[keycloak-user] [Authorization] Get user roles from token

Mon Dec 7 05:30:51 EST 2015

Hi Bill,

I added the *org.keycloak.KeycloakPrincipal* definition in order to get the
token:

KeycloakPrincipal kcPrincipal = (KeycloakPrincipal) srvl.getUserPrincipal();
String token = kcPrincipal.getKeycloakSecurityContext().getTokenString();

but cannot deploy the project to the Wildfly server:

10:23:31,250 INFO  [org.jboss.resteasy.spi.ResteasyDeployment] (MSC service
thread 1-2) Deploying javax.ws.rs.core.Application: class
si.liis.apitime.service.ApiTimeApplication
10:23:31,282 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2)
MSC000001: Failed to start service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest: Failed
to start service
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_85]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_85]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_85]
Caused by: java.lang.NoClassDefFoundError: com/google/zxing/WriterException
at java.lang.Class.getDeclaredMethods0(Native Method) [rt.jar:1.7.0_85]
at java.lang.Class.privateGetDeclaredMethods(Class.java:2625)
[rt.jar:1.7.0_85]
at java.lang.Class.privateGetPublicMethods(Class.java:2743)
[rt.jar:1.7.0_85]
at java.lang.Class.getMethods(Class.java:1480) [rt.jar:1.7.0_85]
at
org.jboss.resteasy.spi.metadata.ResourceBuilder.fromAnnotations(ResourceBuilder.java:747)
at
org.jboss.resteasy.spi.metadata.ResourceBuilder.rootResourceFromAnnotations(ResourceBuilder.java:700)
at
org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.<init>(POJOResourceFactory.java:29)
at
org.jboss.resteasy.core.ResourceMethodRegistry.addPerRequestResource(ResourceMethodRegistry.java:75)
at
org.jboss.resteasy.spi.ResteasyDeployment.registration(ResteasyDeployment.java:400)
at
org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:241)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at
org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:79)
at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at
io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:220)
at
io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:125)
at
io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:88)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:72)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
... 3 more

10:23:31,285 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 1) JBAS014613: Operation ("redeploy") failed -
address: ([("deployment" => "apitime-rest.war")]) - failure description:
{"JBAS014671: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest" =>
"org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest: Failed
to start service
    Caused by: java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}
10:23:31,285 ERROR [org.jboss.as.server] (management-handler-thread - 1)
JBAS015860: Redeploy of deployment "apitime-rest.war" was rolled back with
the following failure message:
{"JBAS014671: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest" =>
"org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest: Failed
to start service
    Caused by: java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}

I am using Wildfly 8.2.0 with Keycloak adapter 1.3.1.
Any solution?
Thanks.

Regards,
Pavel Maslov, MS

On Mon, Dec 7, 2015 at 3:53 AM, Bill Burke <bburke at redhat.com> wrote:

> For Java HttpServletRequest.isUserInRole() works.  If you typecast the
> principal to KeycloakPrincipal you can obtain the AccessToken.
>
> On 12/6/2015 5:39 PM, Pavel Maslov wrote:
> > Hi everyone,
> >
> >
> > Do Keycloak adapters support user authorization? I mean, of course they
> > do :) For example, the API I have secured with Keycloak receives a
> > Keycloak access token from the client. How can I validate the token
> > (check user roles) in my code? I am interested in the Java (wildfly) and
> > Javascript adapters.
> >
> > Manually I am using jwt.io <http://jwt.io> to check the token. I am just
> > curious if the Keycloak adapters support smth similar out of the box.
> >
> > Thank you for your answers.
> >
> >
> > Regards,
> > Pavel Maslov, MS
> >
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
> >
>
> --
> Bill Burke
> JBoss, a division of Red Hat
> http://bill.burkecentral.com
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20151207/5ebaec12/attachment.html 