Invalidation of users via JMX interface in JBoss Portal IDM cache doesn't work as expected

Solution Verified - Updated -

Issue

We have a WebService that we use to automatically enroll new users. This WebService makes use of the OrganizationService to create the user, link it to the correct groups and to define the attributes of its profile.

When deploying the portal in a cluster we face an issue: if the user is synchronized and that the user tries to login during the synchronization or after but on the other node it takes a while for the user to have its new rights / properties being available.

In order to avoid this kind of problem we want to invalidate the IDM cache at login time. To do that we retrieve the service org.exoplatform.services.organization.idm.PicketLinkIDMCacheService from the ExoContainerContext / PortalContainer then we call the method invalidate(String) on the following 2 namespaces:
- "idm_realm_portal/USERS/<username>"
- "idm_realm_portal/ATTRIBUTES/<username>"

However it does not work. Indeed we can notice that calling the method printCaches() after calling the invalidate we can still see the cache entries for the users we wanted to invalidate. When debugging we notice the following code in the class AbstractInfinispanCacheProvider

   private String getNamespaceForFqn(String ns)
   {
      if (ns == null)
      {
         return NULL_NS_NODE;
      }
      else
      {
         // Better to check with indexOf first because of performance reasons, as replaceAll is expensive and '/' is used only in unit tests
         if (ns.indexOf('/') != -1)
         {
            ns = ns.replaceAll("/", "_");
         }
      }
      return ns;
   }

The line of code:

    ns = ns.replaceAll("/", "_");

changes the value of the namespace we request to invalidate replacing all '/' with '_'. Even if the comment says that '/' characters are only used in unit test, the keys that are stored in the cache actually contains cache. So if we want to invalidate the root user the namespace we request to invalidate is:

idm_realm_portal/USERS/root

The generated key that is removed from the cache is:

/NODE_MAIN_ROOT_API/idm_realm_portal_USERS_root

While the key that is stored in the cache is:

/NODE_MAIN_ROOT_API/idm_realm_portal/USERS/root

In the debugger if I compensate the replaceAll moving the value back from idm_realm_portal_USERS_root to idm_realm_portal/USERS/root then the cache invalidation works.

Environment

  • Red Hat JBoss Portal (JPP)
    • 6.0.0
    • 6.1.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content