LockObjectsForModification.java
/*
* Copyright 2022 Red Hat, Inc. and/or its affiliates
* and other contributors as indicated by the @author tags.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.keycloak.utils;
import org.keycloak.common.Profile;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import java.util.HashSet;
import java.util.Set;
/**
* This flags the session that all information loaded from the stores should be locked as the service layer
* plans to modify it.
*
* This is just a hint to the underlying storage, and a store might choose to ignore it.
* The lock for any object retrieved from the session will be kept until the end of the transaction.
*
* If the store supports it, this could prevent exceptions due to optimistic locking
* problems later in the processing. If the caller retrieved objects without this wrapper, they would still be
* able to modify those objects, and those changes would be written to the store at the end of the transaction at the lastet,
* but they won't be locked.
*
*
* @author Alexander Schwartz
*/
public class LockObjectsForModification {
private static final String ATTRIBUTE = LockObjectsForModification.class.getCanonicalName();
public static boolean isEnabled(KeycloakSession session, Class<?> model) {
Set<Class<?>> lockedModels = getAttribute(session);
return lockedModels != null && lockedModels.contains(model);
}
private static Set<Class<?>> getAttribute(KeycloakSession session) {
//noinspection unchecked
return (Set<Class<?>>) session.getAttribute(ATTRIBUTE);
}
private static Set<Class<?>> getOrCreateAttribute(KeycloakSession session) {
Set<Class<?>> attribute = getAttribute(session);
if (attribute == null) {
attribute = new HashSet<>();
session.setAttribute(ATTRIBUTE, attribute);
}
return attribute;
}
public static <V> V lockUserSessionsForModification(KeycloakSession session, CallableWithoutThrowingAnException<V> callable) {
return lockObjectsForModification(session, UserSessionModel.class, callable);
}
public static <V> V lockRealmsForModification(KeycloakSession session, CallableWithoutThrowingAnException<V> callable) {
return lockObjectsForModification(session, RealmModel.class, callable);
}
private static <V> V lockObjectsForModification(KeycloakSession session, Class<?> model, CallableWithoutThrowingAnException<V> callable) {
// Only map storage supports locking objects for modification, skip the logic if it is not enabled.
if (!Profile.isFeatureEnabled(Profile.Feature.MAP_STORAGE)) {
return callable.call();
}
if (LockObjectsForModification.isEnabled(session, model)) {
// If someone nests the call, and it would already be locked, don't try to lock it a second time.
// Otherwise, the inner unlocking might also unlock the outer lock.
return callable.call();
}
try (LockObjectsForModification.Enabled ignored = new Enabled(session, model)) {
return callable.call();
}
}
@FunctionalInterface
public interface CallableWithoutThrowingAnException<V> {
/**
* Computes a result.
*
* @return computed result
*/
V call();
}
public static class Enabled implements AutoCloseable {
private final KeycloakSession session;
private final Class<?> model;
public Enabled(KeycloakSession session, Class<?> model) {
this.session = session;
this.model = model;
getOrCreateAttribute(session).add(model);
}
@Override
public void close() {
getOrCreateAttribute(session).remove(model);
}
}
}