[keycloak-user] Inject (Keycloak)Principal
Bill Burke
bburke at redhat.com
Sun Mar 30 18:30:14 EDT 2014
On 3/30/2014 5:08 PM, Dirk Franssen wrote:
> Hey Bill,
>
> I think it would make sense to add the IDToken to the KeycloakPrincipal.
> This avoids the additional
> servletRequest.getAttribute(KeycloakSecurityContext.class.getName())
> call in order to get the user details.
>
> For info to other users: in order to get more than only the (preferred)
> username, you should change in your realm the Allowed Claims at the
> application level, otherwise e.g. the email address will stay null
> however it was provided in the account of the user.
>
> @Nils/Juca:
> the injection of the principal is now working. I didn't had @Stateless
> on the CustomerService before, that's why :-).
>
> Just to be sure: in one of the video's the database service was also
> being defined in the admin console as an application, but I assume that
> this is superfluous as the bundeld demo realm is not describing it?
>
The database service is registered when you want to have per-app roles.
The OOTB demo uses realm-level roles for everything. Generally,
though, you should register each application with an admin URL so that
it can have things updated like not-before policies.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
More information about the keycloak-user
mailing list