<div dir="ltr">Yes, I did realize my stupid mistake right after I sent the e-mail. It is working as you say. Thank you, very much for all the help!</div><div class="gmail_extra"><br><br><div class="gmail_quote">On Thu, Mar 6, 2014 at 5:31 AM, Stian Thorgersen <span dir="ltr"><<a href="mailto:stian@redhat.com" target="_blank">stian@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">You don't need to add keycloak-services to your application. It doesn't actually return AccountService object, AccountService is JAX-RS sub-resource that handles all requests to 'account'. Assuming that you've looked at the source, have a peak inside AccountService.accountPage that's what actually handles the request.<br>
<br>
The 406 is caused by missing Accept header. Try adding:<br>
<br>
.header(HttpHeaders.ACCEPT, "application/json")<br>
<br>
Cheers,<br>
Stian<br>
<div class="im HOEnZb"><br>
----- Original Message -----<br>
> From: "Dean Peterson" <<a href="mailto:peterson.dean@gmail.com">peterson.dean@gmail.com</a>><br>
</div><div class="HOEnZb"><div class="h5">> To: "Stian Thorgersen" <<a href="mailto:stian@redhat.com">stian@redhat.com</a>><br>
> Cc: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> Sent: Wednesday, 5 March, 2014 8:28:53 PM<br>
> Subject: Re: [keycloak-user] How to access realms/{realm}/users/{user} with Application<br>
><br>
> Thank you. I tried what you said. I am able access that REST service on<br>
> the Keycloak server but it returns an AccountService object. Actually, I<br>
> get a 406 error response on my end. I think it is because I did not have<br>
> the keycloak-services dependency in my application's pom. However, when I<br>
> add it and I try to start the server, I get the error: Could not find<br>
> constructor for class: org.keycloak.services.resources.RealmsResource.<br>
> Should I make my own local version of AccountService and not add<br>
> keycloak-services to my application? What is the best approach? Any ideas<br>
> why I might be getting a 406 error?<br>
><br>
> SkeletonKeySession session = (SkeletonKeySession) request<br>
> .getAttribute(SkeletonKeySession.class.getName());<br>
> ResteasyClient client = new ResteasyClientBuilder()<br>
> .trustStore(session.getMetadata().getTruststore())<br>
> .hostnameVerification(<br>
><br>
> ResteasyClientBuilder.HostnameVerificationPolicy.ANY)<br>
> .build();<br>
><br>
> String username = request.getRemoteUser();<br>
><br>
> Profile profile = null;<br>
><br>
> try {<br>
><br>
> Response response = client<br>
> .target("<br>
> <a href="http://server:8080/auth/rest/realms/myrealm/account" target="_blank">http://server:8080/auth/rest/realms/myrealm/account</a>")<br>
> .request()<br>
> .header(HttpHeaders.AUTHORIZATION,<br>
> "Bearer " + session.getTokenString()).get();<br>
><br>
> .<br>
> .<br>
> .<br>
><br>
><br>
><br>
> On Wed, Mar 5, 2014 at 3:09 AM, Stian Thorgersen <<a href="mailto:stian@redhat.com">stian@redhat.com</a>> wrote:<br>
><br>
> > There's also a Keycloak specific mechanism for accessing the account of<br>
> > the user associated with the token.<br>
> ><br>
> > To do this open the scope mappings for your app/client, and select<br>
> > 'account' in the application roles, select 'view-profile' and click the<br>
> > right-arrow. This will allow your app/client to view the profile of the<br>
> > current user.<br>
> ><br>
> > Then you can make a request (with bearer token) to:<br>
> ><br>
> > /auth/rest/realms/myrealm/account<br>
> ><br>
> > In the future we'll add support to do all account specific things through<br>
> > these REST endpoints to support all operations provided by the account<br>
> > management application.<br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Dean Peterson" <<a href="mailto:peterson.dean@gmail.com">peterson.dean@gmail.com</a>><br>
> > > To: <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > Sent: Tuesday, 4 March, 2014 7:15:31 PM<br>
> > > Subject: [keycloak-user] How to access realms/{realm}/users/{user} with<br>
> > Application<br>
> > ><br>
> > > Hello,<br>
> > ><br>
> > > I am trying to find the best way to access the UsersResource.java Rest<br>
> > > services outside the keycloak admin application to get a user's<br>
> > information.<br>
> > > How do I make a request using just the client's credentials?<br>
> > ><br>
> > > I currently use something like this but I get a 401 because I am using a<br>
> > > user's oauth token and they only have user privileges:<br>
> > > SkeletonKeySession session = (SkeletonKeySession) request<br>
> > > .getAttribute(SkeletonKeySession.class.getName());<br>
> > > ResteasyClient client = new ResteasyClientBuilder()<br>
> > > .trustStore(session.getMetadata().getTruststore())<br>
> > > .hostnameVerification(<br>
> > > ResteasyClientBuilder.HostnameVerificationPolicy.ANY)<br>
> > > .build();<br>
> > ><br>
> > > String username = request.getRemoteUser();<br>
> > ><br>
> > > Profile profile = null;<br>
> > ><br>
> > > try {<br>
> > ><br>
> > > Response response = client<br>
> > > .target(" <a href="http://server:8080/auth/rest/admin/realms/myrealm/users/" target="_blank">http://server:8080/auth/rest/admin/realms/myrealm/users/</a> ")<br>
> > > .path(username)<br>
> > > .request()<br>
> > > .header(HttpHeaders.AUTHORIZATION,<br>
> > > "Bearer " + session.getTokenString()).get();<br>
> > ><br>
> > > // Get the existing entry if there is one. Otherwise, just return<br>
> > > // the regular<br>
> > > // entity retrieved from the remote system.<br>
> > > try {<br>
> > > profile = profileRepository<br>
> > > .findByRegistrationId(member.getId());<br>
> > ><br>
> > > } catch (NoResultException e) {<br>
> > > // ignore<br>
> > > }<br>
> > ><br>
> > > } finally {<br>
> > > client.close();<br>
> > > }<br>
> > ><br>
> > > Is there a way for the application to make a request directly as an admin<br>
> > > without giving the user admin privileges?<br>
> > ><br>
> > > _______________________________________________<br>
> > > keycloak-user mailing list<br>
> > > <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> > > <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
> ><br>
><br>
</div></div></blockquote></div><br></div>