Changes picking up pruivo's suggestions

Closes #36919 Signed-off-by: Alexander Schwartz <aschwart@redhat.com>
2026-01-10 15:32:05 -03:30 · 2025-02-03 11:30:07 +01:00 · 2025-02-03 11:30:07 +01:00 · 3b31548f5c
commit 3b31548f5c
parent a447cbfebc
2 changed files with 85 additions and 13 deletions
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/RealmCacheSession.java
@ -19,7 +19,6 @@ package org.keycloak.models.cache.infinispan;

 import java.util.HashMap;
 import java.util.HashSet;
-import java.util.Iterator;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
@ -65,6 +64,7 @@ import org.keycloak.models.cache.infinispan.entities.GroupListQuery;
 import org.keycloak.models.cache.infinispan.entities.GroupNameQuery;
 import org.keycloak.models.cache.infinispan.entities.RealmListQuery;
 import org.keycloak.models.cache.infinispan.entities.RoleListQuery;
+import org.keycloak.models.cache.infinispan.entities.RoleByNameQuery;
 import org.keycloak.models.cache.infinispan.events.ClientAddedEvent;
 import org.keycloak.models.cache.infinispan.events.ClientRemovedEvent;
 import org.keycloak.models.cache.infinispan.events.ClientScopeAddedEvent;
@ -849,7 +849,7 @@ public class RealmCacheSession implements CacheRealmProvider {
            return getRoleDelegate().getRealmRole(realm, name);
        }

-        RoleListQuery query = cache.get(cacheKey, RoleListQuery.class);
+        RoleByNameQuery query = cache.get(cacheKey, RoleByNameQuery.class);
        if (query != null) {
            logger.tracev("getRealmRole cache hit: {0}.{1}", realm.getName(), name);
        }
@ -859,19 +859,19 @@ public class RealmCacheSession implements CacheRealmProvider {
            RoleModel model = getRoleDelegate().getRealmRole(realm, name);
            if (model == null) {
                // caching empty results will speed up the policy evaluation which tries to look up the role by name and ID
-                query = new RoleListQuery(loaded, cacheKey, realm, Set.of());
+                query = new RoleByNameQuery(loaded, cacheKey, realm, null);
            } else {
-                query = new RoleListQuery(loaded, cacheKey, realm, model.getId());
+                query = new RoleByNameQuery(loaded, cacheKey, realm, model.getId());
            }
            logger.tracev("adding realm role cache miss: client {0} key {1}", realm.getName(), cacheKey);
            cache.addRevisioned(query, startupRevision);
            return model;
        }
-        Iterator<String> iterator = query.getRoles().iterator();
-        if (!iterator.hasNext()) {
+        String roleId = query.getRole();
+        if (roleId == null) {
            return null;
        }
-        RoleModel role = getRoleById(realm, iterator.next());
+        RoleModel role = getRoleById(realm, roleId);
        if (role == null) {
            invalidations.add(cacheKey);
            return getRoleDelegate().getRealmRole(realm, name);
@ -887,7 +887,7 @@ public class RealmCacheSession implements CacheRealmProvider {
            return getRoleDelegate().getClientRole(client, name);
        }

-        RoleListQuery query = cache.get(cacheKey, RoleListQuery.class);
+        RoleByNameQuery query = cache.get(cacheKey, RoleByNameQuery.class);
        if (query != null) {
            logger.tracev("getClientRole cache hit: {0}.{1}", client.getClientId(), name);
        }
@ -897,19 +897,19 @@ public class RealmCacheSession implements CacheRealmProvider {
            RoleModel model = getRoleDelegate().getClientRole(client, name);
            if (model == null) {
                // caching empty results will speed up the policy evaluation which tries to look up the role by name and ID
-                query = new RoleListQuery(loaded, cacheKey, client.getRealm(), Set.of());
+                query = new RoleByNameQuery(loaded, cacheKey, client.getRealm(), null, client.getClientId());
            } else {
-                query = new RoleListQuery(loaded, cacheKey, client.getRealm(), model.getId(), client.getClientId());
+                query = new RoleByNameQuery(loaded, cacheKey, client.getRealm(), model.getId(), client.getClientId());
            }
            logger.tracev("adding client role cache miss: client {0} key {1}", client.getClientId(), cacheKey);
            cache.addRevisioned(query, startupRevision);
            return model;
        }
-        Iterator<String> iterator = query.getRoles().iterator();
-        if (!iterator.hasNext()) {
+        String roleId = query.getRole();
+        if (roleId == null) {
            return null;
        }
-        RoleModel role = getRoleById(client.getRealm(), query.getRoles().iterator().next());
+        RoleModel role = getRoleById(client.getRealm(), roleId);
        if (role == null) {
            invalidations.add(cacheKey);
            return getRoleDelegate().getClientRole(client, name);
--- a/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleByNameQuery.java
+++ b/model/infinispan/src/main/java/org/keycloak/models/cache/infinispan/entities/RoleByNameQuery.java
@ -0,0 +1,72 @@
+/*
+ * Copyright 2025 Red Hat, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.keycloak.models.cache.infinispan.entities;
+
+import org.keycloak.models.RealmModel;
+
+import java.util.Set;
+
+/**
+ * @author Alexander Schwartz
+ * @version $Revision: 1 $
+ */
+public class RoleByNameQuery extends AbstractRevisioned implements RoleQuery, InClient {
+    private final String role;
+    private final String realm;
+    private final String realmName;
+    private String client;
+
+    public RoleByNameQuery(Long revisioned, String id, RealmModel realm, String role) {
+        super(revisioned, id);
+        this.realm = realm.getId();
+        this.realmName = realm.getName();
+        this.role = role;
+    }
+
+    public RoleByNameQuery(Long revision, String id, RealmModel realm, String role, String client) {
+        this(revision, id, realm, role);
+        this.client = client;
+    }
+
+    @Override
+    public Set<String> getRoles() {
+        return role == null ? Set.of() : Set.of(role);
+    }
+
+    public String getRole() {
+        return role;
+    }
+
+    @Override
+    public String getRealm() {
+        return realm;
+    }
+
+    @Override
+    public String getClientId() {
+        return client;
+    }
+
+    @Override
+    public String toString() {
+        return "RoleNameQuery{" +
+                "id='" + getId() + "'" +
+                ", realmName='" + realmName + '\'' +
+                ", clientUuid='" + client + '\'' +
+                '}';
+    }
+}