[keycloak-user] How to access realms/{realm}/users/{user} with Application

Dean Peterson peterson.dean at gmail.com
Thu Mar 6 09:50:45 EST 2014 

Yes, I did realize my stupid mistake right after I sent the e-mail.  It is
working as you say.  Thank you, very much for all the help!


On Thu, Mar 6, 2014 at 5:31 AM, Stian Thorgersen <stian at redhat.com> wrote:

> You don't need to add keycloak-services to your application. It doesn't
> actually return AccountService object, AccountService is JAX-RS
> sub-resource that handles all requests to 'account'. Assuming that you've
> looked at the source, have a peak inside AccountService.accountPage that's
> what actually handles the request.
>
> The 406 is caused by missing Accept header. Try adding:
>
> .header(HttpHeaders.ACCEPT, "application/json")
>
> Cheers,
> Stian
>
> ----- Original Message -----
> > From: "Dean Peterson" <peterson.dean at gmail.com>
> > To: "Stian Thorgersen" <stian at redhat.com>
> > Cc: keycloak-user at lists.jboss.org
> > Sent: Wednesday, 5 March, 2014 8:28:53 PM
> > Subject: Re: [keycloak-user] How to access realms/{realm}/users/{user}
> with Application
> >
> > Thank you.  I tried what you said.  I am able access that REST service on
> > the Keycloak server but it returns an AccountService object.  Actually, I
> > get a 406 error response on my end.  I think it is because I did not have
> > the keycloak-services dependency in my application's pom.  However, when
> I
> > add it and I try to start the server, I get the error: Could not find
> > constructor for class: org.keycloak.services.resources.RealmsResource.
> >  Should I make my own local version of AccountService and not add
> > keycloak-services to my application?  What is the best approach?  Any
> ideas
> > why I might be getting a 406 error?
> >
> > SkeletonKeySession session = (SkeletonKeySession) request
> >                 .getAttribute(SkeletonKeySession.class.getName());
> >         ResteasyClient client = new ResteasyClientBuilder()
> >                 .trustStore(session.getMetadata().getTruststore())
> >                 .hostnameVerification(
> >
> > ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
> >                 .build();
> >
> >         String username = request.getRemoteUser();
> >
> >         Profile profile = null;
> >
> >         try {
> >
> >             Response response = client
> >                     .target("
> > http://server:8080/auth/rest/realms/myrealm/account")
> >                     .request()
> >                     .header(HttpHeaders.AUTHORIZATION,
> >                             "Bearer " + session.getTokenString()).get();
> >
> > .
> > .
> > .
> >
> >
> >
> > On Wed, Mar 5, 2014 at 3:09 AM, Stian Thorgersen <stian at redhat.com>
> wrote:
> >
> > > There's also a Keycloak specific mechanism for accessing the account of
> > > the user associated with the token.
> > >
> > > To do this open the scope mappings for your app/client, and select
> > > 'account' in the application roles, select 'view-profile' and click the
> > > right-arrow. This will allow your app/client to view the profile of the
> > > current user.
> > >
> > > Then you can make a request (with bearer token) to:
> > >
> > > /auth/rest/realms/myrealm/account
> > >
> > > In the future we'll add support to do all account specific things
> through
> > > these REST endpoints to support all operations provided by the account
> > > management application.
> > >
> > > ----- Original Message -----
> > > > From: "Dean Peterson" <peterson.dean at gmail.com>
> > > > To: keycloak-user at lists.jboss.org
> > > > Sent: Tuesday, 4 March, 2014 7:15:31 PM
> > > > Subject: [keycloak-user] How to access realms/{realm}/users/{user}
> with
> > >       Application
> > > >
> > > > Hello,
> > > >
> > > > I am trying to find the best way to access the UsersResource.java
> Rest
> > > > services outside the keycloak admin application to get a user's
> > > information.
> > > > How do I make a request using just the client's credentials?
> > > >
> > > > I currently use something like this but I get a 401 because I am
> using a
> > > > user's oauth token and they only have user privileges:
> > > > SkeletonKeySession session = (SkeletonKeySession) request
> > > > .getAttribute(SkeletonKeySession.class.getName());
> > > > ResteasyClient client = new ResteasyClientBuilder()
> > > > .trustStore(session.getMetadata().getTruststore())
> > > > .hostnameVerification(
> > > > ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
> > > > .build();
> > > >
> > > > String username = request.getRemoteUser();
> > > >
> > > > Profile profile = null;
> > > >
> > > > try {
> > > >
> > > > Response response = client
> > > > .target(" http://server:8080/auth/rest/admin/realms/myrealm/users/")
> > > > .path(username)
> > > > .request()
> > > > .header(HttpHeaders.AUTHORIZATION,
> > > > "Bearer " + session.getTokenString()).get();
> > > >
> > > > // Get the existing entry if there is one. Otherwise, just return
> > > > // the regular
> > > > // entity retrieved from the remote system.
> > > > try {
> > > > profile = profileRepository
> > > > .findByRegistrationId(member.getId());
> > > >
> > > > } catch (NoResultException e) {
> > > > // ignore
> > > > }
> > > >
> > > > } finally {
> > > > client.close();
> > > > }
> > > >
> > > > Is there a way for the application to make a request directly as an
> admin
> > > > without giving the user admin privileges?
> > > >
> > > > _______________________________________________
> > > > keycloak-user mailing list
> > > > keycloak-user at lists.jboss.org
> > > > https://lists.jboss.org/mailman/listinfo/keycloak-user
> > >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140306/b3abbd70/attachment.html

More information about the keycloak-user mailing list