[keycloak-user] Inject (Keycloak)Principal

Bill Burke bburke at redhat.com
Sun Mar 30 18:30:14 EDT 2014

On 3/30/2014 5:08 PM, Dirk Franssen wrote:
> Hey Bill,
> I think it would make sense to add the IDToken to the KeycloakPrincipal.
> This avoids the additional
> servletRequest.getAttribute(KeycloakSecurityContext.class.getName())
> call in order to get the user details.
> For info to other users: in order to get more than only the (preferred)
> username, you should change in your realm the Allowed Claims at the
> application level, otherwise e.g. the email address will stay null
> however it was provided in the account of the user.
> @Nils/Juca:
> the injection of the principal is now working. I didn't had @Stateless
> on the CustomerService before, that's why :-).
> Just to be sure: in one of the video's the database service was also
> being defined in the admin console as an application, but I assume that
> this is superfluous as the bundeld demo realm is not describing it?

The database service is registered when you want to have per-app roles. 
  The OOTB demo uses realm-level roles for everything.  Generally, 
though, you should register each application with an admin URL so that 
it can have things updated like not-before policies.

Bill Burke
JBoss, a division of Red Hat

More information about the keycloak-user mailing list