Add example for logging slow database operations.

Author: thomasdarimont

deployments/local/dev/docker-compose-keycloakx.yml

@@ -80,7 +80,7 @@ services:
 #      - "--log-level=info,org.hibernate:debug"
 #      - "--log-level=info,org.hibernate.SQL:debug"
 #      - "--log-level=info,org.hibernate.SQL:debug,org.hibernate.type.descriptor.sql.BasicBinder:trace"
-      - "--log-level=info,com.github.thomasdarimont.keycloak.custom.health.CustomHealthChecks:info,com.github.thomasdarimont.keycloak.custom:debug,com.arjuna.ats.jta:off,org.keycloak.services.resources.admin.permissions:debug"
+      - "--log-level=info,com.github.thomasdarimont.keycloak.custom.health.CustomHealthChecks:info,com.github.thomasdarimont.keycloak.custom:debug,com.arjuna.ats.jta:off,org.keycloak.services.resources.admin.permissions:debug,org.hibernate.SQL_SLOW:info"
 #      - "--verbose"
     #      - "-Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.SimpleLog"
       - "-Dio.netty.http2.maxHeaderListSize=16384"
@@ -118,6 +118,7 @@ services:
       - ./keycloak-ext/keycloak-restrict-client-auth-25.0.0.jar:/opt/keycloak/providers/keycloak-restrict-client-auth.jar:z
       - ./keycloak-ext/keycloak-home-idp-discovery-25.0.0.jar:/opt/keycloak/providers/keycloak-home-idp-discovery.jar:z
       - ./keycloak-ext/apple-identity-provider-1.13.0.jar:/opt/keycloak/providers/apple-identity-provider.jar:z
+      - ./keycloak-ext/keycloak-benchmark-dataset-999.0.0-SNAPSHOT.jar:/opt/keycloak/providers/keycloak-benchmark-dataset.jar:z
 #      - ./keycloak-ext/flyweight-user-storage-provider-extension-1.0.0.0-SNAPSHOT.jar:/opt/keycloak/providers/flyweight-user-storage-provider-extension-1.0.0.0-SNAPSHOT.jar:z
       - ./keycloakx/health_check.sh:/health_check.sh:z
 

keycloak/extensions/src/main/java/com/github/thomasdarimont/keycloak/custom/endpoints/demo/DemosResource.java

@@ -1,13 +1,15 @@
 package com.github.thomasdarimont.keycloak.custom.endpoints.demo;
 
 import com.github.thomasdarimont.keycloak.custom.oauth.client.OauthClientCredentialsTokenManager;
+import jakarta.persistence.Query;
 import jakarta.ws.rs.Consumes;
 import jakarta.ws.rs.GET;
 import jakarta.ws.rs.Path;
 import jakarta.ws.rs.Produces;
 import jakarta.ws.rs.core.MediaType;
 import jakarta.ws.rs.core.Response;
 import org.keycloak.broker.provider.util.SimpleHttp;
+import org.keycloak.connections.jpa.JpaConnectionProvider;
 import org.keycloak.models.KeycloakSession;
 
 import java.util.Map;
@@ -45,4 +47,21 @@ public Response demoCachedServiceAccountToken() throws Exception {
 
         return Response.ok(data).build();
     }
+
+    /**
+     * http://localhost:8080/auth/realms/acme-internal/custom-resources/demos/slow-query
+     *
+     * @return
+     * @throws Exception
+     */
+    @Path("slow-query")
+    @GET
+    public Response demoSlowQuery() throws Exception {
+
+        var provider = session.getProvider(JpaConnectionProvider.class);
+        Query nativeQuery = provider.getEntityManager().createNativeQuery("SELECT pg_sleep(5)");
+        nativeQuery.getResultList();
+
+        return Response.ok(Map.of("executed", true)).build();
+    }
 }

keycloak/extensions/src/main/resources/default-persistence.xml

@@ -0,0 +1,132 @@
+<!--
+  ~ Copyright 2016 Red Hat, Inc. and/or its affiliates
+  ~ and other contributors as indicated by the @author tags.
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~ http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~ See the License for the specific language governing permissions and
+  ~ limitations under the License.
+  -->
+
+<!-- Workaround to use custom hibernate properties, see: https://github.com/keycloak/keycloak/issues/19427#issuecomment-2792484805 -->
+
+<persistence xmlns="https://jakarta.ee/xml/ns/persistence"
+             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+             xsi:schemaLocation="https://jakarta.ee/xml/ns/persistence https://jakarta.ee/xml/ns/persistence/persistence_3_0.xsd"
+             version="3.0">
+    <persistence-unit name="keycloak-default" transaction-type="RESOURCE_LOCAL">
+        <class>org.keycloak.models.jpa.entities.ClientEntity</class>
+        <class>org.keycloak.models.jpa.entities.ClientAttributeEntity</class>
+        <class>org.keycloak.models.jpa.entities.CredentialEntity</class>
+        <class>org.keycloak.models.jpa.entities.RealmEntity</class>
+        <class>org.keycloak.models.jpa.entities.RealmAttributeEntity</class>
+        <class>org.keycloak.models.jpa.entities.RequiredCredentialEntity</class>
+        <class>org.keycloak.models.jpa.entities.ComponentConfigEntity</class>
+        <class>org.keycloak.models.jpa.entities.ComponentEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserFederationProviderEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserFederationMapperEntity</class>
+        <class>org.keycloak.models.jpa.entities.RoleEntity</class>
+        <class>org.keycloak.models.jpa.entities.RoleAttributeEntity</class>
+        <class>org.keycloak.models.jpa.entities.FederatedIdentityEntity</class>
+        <class>org.keycloak.models.jpa.entities.MigrationModelEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserEntity</class>
+        <class>org.keycloak.models.jpa.entities.RealmLocalizationTextsEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserRequiredActionEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserAttributeEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserRoleMappingEntity</class>
+        <class>org.keycloak.models.jpa.entities.IdentityProviderEntity</class>
+        <class>org.keycloak.models.jpa.entities.IdentityProviderMapperEntity</class>
+        <class>org.keycloak.models.jpa.entities.ProtocolMapperEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserConsentEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserConsentClientScopeEntity</class>
+        <class>org.keycloak.models.jpa.entities.AuthenticationFlowEntity</class>
+        <class>org.keycloak.models.jpa.entities.AuthenticationExecutionEntity</class>
+        <class>org.keycloak.models.jpa.entities.AuthenticatorConfigEntity</class>
+        <class>org.keycloak.models.jpa.entities.RequiredActionProviderEntity</class>
+        <class>org.keycloak.models.jpa.session.PersistentUserSessionEntity</class>
+        <class>org.keycloak.models.jpa.session.PersistentClientSessionEntity</class>
+        <class>org.keycloak.models.jpa.entities.RevokedTokenEntity</class>
+        <class>org.keycloak.models.jpa.entities.GroupEntity</class>
+        <class>org.keycloak.models.jpa.entities.GroupAttributeEntity</class>
+        <class>org.keycloak.models.jpa.entities.GroupRoleMappingEntity</class>
+        <class>org.keycloak.models.jpa.entities.UserGroupMembershipEntity</class>
+        <class>org.keycloak.models.jpa.entities.ClientScopeEntity</class>
+        <class>org.keycloak.models.jpa.entities.ClientScopeAttributeEntity</class>
+        <class>org.keycloak.models.jpa.entities.ClientScopeRoleMappingEntity</class>
+        <class>org.keycloak.models.jpa.entities.ClientScopeClientMappingEntity</class>
+        <class>org.keycloak.models.jpa.entities.DefaultClientScopeRealmMappingEntity</class>
+        <class>org.keycloak.models.jpa.entities.ClientInitialAccessEntity</class>
+
+        <!-- JpaAuditProviders -->
+        <class>org.keycloak.events.jpa.EventEntity</class>
+        <class>org.keycloak.events.jpa.AdminEventEntity</class>
+
+        <!-- Authorization -->
+        <class>org.keycloak.authorization.jpa.entities.ResourceServerEntity</class>
+        <class>org.keycloak.authorization.jpa.entities.ResourceEntity</class>
+        <class>org.keycloak.authorization.jpa.entities.ScopeEntity</class>
+        <class>org.keycloak.authorization.jpa.entities.PolicyEntity</class>
+        <class>org.keycloak.authorization.jpa.entities.PermissionTicketEntity</class>
+        <class>org.keycloak.authorization.jpa.entities.ResourceAttributeEntity</class>
+
+        <!-- User Federation Storage -->
+        <class>org.keycloak.storage.jpa.entity.BrokerLinkEntity</class>
+        <class>org.keycloak.storage.jpa.entity.FederatedUser</class>
+        <class>org.keycloak.storage.jpa.entity.FederatedUserAttributeEntity</class>
+        <class>org.keycloak.storage.jpa.entity.FederatedUserConsentEntity</class>
+        <class>org.keycloak.storage.jpa.entity.FederatedUserConsentClientScopeEntity</class>
+        <class>org.keycloak.storage.jpa.entity.FederatedUserCredentialEntity</class>
+        <class>org.keycloak.storage.jpa.entity.FederatedUserGroupMembershipEntity</class>
+        <class>org.keycloak.storage.jpa.entity.FederatedUserRequiredActionEntity</class>
+        <class>org.keycloak.storage.jpa.entity.FederatedUserRoleMappingEntity</class>
+
+        <!-- Organization -->
+        <class>org.keycloak.models.jpa.entities.OrganizationEntity</class>
+        <class>org.keycloak.models.jpa.entities.OrganizationDomainEntity</class>
+
+        <exclude-unlisted-classes>true</exclude-unlisted-classes>
+
+        <properties>
+            <property name="jboss.as.jpa.managed" value="false"/>
+
+            <!-- Execute multiple insert and update statements in a single call to improve bulk insert / update performance.
+            See https://docs.jboss.org/hibernate/orm/6.2/userguide/html_single/Hibernate_User_Guide.html#best-practices-jdbc-batching
+            and https://docs.jboss.org/hibernate/orm/6.2/userguide/html_single/Hibernate_User_Guide.html#batch-session-batch:
+            recommendation between 10 and 50 -->
+            <property name="hibernate.jdbc.batch_size" value="32" />
+
+            <!-- (optional) Allows for more batching for nested objects and less deadlocks, but according to
+            https://docs.jboss.org/hibernate/orm/6.2/userguide/html_single/Hibernate_User_Guide.html#batch-jdbcbatch
+            may also hava a negative impact on performance.
+            See also https://docs.jboss.org/hibernate/orm/6.2/userguide/html_single/Hibernate_User_Guide.html#best-practices-jdbc-batching.
+            Keycloak uses many nested objects spread across multiple tables, so a benefit is likely.
+            -->
+            <property name="hibernate.order_inserts" value="true" />
+            <property name="hibernate.order_updates" value="true" />
+
+            <!-- Batch fetching collections of entity proxies, default 1. Eases N+1 issues to some extent.
+            See https://docs.jboss.org/hibernate/orm/6.2/userguide/html_single/Hibernate_User_Guide.html#fetching-batch -->
+            <property name="hibernate.default_batch_fetch_size" value="8" />
+
+            <!-- Improve cache hits for execution plans.
+            See https://docs.jboss.org/hibernate/orm/6.1/userguide/html_single/Hibernate_User_Guide.html#configurations-query -->
+            <property name="hibernate.query.in_clause_parameter_padding" value="true"/>
+
+            <!-- Increase number of elements fetched at once from Oracle database query result up from 10.
+            MSSQL returns the whole result at once.
+            See https://docs.oracle.com/en/database/oracle/oracle-database/21/jjdbc/resultset.html -->
+            <property name="hibernate.jdbc.fetch_size" value="64" />
+
+            <property name="hibernate.log_slow_query" value="5000"/>
+            <property name="hibernate.use_sql_comments" value="true"/>
+
+        </properties>
+    </persistence-unit>
+</persistence>