mirror/keycloak
1
0
Fork 0
mirror of https://github.com/keycloak/keycloak.git synced 2026-05-07 23:50:03 -05:00
Code Issues Packages Projects Releases Wiki Activity

Cache resource names associated to policies to improve partial evaluation

Browse Source 
Closes #38837

Signed-off-by: Pedro Igor <pigor.craveiro@gmail.com>
This commit is contained in:
Pedro Igor
2025-04-10 14:50:26 -03:00
committed by GitHub
parent 478e0b3264
commit e68e43cbc8
5 changed files with 27 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/PolicyAdapter.java
Vendored
+6
View File
@@ -239,6 +239,12 @@ public class PolicyAdapter implements Policy, CachedModel<Policy> {
return resources = Collections.unmodifiableSet(resources);
}
@Override
public Set<String> getResourceNames() {
if (isUpdated()) return getResources().stream().map(Resource::getName).collect(Collectors.toSet());
return cached.getResourceNames(session, modelSupplier);
}
@Override
public void addScope(Scope scope) {
getDelegateForUpdate();
model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/authorization/entities/CachedPolicy.java
Vendored
+6
View File
@@ -48,6 +48,7 @@ public class CachedPolicy extends AbstractRevisioned implements InResourceServer
private final String resourceServerId;
private final LazyLoader<Policy, Set<String>> associatedPoliciesIds;
private final LazyLoader<Policy, Set<String>> resourcesIds;
private final LazyLoader<Policy, Set<String>> resourcesNames;
private final LazyLoader<Policy, Set<String>> scopesIds;
private final LazyLoader<Policy, Map<String, String>> config;
private final String owner;
@@ -64,6 +65,7 @@ public class CachedPolicy extends AbstractRevisioned implements InResourceServer
this.associatedPoliciesIds = new DefaultLazyLoader<>(source -> source.getAssociatedPolicies().stream().map(Policy::getId).collect(Collectors.toSet()), Collections::emptySet);
this.resourcesIds = new DefaultLazyLoader<>(source -> source.getResources().stream().map(Resource::getId).collect(Collectors.toSet()), Collections::emptySet);
this.resourcesNames = new DefaultLazyLoader<>(source -> source.getResources().stream().map(Resource::getName).collect(Collectors.toSet()), Collections::emptySet);
this.scopesIds = new DefaultLazyLoader<>(source -> source.getScopes().stream().map(Scope::getId).collect(Collectors.toSet()), Collections::emptySet);
@@ -104,6 +106,10 @@ public class CachedPolicy extends AbstractRevisioned implements InResourceServer
return this.resourcesIds.get(session, policy);
}
public Set<String> getResourceNames(KeycloakSession session, Supplier<Policy> policy) {
return this.resourcesNames.get(session, policy);
}
public Set<String> getScopesIds(KeycloakSession session, Supplier<Policy> policy) {
return this.scopesIds.get(session, policy);
}
model/jpa/src/main/java/org/keycloak/models/jpa/JpaUserPartialEvaluationProvider.java
+4
View File
@@ -132,6 +132,10 @@ public interface JpaUserPartialEvaluationProvider extends PartialEvaluationStora
return null;
}
if (deniedGroups.isEmpty()) {
return null;
}
return cb.not(cb.exists(createUserMembershipSubquery(context, root -> root.get("groupId").in(deniedGroups))));
}