JBossThread.run(JBossThread.java:320)
>>>>>> [jboss-threads-2.2.0.Final.jar:2.2.0.Final]
>>>>>> Caused by: java.lang.RuntimeException: Failed to construct public
>>>>>> org.keycloak.services.resources.KeycloakApplication(javax.servlet.ServletContext,org.jboss.resteasy.core.Dispatcher)
>>>>>> at
>>>>>> org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:160)
>>>>>> at
>>>>>> org.jboss.resteasy.spi.ResteasyProviderFactory.createProviderInstance(ResteasyProviderFactory.java:2211)
>>>>>> at
>>>>>> org.jboss.resteasy.spi.ResteasyDeployment.createApplication(ResteasyDeployment.java:295)
>>>>>> at
>>>>>> org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:236)
>>>>>> at
>>>>>> org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)
>>>>>> at
>>>>>> org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
>>>>>> at
>>>>>> io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
>>>>>> at
>>>>>> org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:78)
>>>>>> at
>>>>>> io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
>>>>>> at
>>>>>> io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:230)
>>>>>> at
>>>>>> io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:131)
>>>>>> at
>>>>>> io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:511)
>>>>>> at
>>>>>> org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:101)
>>>>>> at
>>>>>> org.wildfly.extension.undertow.deployment.UndertowDeploymentService$1.run(UndertowDeploymentService.java:82)
>>>>>> ... 6 more
>>>>>> Caused by: java.lang.RuntimeException: Failed to find provider
>>>>>> infinispan for realm
>>>>>> at
>>>>>> org.keycloak.services.DefaultKeycloakSessionFactory.init(DefaultKeycloakSessionFactory.java:66)
>>>>>> at
>>>>>> org.keycloak.services.resources.KeycloakApplication.createSessionFactory(KeycloakApplication.java:162)
>>>>>> at
>>>>>> org.keycloak.services.resources.KeycloakApplication.<init>(KeycloakApplication.java:62)
>>>>>> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
>>>>>> Method) [rt.jar:1.7.0_45]
>>>>>> at
>>>>>> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
>>>>>> [rt.jar:1.7.0_45]
>>>>>> at
>>>>>> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>>>>>> [rt.jar:1.7.0_45]
>>>>>> at
>>>>>> java.lang.reflect.Constructor.newInstance(Constructor.java:526)
>>>>>> [rt.jar:1.7.0_45]
>>>>>> at
>>>>>> org.jboss.resteasy.core.ConstructorInjectorImpl.construct(ConstructorInjectorImpl.java:148)
>>>>>> ... 19 more
>>>>>>
>>>>>>
>>>>>> Is the new way to enable Infinispan different to what we had earlier?
>>>>>> If so, can someone please point out the correct way?
>>>>>>
>>>>>>
>>>>>> Regards,
>>>>>> Lohitha.
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> keycloak-user mailing list
>>>>>> keycloak-user at lists.jboss.org
>>>>>> https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>
>>>>>
>>>>>
>>>>
>>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151127/91c1a93f/attachment.html
More information about the keycloak-user
mailing list