<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I had the same issue when deploying in eclipse IDE my webapp.<br>
Even if my runtime env. Tomcat 7 had the adapters for keycloak well
installed into the lib folder, It was detecting it.<br>
But as soon as I needed to make reference to keycloak principal in
my project and wanted to debug it (inspect what the info in token I
could used), I got runtime invocation exception.<br>
I solved it by editing the runtime tomcat classpath from eclipse and
add the needed adapter jars, but not all.<br>
Like you said, some are used by the app server during init that
should not be part of the runtime dep. otherwise you can also get
NoClassDefFound on something you don't need.<br>
<pre class="moz-signature" cols="72">Regards,
Johan Bos</pre>
<div class="moz-cite-prefix">Le 17/12/2015 11:33, Stian Thorgersen a
écrit :<br>
</div>
<blockquote
cite="mid:CAJgngAefdVpyAr85pZo7pBK-8Yk5+y8jz2i9-vt+OxpcCx67-Q@mail.gmail.com"
type="cite">
<div dir="ltr">From the stack trace you added earlier it looks
like you've added some dependencies to your WAR you shouldn't
add.</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On 17 December 2015 at 11:33, Stian
Thorgersen <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:sthorger@redhat.com" target="_blank">sthorger@redhat.com</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">If you are using WildFly you should install
the client adapter subsystem (see the docs for
instructions). That way you don't have to add any
dependencies into your WAR. </div>
<div class="HOEnZb">
<div class="h5">
<div class="gmail_extra"><br>
<div class="gmail_quote">On 17 December 2015 at 11:01,
Pavel Maslov <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:pavel.masloff@gmail.com"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:pavel.masloff@gmail.com">pavel.masloff@gmail.com</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">Hi Jonah,
<div><br>
</div>
<div><span>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">You
don't get these error if you remove the 2
code lines?<br>
</blockquote>
</span>
<div>Exactly. However, once I include these 2
lines, I cannot deploy the war file to the
Wildfly server.</div>
<div><br>
</div>
<div>I have to point out that there are no
errors during build/packaging.</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div
style="font-family:arial;font-size:small">
<div dir="ltr"><font
color="#888888">Regards,<br>
Pavel Maslov, MS</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div>
<br>
<div class="gmail_quote">On Thu, Dec 17,
2015 at 10:56 AM, Johan Bos <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:johan.bos@c6.eu"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johan.bos@c6.eu">johan.bos@c6.eu</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"> You don't get
these error if you remove the 2
code lines?<br>
When deploying your apps, it is
not enough to add the keycloak
core dependency to access the
keycloak principal, you also need
to add all possible dependency the
keycloak lib is relying onto.<br>
<br>
Basically on latest version of
keycloak, I added almost
everything that comes in the
adapter zip to my project/api
dependency for runtime.<br>
No idea how it was dealt with in
previous version. Only dealt with
keycloak 1.6 and 1.7.<br>
<br>
Since you had to provide some lib
to your server (mine was tomcat 7)
to dealt with the keycloak
implantation to secure my app, as
soon as I needed to acces keycloak
token from my app code, I was
required to add the libs the
adapter for tomcat 7 is providing.<br>
<pre cols="72">Regards,
Johan Bos</pre>
<div>
<div>
<div>Le 17/12/2015 10:39,
Pavel Maslov a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Guys, I am
repeating my question
here. Any ideas on this?
<div><br>
</div>
<blockquote
class="gmail_quote"
style="margin:0px 0px
0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr"
style="font-size:12.8px">
<div>I added the <b>org.keycloak.KeycloakPrincipal</b> definition
in order to get the
token: </div>
<div><br>
</div>
<div><br>
</div>
<div>KeycloakPrincipal
kcPrincipal =
(KeycloakPrincipal)
srvl.getUserPrincipal();</div>
<div>String token =
kcPrincipal.getKeycloakSecurityContext().getTokenString();<br>
</div>
<div><br>
</div>
<div>but cannot deploy
the project to the
Wildfly server:</div>
<div><br>
</div>
<div>10:23:31,250 INFO
[org.jboss.resteasy.spi.ResteasyDeployment]
(MSC service thread
1-2) Deploying
javax.ws.rs.core.Application:
class
si.liis.apitime.service.ApiTimeApplication</div>
<div>10:23:31,282
ERROR
[org.jboss.msc.service.fail]
(MSC service thread
1-2) MSC000001:
Failed to start
service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
org.jboss.msc.service.StartException
in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start
service</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Thread.run(Thread.java:745)
[rt.jar:1.7.0_85]</div>
<div>Caused by:
java.lang.NoClassDefFoundError:
com/google/zxing/WriterException</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.getDeclaredMethods0(Native
Method)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.privateGetDeclaredMethods(Class.java:2625)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.privateGetPublicMethods(Class.java:2743)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.getMethods(Class.java:1480)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.metadata.ResourceBuilder.fromAnnotations(ResourceBuilder.java:747)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.metadata.ResourceBuilder.rootResourceFromAnnotations(ResourceBuilder.java:700)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.<init>(POJOResourceFactory.java:29)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.core.ResourceMethodRegistry.addPerRequestResource(ResourceMethodRegistry.java:75)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.ResteasyDeployment.registration(ResteasyDeployment.java:400)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:241)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:79)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:220)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:125)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:508)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:88)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:72)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>...
3 more</div>
<div><br>
</div>
<div>10:23:31,285
ERROR
[org.jboss.as.controller.management-operation]
(management-handler-thread
- 1) JBAS014613:
Operation
("redeploy") failed
- address:
([("deployment"
=>
"apitime-rest.war")])
- failure
description:
{"JBAS014671: Failed
services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest"
=>
"org.jboss.msc.service.StartException
in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start
service</div>
<div> Caused by:
java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}</div>
<div>10:23:31,285
ERROR
[org.jboss.as.server]
(management-handler-thread
- 1) JBAS015860:
Redeploy of
deployment
"apitime-rest.war"
was rolled back with
the following
failure message: </div>
<div>{"JBAS014671:
Failed services"
=>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest"
=>
"org.jboss.msc.service.StartException
in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start
service</div>
<div> Caused by:
java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}</div>
<div> </div>
<div><br>
</div>
<div><br>
</div>
<div>I am using
Wildfly 8.2.0 with
Keycloak adapter
1.3.1.</div>
<div>Any solution?</div>
<div>Thanks.</div>
<div><br>
</div>
</div>
</blockquote>
</div>
<div class="gmail_extra"><br
clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div
style="font-family:arial;font-size:small">
<div dir="ltr"><font
color="#888888">Regards,<br>
Pavel Maslov,
MS</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On
Wed, Dec 16, 2015 at
10:51 PM, Johan B. <span
dir="ltr"><<a
moz-do-not-send="true"
href="mailto:johan.bos@c6.eu" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johan.bos@c6.eu">johan.bos@c6.eu</a></a>></span>
wrote:<br>
<blockquote
class="gmail_quote"
style="margin:0px 0px
0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font
size="2"><span
style="background-color:rgba(255,255,255,0)">You
answered it. I was
not familiar with
the whole setting
list. My question
was: does
something in the
ui make the
setting change or
is it a manual
setup?</span></font>
<div><font size="2"><span
style="background-color:rgba(255,255,255,0)">I think you are saying it
is only manual
and it is fine.</span></font></div>
<div><font size="2"><span
style="background-color:rgba(255,255,255,0)">It would probably best for
future version
to have all
these extra
adapter setting
avail. From
admin UI so
people has the
switch/checkbox
or input form to
make direct
application
change to the
json</span></font></div>
<font size="2"><span
style="background-color:rgba(255,255,255,0)">Moreover
since you have a
download
installation
button and a json
setting viewer</span></font>
<div>
<div>
<div><br>
</div>
<div><font
size="2"><span
style="background-color:rgba(255,255,255,0)"></span></font><span></span>Le mercredi
16 décembre
2015, Johan Bos
<<a
moz-do-not-send="true"
href="mailto:johan.bos@c6.eu" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johan.bos@c6.eu">johan.bos@c6.eu</a></a>> a
écrit :<br>
<blockquote
class="gmail_quote"
style="margin:0px
0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div
bgcolor="#FFFFFF"
text="#000000">
oh when you
said: <br>
<pre>use-resource-role-mappings
it is only available through the keycloak.json
Nothing from Keycloak Admin UI allows you to set the options, so have the installation file ready with everything ?
</pre>
<pre cols="72">Regards,
Johan Bos</pre>
<div>Le
16/12/2015
16:33, Johan
Bos a écrit :<br>
</div>
<blockquote
type="cite">So
it is one or
the other. <br>
The switch is
at realm level
or per
clients? <br>
<br>
As I tend to
make realm
role for
securing the
clients only
and
client/resource
roles for
internal
client
management, I
should be fine
<br>
<br>
Still It would
help to have
some
merging/mapping
so from client
we don't have
to so much
rely on
KeyCloak
implementation
to test
roles... Issue
is that realm
role can have
same name as
client role.
But once there
is always some
pitfall to
avoid. <br>
<br>
Thanks <br>
<br>
Regards, <br>
<br>
Johan Bos <br>
<br>
Le 16/12/2015
15:45, Bill
Burke a écrit
: <br>
<blockquote
type="cite">See
use-resource-role-mappings
switch: <br>
<br>
If set to
true, the
getResourceAccess("resource-name")
roles will be
<br>
mapped into
isUserInRole,
otherwise
getRealmAccess
is mapped into
<br>
isUserInRole <br>
<br>
Not the best I
know. We've
been meaning
to add some
sort of role <br>
mapping
facility to
the adapter. <br>
<br>
On 12/16/2015
9:17 AM, Johan
Bos wrote: <br>
<blockquote
type="cite">Why
is
HttpRequest.isUserInRole(<role>)
not capable to
return true
when <br>
the role is
present in the
AccessToken.getRealmAccess?
<br>
<br>
Regards, <br>
<br>
Johan Bos <br>
<br>
Le 16/12/2015
15:09, Bill
Burke a écrit
: <br>
<blockquote
type="cite">AccessToken.getResourceAccess
or
AccessToken.getRealmAccess
<br>
<br>
On 12/16/2015
4:51 AM, Tim
Dudgeon wrote:
<br>
<blockquote
type="cite">Its
not clear to
me how you get
the assigned
roles from the
AccessToken. <br>
For instance,
is the realm
has configured
the user to
have roles
"user" <br>
and "editor"
how do I find
these in the
AccessToken? <br>
<br>
Tim <br>
<br>
On 07/12/2015
02:53, Bill
Burke wrote: <br>
<blockquote
type="cite">For
Java
HttpServletRequest.isUserInRole()
works. If you
typecast the <br>
principal to
KeycloakPrincipal
you can obtain
the
AccessToken. <br>
<br>
On 12/6/2015
5:39 PM, Pavel
Maslov wrote:
<br>
<blockquote
type="cite">Hi
everyone, <br>
<br>
<br>
Do Keycloak
adapters
support user
authorization?
I mean, of
course <br>
they <br>
do :) For
example, the
API I have
secured with
Keycloak
receives a <br>
Keycloak
access token
from the
client. How
can I validate
the token <br>
(check user
roles) in my
code? I am
interested in
the Java <br>
(wildfly) and
<br>
Javascript
adapters. <br>
<br>
Manually I am
using <a
moz-do-not-send="true"
href="http://jwt.io" target="_blank">jwt.io</a> <a
moz-do-not-send="true"
href="http://jwt.io" target="_blank"><a class="moz-txt-link-rfc2396E" href="http://jwt.io"><http://jwt.io></a></a> to check
the token. I
am <br>
just <br>
curious if the
Keycloak
adapters
support smth
similar out of
the box. <br>
<br>
Thank you for
your answers.
<br>
<br>
<br>
Regards, <br>
Pavel Maslov,
MS <br>
<br>
<br>
_______________________________________________
<br>
keycloak-user
mailing list <br>
<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a>
<br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a>
<br>
<br>
</blockquote>
</blockquote>
_______________________________________________
<br>
keycloak-user
mailing list <br>
<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a>
<br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a>
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
_______________________________________________
<br>
keycloak-user
mailing list <br>
<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a>
<br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a>
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing
list<br>
<a
moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org" target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a><br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</body>
</html>