<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Then you should do as it requests: add the required dependency until
you got the all and deploy with no error.<br>
<br>
Why would it give you error during build? <br>
The dependency of keycloak is not something you inherit in your
project simply by adding the keycloak core lib.<br>
It mainly depends on how you build it. Third party dependencies are
not always a requirement to build a project.<br>
As most of the unseen issue in deployment dependency management
comes from dependency only required at runtime.<br>
Your build does'nt what the keycloak principal means other than the
direct keycloak lib.<br>
<br>
This is basic Java project dependency: compile/runtime/provided are
the different option you have using mavenized project.<br>
When using a lib from maven repo, you have the pom come with it and
just going through it, give you an idea of what you are missing.<br>
<br>
<pre class="moz-signature" cols="72">Regards,
Johan Bos</pre>
<div class="moz-cite-prefix">Le 17/12/2015 11:01, Pavel Maslov a
écrit :<br>
</div>
<blockquote
cite="mid:CAF9aV_oMYESD5P5OigW7NMS2y+Hv9BdxNKQRPzUzQzdBeuW60A@mail.gmail.com"
type="cite">
<div dir="ltr">Hi Jonah,
<div><br>
</div>
<div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">You
don't get these error if you remove the 2 code lines?<br>
</blockquote>
<div>Exactly. However, once I include these 2 lines, I cannot
deploy the war file to the Wildfly server.</div>
<div><br>
</div>
<div>I have to point out that there are no errors during
build/packaging.</div>
<div class="gmail_extra"><br clear="all">
<div>
<div class="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div style="font-family:arial;font-size:small">
<div dir="ltr"><font color="#888888">Regards,<br>
Pavel Maslov, MS</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Thu, Dec 17, 2015 at 10:56 AM,
Johan Bos <span dir="ltr"><<a moz-do-not-send="true"
href="mailto:johan.bos@c6.eu" target="_blank">johan.bos@c6.eu</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000"> You don't get
these error if you remove the 2 code lines?<br>
When deploying your apps, it is not enough to add the
keycloak core dependency to access the keycloak
principal, you also need to add all possible
dependency the keycloak lib is relying onto.<br>
<br>
Basically on latest version of keycloak, I added
almost everything that comes in the adapter zip to my
project/api dependency for runtime.<br>
No idea how it was dealt with in previous version.
Only dealt with keycloak 1.6 and 1.7.<br>
<br>
Since you had to provide some lib to your server (mine
was tomcat 7) to dealt with the keycloak implantation
to secure my app, as soon as I needed to acces
keycloak token from my app code, I was required to add
the libs the adapter for tomcat 7 is providing.<br>
<pre cols="72">Regards,
Johan Bos</pre>
<div>
<div class="h5">
<div>Le 17/12/2015 10:39, Pavel Maslov a écrit :<br>
</div>
<blockquote type="cite">
<div dir="ltr">Guys, I am repeating my question
here. Any ideas on this?
<div><br>
</div>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr" style="font-size:12.8px">
<div>I added the <b>org.keycloak.KeycloakPrincipal</b> definition
in order to get the token: </div>
<div><br>
</div>
<div><br>
</div>
<div>KeycloakPrincipal kcPrincipal =
(KeycloakPrincipal)
srvl.getUserPrincipal();</div>
<div>String token =
kcPrincipal.getKeycloakSecurityContext().getTokenString();<br>
</div>
<div><br>
</div>
<div>but cannot deploy the project to the
Wildfly server:</div>
<div><br>
</div>
<div>10:23:31,250 INFO
[org.jboss.resteasy.spi.ResteasyDeployment]
(MSC service thread 1-2) Deploying
javax.ws.rs.core.Application: class
si.liis.apitime.service.ApiTimeApplication</div>
<div>10:23:31,282 ERROR
[org.jboss.msc.service.fail] (MSC
service thread 1-2) MSC000001: Failed to
start service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
org.jboss.msc.service.StartException in
service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Thread.run(Thread.java:745)
[rt.jar:1.7.0_85]</div>
<div>Caused by:
java.lang.NoClassDefFoundError:
com/google/zxing/WriterException</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.getDeclaredMethods0(Native
Method) [rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.privateGetDeclaredMethods(Class.java:2625)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.privateGetPublicMethods(Class.java:2743)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
java.lang.Class.getMethods(Class.java:1480)
[rt.jar:1.7.0_85]</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.metadata.ResourceBuilder.fromAnnotations(ResourceBuilder.java:747)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.metadata.ResourceBuilder.rootResourceFromAnnotations(ResourceBuilder.java:700)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.<init>(POJOResourceFactory.java:29)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.core.ResourceMethodRegistry.addPerRequestResource(ResourceMethodRegistry.java:75)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.ResteasyDeployment.registration(ResteasyDeployment.java:400)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:241)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:79)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:220)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:125)</div>
<div><span style="white-space:pre-wrap"> </span>at
io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:508)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:88)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:72)</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div>
<div><span style="white-space:pre-wrap"> </span>...
3 more</div>
<div><br>
</div>
<div>10:23:31,285 ERROR
[org.jboss.as.controller.management-operation]
(management-handler-thread - 1)
JBAS014613: Operation ("redeploy")
failed - address: ([("deployment" =>
"apitime-rest.war")]) - failure
description: {"JBAS014671: Failed
services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest"
=>
"org.jboss.msc.service.StartException in
service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service</div>
<div> Caused by:
java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}</div>
<div>10:23:31,285 ERROR
[org.jboss.as.server]
(management-handler-thread - 1)
JBAS015860: Redeploy of deployment
"apitime-rest.war" was rolled back with
the following failure message: </div>
<div>{"JBAS014671: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest"
=>
"org.jboss.msc.service.StartException in
service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service</div>
<div> Caused by:
java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}</div>
<div> </div>
<div><br>
</div>
<div><br>
</div>
<div>I am using Wildfly 8.2.0 with
Keycloak adapter 1.3.1.</div>
<div>Any solution?</div>
<div>Thanks.</div>
<div><br>
</div>
</div>
</blockquote>
</div>
<div class="gmail_extra"><br clear="all">
<div>
<div>
<div dir="ltr">
<div>
<div dir="ltr">
<div
style="font-family:arial;font-size:small">
<div dir="ltr"><font
color="#888888">Regards,<br>
Pavel Maslov, MS</font></div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
<div class="gmail_quote">On Wed, Dec 16, 2015
at 10:51 PM, Johan B. <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:johan.bos@c6.eu"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johan.bos@c6.eu">johan.bos@c6.eu</a></a>></span>
wrote:<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><font
size="2"><span
style="background-color:rgba(255,255,255,0)">You
answered it. I was not familiar with
the whole setting list. My question
was: does something in the ui make the
setting change or is it a manual
setup?</span></font>
<div><font size="2"><span
style="background-color:rgba(255,255,255,0)">I
think you are saying it is only
manual and it is fine.</span></font></div>
<div><font size="2"><span
style="background-color:rgba(255,255,255,0)">It
would probably best for future
version to have all these extra
adapter setting avail. From admin UI
so people has the switch/checkbox or
input form to make direct
application change to the json</span></font></div>
<font size="2"><span
style="background-color:rgba(255,255,255,0)">Moreover
since you have a download installation
button and a json setting viewer</span></font>
<div>
<div>
<div><br>
</div>
<div><font size="2"><span
style="background-color:rgba(255,255,255,0)"></span></font><span></span>Le mercredi
16 décembre 2015, Johan Bos <<a
moz-do-not-send="true"
href="mailto:johan.bos@c6.eu"
target="_blank"><a class="moz-txt-link-abbreviated" href="mailto:johan.bos@c6.eu">johan.bos@c6.eu</a></a>>
a écrit :<br>
<blockquote class="gmail_quote"
style="margin:0px 0px 0px
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div bgcolor="#FFFFFF"
text="#000000"> oh when you
said: <br>
<pre>use-resource-role-mappings
it is only available through the keycloak.json
Nothing from Keycloak Admin UI allows you to set the options, so have the installation file ready with everything ?
</pre>
<pre cols="72">Regards,
Johan Bos</pre>
<div>Le 16/12/2015 16:33, Johan
Bos a écrit :<br>
</div>
<blockquote type="cite">So it is
one or the other. <br>
The switch is at realm level
or per clients? <br>
<br>
As I tend to make realm role
for securing the clients only
and client/resource roles for
internal client management, I
should be fine <br>
<br>
Still It would help to have
some merging/mapping so from
client we don't have to so
much rely on KeyCloak
implementation to test
roles... Issue is that realm
role can have same name as
client role. But once there is
always some pitfall to avoid.
<br>
<br>
Thanks <br>
<br>
Regards, <br>
<br>
Johan Bos <br>
<br>
Le 16/12/2015 15:45, Bill
Burke a écrit : <br>
<blockquote type="cite">See
use-resource-role-mappings
switch: <br>
<br>
If set to true, the
getResourceAccess("resource-name")
roles will be <br>
mapped into isUserInRole,
otherwise getRealmAccess is
mapped into <br>
isUserInRole <br>
<br>
Not the best I know. We've
been meaning to add some
sort of role <br>
mapping facility to the
adapter. <br>
<br>
On 12/16/2015 9:17 AM, Johan
Bos wrote: <br>
<blockquote type="cite">Why
is
HttpRequest.isUserInRole(<role>)
not capable to return true
when <br>
the role is present in the
AccessToken.getRealmAccess?
<br>
<br>
Regards, <br>
<br>
Johan Bos <br>
<br>
Le 16/12/2015 15:09, Bill
Burke a écrit : <br>
<blockquote type="cite">AccessToken.getResourceAccess
or
AccessToken.getRealmAccess
<br>
<br>
On 12/16/2015 4:51 AM,
Tim Dudgeon wrote: <br>
<blockquote type="cite">Its
not clear to me how
you get the assigned
roles from the
AccessToken. <br>
For instance, is the
realm has configured
the user to have roles
"user" <br>
and "editor" how do I
find these in the
AccessToken? <br>
<br>
Tim <br>
<br>
On 07/12/2015 02:53,
Bill Burke wrote: <br>
<blockquote
type="cite">For Java
HttpServletRequest.isUserInRole()
works. If you
typecast the <br>
principal to
KeycloakPrincipal
you can obtain the
AccessToken. <br>
<br>
On 12/6/2015 5:39
PM, Pavel Maslov
wrote: <br>
<blockquote
type="cite">Hi
everyone, <br>
<br>
<br>
Do Keycloak
adapters support
user
authorization? I
mean, of course <br>
they <br>
do :) For example,
the API I have
secured with
Keycloak receives
a <br>
Keycloak access
token from the
client. How can I
validate the token
<br>
(check user roles)
in my code? I am
interested in the
Java <br>
(wildfly) and <br>
Javascript
adapters. <br>
<br>
Manually I am
using <a
moz-do-not-send="true"
href="http://jwt.io" target="_blank">jwt.io</a> <a
moz-do-not-send="true"
href="http://jwt.io" target="_blank"><a class="moz-txt-link-rfc2396E" href="http://jwt.io"><http://jwt.io></a></a> to check
the token. I am <br>
just <br>
curious if the
Keycloak adapters
support smth
similar out of the
box. <br>
<br>
Thank you for your
answers. <br>
<br>
<br>
Regards, <br>
Pavel Maslov, MS <br>
<br>
<br>
_______________________________________________
<br>
keycloak-user
mailing list <br>
<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a>
<br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a>
<br>
<br>
</blockquote>
</blockquote>
_______________________________________________
<br>
keycloak-user mailing
list <br>
<a
moz-do-not-send="true"><a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a></a>
<br>
<a
moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank"><a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></a>
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
_______________________________________________
<br>
keycloak-user mailing list
<br>
<a moz-do-not-send="true">keycloak-user@lists.jboss.org</a>
<br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a moz-do-not-send="true">keycloak-user@lists.jboss.org</a>
<a moz-do-not-send="true" href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote>
</div>
</div>
</div>
<br>
_______________________________________________<br>
keycloak-user mailing list<br>
<a moz-do-not-send="true"
href="mailto:keycloak-user@lists.jboss.org"
target="_blank">keycloak-user@lists.jboss.org</a><br>
<a moz-do-not-send="true"
href="https://lists.jboss.org/mailman/listinfo/keycloak-user"
rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</blockquote>
</div>
<br>
</div>
</blockquote>
<br>
</div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div>
</blockquote>
<br>
</body>
</html>