org.keycloak.connections.infinispan.RemoteCacheProvider クラス

org.keycloak.connections.infinispan.RemoteCacheProvider 連携図

クラス
class	LoginHandler

公開メンバ関数
	RemoteCacheProvider (Config.Scope config, EmbeddedCacheManager cacheManager)
RemoteCache	getRemoteCache (String cacheName)
void	stop ()

静的公開変数類
static final String	SCRIPT_CACHE_NAME = "___script_cache"

限定公開メンバ関数
synchronized RemoteCache	loadRemoteCache (String cacheName)
RemoteCacheManager	getOrCreateSecuredRemoteCacheManager (Config.Scope config, String cacheName, RemoteCacheManager origManager)

静的限定公開変数類
static final Logger	logger = Logger.getLogger(RemoteCacheProvider.class)

非公開変数類
final Config.Scope	config
final EmbeddedCacheManager	cacheManager
final Map< String, RemoteCache >	availableCaches = new HashMap<>()
final Map< String, RemoteCacheManager >	managedManagers = new HashMap<>()

詳解

Get either just remoteCache associated with remoteStore associated with infinispan cache of given name. If security is enabled, then return secured remoteCache based on the template provided by remoteStore configuration but with added "authentication" configuration of secured hotrod endpoint (RemoteStore doesn't yet allow to configure "security" of hotrod endpoints)

TODO: Remove this class once we upgrade to infinispan version, which allows to configure security for remoteStore itself

著者

Marek Posolda

構築子と解体子

RemoteCacheProvider()

org.keycloak.connections.infinispan.RemoteCacheProvider.RemoteCacheProvider ( Config.Scope  config, EmbeddedCacheManager  cacheManager  )

inline

                                                                                       {
        this.config = config;
        this.cacheManager = cacheManager;
    }

関数詳解

getOrCreateSecuredRemoteCacheManager()

RemoteCacheManager org.keycloak.connections.infinispan.RemoteCacheProvider.getOrCreateSecuredRemoteCacheManager ( Config.Scope  config, String  cacheName, RemoteCacheManager  origManager  )

inlineprotected

                                                                                                                                             {
        String serverName = config.get("remoteStoreSecurityServerName", "keycloak-jdg-server");
        String realm = config.get("remoteStoreSecurityRealm", "AllowScriptManager");

        String username = config.get("remoteStoreSecurityUsername", "___script_manager");
        String password = config.get("remoteStoreSecurityPassword", "not-so-secret-password");

        // Create configuration template from the original configuration provided at remoteStore level
        Configuration origConfig = origManager.getConfiguration();

        ConfigurationBuilder cfgBuilder = new ConfigurationBuilder()
                .read(origConfig);

        String securedHotRodEndpoint = origConfig.servers().stream()
              .map(serverConfiguration -> serverConfiguration.host() + ":" + serverConfiguration.port())
              .collect(Collectors.joining(";"));

        if (managedManagers.containsKey(securedHotRodEndpoint)) {
            return managedManagers.get(securedHotRodEndpoint);
        }

        logger.infof("Creating secured RemoteCacheManager for Server: '%s', Cache: '%s', Realm: '%s', Username: '%s', Secured HotRod endpoint: '%s'", serverName, cacheName, realm, username, securedHotRodEndpoint);

        // Workaround as I need a way to override servers and it's not possible to remove existing :/
        try {
            Field serversField = cfgBuilder.getClass().getDeclaredField("servers");
            Reflections.setAccessible(serversField);
            List origServers = Reflections.getFieldValue(serversField, cfgBuilder, List.class);
            origServers.clear();
        } catch (NoSuchFieldException nsfe) {
            throw new RuntimeException(nsfe);
        }

        // Create configuration based on the configuration template from remoteStore. Just add security and override secured endpoint
        Configuration newConfig = cfgBuilder
                .addServers(securedHotRodEndpoint)
                .security()
                  .authentication()
                    .serverName(serverName) //define server name, should be specified in XML configuration on JDG side
                    .saslMechanism("DIGEST-MD5") // define SASL mechanism, in this example we use DIGEST with MD5 hash
                    .callbackHandler(new LoginHandler(username, password.toCharArray(), realm)) // define login handler, implementation defined
                    .enable()
                .build();

        final RemoteCacheManager remoteCacheManager = new RemoteCacheManager(newConfig);
        managedManagers.put(securedHotRodEndpoint, remoteCacheManager);
        return remoteCacheManager;
    }

getRemoteCache()

RemoteCache org.keycloak.connections.infinispan.RemoteCacheProvider.getRemoteCache ( String  cacheName )

inline

                                                        {
        if (availableCaches.get(cacheName) == null) {
            synchronized (this) {
                if (availableCaches.get(cacheName) == null) {
                    RemoteCache remoteCache = loadRemoteCache(cacheName);
                    availableCaches.put(cacheName, remoteCache);
                }
            }
        }

        return availableCaches.get(cacheName);
    }

loadRemoteCache()

synchronized RemoteCache org.keycloak.connections.infinispan.RemoteCacheProvider.loadRemoteCache ( String  cacheName )

inlineprotected

                                                                         {
        RemoteCache remoteCache = InfinispanUtil.getRemoteCache(cacheManager.getCache(cacheName));

        Boolean remoteStoreSecurity = config.getBoolean("remoteStoreSecurityEnabled");
        if (remoteStoreSecurity == null) {
            try {
                logger.debugf("Detecting remote security settings of HotRod server, cache %s. Disable by explicitly setting \"remoteStoreSecurityEnabled\" property in spi=connectionsInfinispan/provider=default", cacheName);
                remoteStoreSecurity = false;
                final RemoteCache<Object, Object> scriptCache = remoteCache.getRemoteCacheManager().getCache(SCRIPT_CACHE_NAME);
                if (scriptCache == null) {
                    logger.debug("Cannot detect remote security settings of HotRod server, disabling.");
                } else {
                    scriptCache.containsKey("");
                }
            } catch (HotRodClientException ex) {
                logger.debug("Seems that HotRod server requires authentication, enabling.");
                remoteStoreSecurity = true;
            }
        }

        if (remoteStoreSecurity) {
            logger.infof("Remote store security for cache %s is enabled. Disable by setting \"remoteStoreSecurityEnabled\" property to \"false\" in spi=connectionsInfinispan/provider=default", cacheName);
            RemoteCacheManager securedMgr = getOrCreateSecuredRemoteCacheManager(config, cacheName, remoteCache.getRemoteCacheManager());
            return securedMgr.getCache(remoteCache.getName());
        } else {
            logger.infof("Remote store security for cache %s is disabled. If server fails to connect to remote JDG server, enable it.", cacheName);
            return remoteCache;
        }
    }

stop()

void org.keycloak.connections.infinispan.RemoteCacheProvider.stop ( )

inline

                       {
        logger.debugf("Shutdown %d registered secured remoteCache managers", managedManagers.size());

        for (RemoteCacheManager mgr : managedManagers.values()) {
            mgr.stop();
        }
    }

メンバ詳解

availableCaches

final Map<String, RemoteCache> org.keycloak.connections.infinispan.RemoteCacheProvider.availableCaches = new HashMap<>()

private

cacheManager

final EmbeddedCacheManager org.keycloak.connections.infinispan.RemoteCacheProvider.cacheManager

private

config

final Config.Scope org.keycloak.connections.infinispan.RemoteCacheProvider.config

private

logger

final Logger org.keycloak.connections.infinispan.RemoteCacheProvider.logger = Logger.getLogger(RemoteCacheProvider.class)

staticprotected

managedManagers

final Map<String, RemoteCacheManager> org.keycloak.connections.infinispan.RemoteCacheProvider.managedManagers = new HashMap<>()

private

SCRIPT_CACHE_NAME

final String org.keycloak.connections.infinispan.RemoteCacheProvider.SCRIPT_CACHE_NAME = "___script_cache"

static

---

このクラス詳解は次のファイルから抽出されました:

• D:/AppData/doxygen/keycloak/src/keycloak/src/main/java/org/keycloak/connections/infinispan/RemoteCacheProvider.java