<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Yes, you're supposed to add the
"Authorization: Bearer access-token-here" header in each REST or
WebService request from your frontend application. The adapter on
webservice side will always validate the accessToken in each
request and it allows it to pass just if it's valid.<br>
<br>
Marek<br>
<br>
On 5.8.2015 08:35, Satyajit Das wrote:<br>
</div>
<blockquote
cite="mid:CA+oCsRoGDanO9QGKvfngR0zCTQLk58zY18FCnUYiyH-qM2J1_w@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Bill,
<div><br>
</div>
<div>Thanks a lot for the quick response. Just one more query
on the webservice side.</div>
<div><br>
</div>
<div>As per the instruction , I made the webservice access type
as bearer.</div>
<div><br>
</div>
<div>Lets say. I have a service called <a moz-do-not-send="true"
href="http://localhost:8082/candidates/">http://localhost:8082/candidates/</a>.</div>
<div><br>
</div>
<div>This in turn has many webservice operation such as</div>
<div>post: <a moz-do-not-send="true"
href="http://localhost:8082/candidates/%7Bcandidate%7D">http://localhost:8082/candidates/{candidate}</a></div>
<div>put: <a moz-do-not-send="true"
href="http://localhost:8082/candidates/candidate/%7Bid%7D">http://localhost:8082/candidates/candidate/{id}</a> </div>
<div>get:<a moz-do-not-send="true"
href="http://localhost:8082/candidates/candidate/%7Bid%7D">http://localhost:8082/candidates/candidate/{id}</a>.</div>
<div><br>
</div>
<div>after a successful token verification:</div>
<div>
<div> HttpGet get = new
HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(),
session) + "/candidate/{some id}");</div>
<div> get.addHeader("Authorization", "Bearer " +
session.getTokenString());</div>
<div> try {</div>
<div> HttpResponse response =
client.execute(get);</div>
<div> if
(response.getStatusLine().getStatusCode() != 200) {</div>
<div> throw new
Failure(response.getStatusLine().getStatusCode());</div>
<div> }</div>
<div> HttpEntity entity = response.getEntity();</div>
<div> InputStream is = entity.getContent();</div>
<div> try {</div>
<div> // return
JsonSerialization.readValue(is, String.class);</div>
<div> <span class="Apple-tab-span"
style="white-space:pre"> </span>return "hello";</div>
<div> } finally {</div>
<div> is.close();</div>
<div> }</div>
</div>
<div><br>
</div>
<div>do i need to further authenticate each call via the same
method for other restful call.</div>
<div><br>
</div>
<div>Do we have any option where in we can say authenticate once
and go ahead with multiple webservice call without further
token verification.</div>
<div><br>
</div>
<div>Regards,</div>
<div>Satya.</div>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Aug 4, 2015 at 7:25 PM, Bill
Burke <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex"><span
class=""><br>
<br>
On 8/4/2015 9:48 AM, Satyajit Das wrote:<br>
> Hi Team,<br>
><br>
> Kindly respond to the below queries.<br>
><br>
> 1)What is the limit to the number of realms, roles
per realm, and users<br>
> per realm or users per role in key cloak.<br>
><br>
<br>
</span>We haven't really tested the limits. Should be
pretty large. I know<br>
one keycloak user has a database of around 1 million users.<br>
<span class=""><br>
> 2)what is the expire time of a token id generated in
key<br>
> cloak.(session.getTokenString()).<br>
><br>
<br>
</span>Its configurable in admin console<br>
<span class=""><br>
> 3) is there any authentication done after successfull
login ,if I visit<br>
> subsequent pages.<br>
><br>
<br>
</span>Do you mean is there any authentication with the
Keycloak server?<br>
Once a user is logged in, they do not see any more
authentication<br>
screens. Once you visit one application, you are
authenticated for that<br>
application. If you visit another application, you are
redirected to<br>
keycloak auth server, auth server will validate the SSO
cookie, then<br>
generate a token for the aplication and send you back there.<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
<br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a moz-do-not-send="true"
href="http://bill.burkecentral.com" rel="noreferrer"
target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-dev mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-dev"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a><br>
</font></span></blockquote>
</div>
<br>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre>
</blockquote>
<br>
</body>
</html>