<div dir="ltr"><div><div>I have tried to add:<br> org.keycloak.representations.IDToken idToken = principal.getKeycloakSecurityContext().getIdToken();<br> org.keycloak.representations.AccessToken token = principal.getKeycloakSecurityContext().getToken();<br><br> writer.write("<br/>Access Token id: " + token.getId());<br> writer.write("<br/>Access Token String: " + principal.getKeycloakSecurityContext().getTokenString());<br> writer.write("<br/>ID Token id: " + idToken.getId());<br> writer.write("<br/>ID Token String: " + principal.getKeycloakSecurityContext().getIdTokenString());<br><br> writer.write(String.format("<br/><a href=\"/multitenant/%s/logout\">Logout</a>", realm));<br><br> try<br> {<br> java.net.URL url = new java.net.URL( "<a href="http://localhost:8080/auth/admin/realms/">http://localhost:8080/auth/admin/realms/</a>" + principal.getKeycloakSecurityContext().getRealm() + "/roles" );<br> java.net.HttpURLConnection conn = (java.net.HttpURLConnection)url.openConnection();<br> conn.setRequestMethod( "GET" );<br> conn.setRequestProperty("Authorization", "Bearer " + principal.getKeycloakSecurityContext().getTokenString());<br> java.io.BufferedReader in = new java.io.BufferedReader( new java.io.InputStreamReader( conn.getInputStream()));<br> String line;<br> while ((line = in.readLine()) != null)<br> {<br> writer.write( line );<br> }<br> in.close();<br> }<br> catch( Exception e )<br> {<br> e.printStackTrace();<br> }<br><br></div>to keycloak-demo-1.3.1.Final/examples/multi-tenant/src/main/java/org/keycloak/example/multitenant/boundary/ProtectedServlet.java<br><br></div>But I am getting an error:<br>12:28:28,317 WARN [org.jboss.resteasy.core.ExceptionHandler] (default task-16) Failed executing GET /admin/realms/tenant1/roles: org.keycloak.services.ForbiddenException<br><div><br><br>In stepping through the AdminClient of the admin-access-app I have found an example bearer token was 1157 characters long.<br><br>principal.getKeycloakSecurityContext().getIdTokenString() turned out to be 645 characters long.<br><br>principal.getKeycloakSecurityContext().getTokenString() turned out to be 865 characters long.<br><br><br></div><div>What is it that I am missing ?<br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Jul 7, 2015 at 10:08 AM, Bill Burke <span dir="ltr"><<a href="mailto:bburke@redhat.com" target="_blank">bburke@redhat.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The access token should already be available.<br>
<span class=""><br>
On 7/7/2015 10:01 AM, Stephen More wrote:<br>
> Or perhaps a better question would be: Once a user is already logged<br>
> into keycloak, how can a<br>
> org.keycloak.representations.AccessTokenResponse without providing a<br>
> password a second time ?<br>
><br>
> On Sun, Jul 5, 2015 at 12:00 PM, Stephen More <<a href="mailto:stephen.more@gmail.com">stephen.more@gmail.com</a><br>
</span><span class="">> <mailto:<a href="mailto:stephen.more@gmail.com">stephen.more@gmail.com</a>>> wrote:<br>
><br>
> How could I extend the multi-tenant example (<br>
> <a href="https://github.com/keycloak/keycloak/tree/master/examples/" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/</a><br>
</span>> <<a href="https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant" rel="noreferrer" target="_blank">https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant</a>>multi-tenant<br>
<span class="">> ) to make a Rest admin api call back to keycloak using java ?<br>
><br>
> I think this would be a helpful example in upcoming releases.<br>
><br>
> Thanks<br>
><br>
><br>
><br>
><br>
</span>> _______________________________________________<br>
> keycloak-user mailing list<br>
> <a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
> <a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
><br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Bill Burke<br>
JBoss, a division of Red Hat<br>
<a href="http://bill.burkecentral.com" rel="noreferrer" target="_blank">http://bill.burkecentral.com</a><br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</font></span></blockquote></div><br></div>