[keycloak-user] Getting the user id from the access token

Scott Dunbar scott at xigole.com
Fri Jul 10 19:24:11 EDT 2015


It is injected into the bean - sorry, might not have been enough code 
before.  A small example:

import javax.annotation.Resource;
import javax.annotation.security.RolesAllowed;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;

import org.keycloak.KeycloakPrincipal;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.representations.IDToken;

@Path("/user")
@Stateless
public class UserService {
     private static final Log log = LogFactory.getLog(UserService.class);

     @Resource
     private SessionContext sessionContext;

     @Path("/getCurrentUserInfo")
     @Produces({ MediaType.APPLICATION_JSON })
     @GET
     @RolesAllowed({"someRole"})
     public Response getCurrentUser() {

	@SuppressWarnings("unchecked")
         KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal());
         IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken();

         log.debug( "email from token is \"" + idToken.getEmail() + "\"" );

         // your return is likely something more useful
         return Response.ok().build();
     }
}


Your use case might be different but this is how it is working for me.  
Again, there may be a better way.



On 07/10/2015 05:01 PM, Juan Diego wrote:
> Where do you get sessionContext from?
>
> On Fri, Jul 10, 2015 at 5:54 PM, Scott Dunbar <scott at xigole.com 
> <mailto:scott at xigole.com>> wrote:
>
>     I use something like:
>
>     import org.keycloak.KeycloakPrincipal;
>     import org.keycloak.KeycloakSecurityContext;
>     import org.keycloak.representations.IDToken;
>
>     ...
>
>     @Resource
>     private SessionContext sessionContext;
>
>     ...
>
>     @SuppressWarnings("unchecked")
>     KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal());
>     IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken();
>
>     log.debug( "email from token is \"" + idToken.getEmail() + "\"" );
>
>
>     Not sure if that's the recommended way but it works well.
>
>
>     On 07/10/2015 04:48 PM, Juan Diego wrote:
>>     Hi
>>
>>     I want to be able to update the user password and some
>>     preferences from my web app, in order to update some of the user
>>     info from my portal i can see in the rest api that you need the
>>     user ID.
>>     I have a backend with java that should connect to my keycloak
>>     server once it gets the token
>>
>>     KeycloakSecurityContext securityContext =
>>     (KeycloakSecurityContext) httpRequest
>>     .getAttribute(KeycloakSecurityContext.class.getName());
>>
>>     AccessToken accessToken = securityContext.getToken();
>>
>>     I dont know how to get info from the accesToken, or does the
>>     access token class already has methods to do that.  I know this
>>     is more of a question of design.  This part is not really clear
>>     for me.
>>
>>     Thanks
>>
>>
>>
>>     _______________________________________________
>>     keycloak-user mailing list
>>     keycloak-user at lists.jboss.org  <mailto:keycloak-user at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>     -- 
>     Scott Dunbar
>     Xigole Systems, Inc.
>     Enterprise consulting, development, and hosting
>     303·667·6343
>
>     _______________________________________________
>     keycloak-user mailing list
>     keycloak-user at lists.jboss.org <mailto:keycloak-user at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-user
>
>

-- 
Scott Dunbar
Xigole Systems, Inc.
Enterprise consulting, development, and hosting
303·667·6343
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20150710/e24ce140/attachment-0001.html 


More information about the keycloak-user mailing list