[keycloak-user] Jaxrs Client Example?

Thomas Darimont thomas.darimont at googlemail.com
Mon May 22 08:13:52 EDT 2017 

Hello Peter,

have a look at the example below.
The following example obtains an access token from the /token endpoint and
uses it to call the /userinfo endpoint
with the access token in the Authorization header. In real Keycloak
integrations one would use the access token
which is maintained by the Keycloak adapter via the KeycloakSecurityContext.

HTH.

Cheers,
Thomas

import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.ClientRequestContext;
import javax.ws.rs.client.ClientRequestFilter;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import java.io.IOException;
import java.util.Map;
import java.util.concurrent.Future;
import java.util.function.Supplier;

public class JaxRsKeycloakClientExample {

  public static void main(String[] args) throws Exception {

    String realmName = "token-test";
    String tokenPath = "/protocol/openid-connect/token";
    String userInfoPath = "/protocol/openid-connect/userinfo";

    String authServerBaseUrl = "http://localhost:8081/auth/realms";

    /* Dummy accessToken provider - in real Keycloak integrations you'd
extract the current AccessToken
     * from the KeycloakSecurity context which is accessible via:
     *
httpServletRequest.getAttribute(KeycloakSecurityContext.class.getName());
     * or
     *
httpServletRequest.getSession().getAttribute(KeycloakSecurityContext.class.getName());
     *
     *   then do KeycloakSecurityContext#getTokenString()
     */
    Supplier<String> accessTokenProvider = () -> {

      Client keycloakClient = ClientBuilder.newBuilder().build();
      WebTarget target =
keycloakClient.target(UriBuilder.fromUri(authServerBaseUrl).path(realmName).path(tokenPath).build());

      Form getTokenForm = new Form() //
        .param("client_id", "admin-cli") //
        .param("client_secret", "") //
        .param("username", "tester") //
        .param("password", "test") //
        .param("grant_type", "password") //
        ;

      Future<Map> response =
target.request(MediaType.APPLICATION_FORM_URLENCODED) //
        .accept(MediaType.APPLICATION_JSON_TYPE) //
        .buildPost(Entity.form(getTokenForm)) //
        .submit(Map.class);

      try {
        Map map = response.get();

        return String.valueOf(map.get("access_token"));
      } catch (Exception e) {
        throw new RuntimeException(e);
      }
    };

    Client client = ClientBuilder.newBuilder().build();
    client.register(new KeycloakAuthRequestFilter(accessTokenProvider));

    //Call UserInfo endpoint with AccessToken in Authorization Header
    WebTarget target =
client.target(UriBuilder.fromUri(authServerBaseUrl).path(realmName).path(userInfoPath).build());
    Response response =
target.request().accept(MediaType.APPLICATION_JSON_TYPE).get();

    System.out.println(response.readEntity(Map.class));
  }

  public static class KeycloakAuthRequestFilter implements
ClientRequestFilter {

    private final Supplier<String> accessTokenProvider;

    public KeycloakAuthRequestFilter(Supplier<String> accessTokenProvider) {
      this.accessTokenProvider = accessTokenProvider;
    }

    @Override
    public void filter(ClientRequestContext requestContext) throws
IOException {
      requestContext.getHeaders().putSingle("Authorization", "Bearer " +
accessTokenProvider.get());
    }
  }
}

2017-05-22 8:14 GMT+02:00 Peter Donald <peter at realityforge.org>:

> Hi,
>
> This is a really dumb question and I have tried to google+RTFM but
> still can't seem to find the answer.
>
> I am looking for a simple example where I can use a jaxrs client to
> access a service protected by keycloak. I have only really found
> references to admin-client which seems to be more about admin of
> keycloak and the JaxrsBearerTokenFilterImpl which seems like it may
> work but can't find an example where it is used or how I would go
> about it.
>
> Preferably I would like to do a .register( X ) when creating the jaxrs
> client and have it handled automagically by a filter. I don't have
> resteasy available atm if that makes a difference.
>
> Any hints on where to figure this out?
>
> --
> Cheers,
>
> Peter Donald
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

More information about the keycloak-user mailing list