<div dir="ltr">Guys, I am repeating my question here. Any ideas on this?<div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><div dir="ltr" style="font-size:12.8px"><div>I added the <b>org.keycloak.KeycloakPrincipal</b> definition in order to get the token: </div><div><br></div><div><br></div><div>KeycloakPrincipal kcPrincipal = (KeycloakPrincipal) srvl.getUserPrincipal();</div><div>String token = kcPrincipal.getKeycloakSecurityContext().getTokenString();<br></div><div><br></div><div>but cannot deploy the project to the Wildfly server:</div><div><br></div><div>10:23:31,250 INFO [org.jboss.resteasy.spi.ResteasyDeployment] (MSC service thread 1-2) Deploying javax.ws.rs.core.Application: class si.liis.apitime.service.ApiTimeApplication</div><div>10:23:31,282 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-2) MSC000001: Failed to start service jboss.undertow.deployment.default-server.default-host./apitime-rest: org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./apitime-rest: Failed to start service</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div><div><span style="white-space:pre-wrap"> </span>at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_85]</div><div><span style="white-space:pre-wrap"> </span>at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_85]</div><div><span style="white-space:pre-wrap"> </span>at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_85]</div><div>Caused by: java.lang.NoClassDefFoundError: com/google/zxing/WriterException</div><div><span style="white-space:pre-wrap"> </span>at java.lang.Class.getDeclaredMethods0(Native Method) [rt.jar:1.7.0_85]</div><div><span style="white-space:pre-wrap"> </span>at java.lang.Class.privateGetDeclaredMethods(Class.java:2625) [rt.jar:1.7.0_85]</div><div><span style="white-space:pre-wrap"> </span>at java.lang.Class.privateGetPublicMethods(Class.java:2743) [rt.jar:1.7.0_85]</div><div><span style="white-space:pre-wrap"> </span>at java.lang.Class.getMethods(Class.java:1480) [rt.jar:1.7.0_85]</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.resteasy.spi.metadata.ResourceBuilder.fromAnnotations(ResourceBuilder.java:747)</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.resteasy.spi.metadata.ResourceBuilder.rootResourceFromAnnotations(ResourceBuilder.java:700)</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.<init>(POJOResourceFactory.java:29)</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.resteasy.core.ResourceMethodRegistry.addPerRequestResource(ResourceMethodRegistry.java:75)</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.resteasy.spi.ResteasyDeployment.registration(ResteasyDeployment.java:400)</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:241)</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)</div><div><span style="white-space:pre-wrap"> </span>at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)</div><div><span style="white-space:pre-wrap"> </span>at org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:79)</div><div><span style="white-space:pre-wrap"> </span>at io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)</div><div><span style="white-space:pre-wrap"> </span>at io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:220)</div><div><span style="white-space:pre-wrap"> </span>at io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:125)</div><div><span style="white-space:pre-wrap"> </span>at io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:508)</div><div><span style="white-space:pre-wrap"> </span>at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:88)</div><div><span style="white-space:pre-wrap"> </span>at org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:72)</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div><div><span style="white-space:pre-wrap"> </span>at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881) [jboss-msc-1.2.2.Final.jar:1.2.2.Final]</div><div><span style="white-space:pre-wrap"> </span>... 3 more</div><div><br></div><div>10:23:31,285 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) JBAS014613: Operation ("redeploy") failed - address: ([("deployment" => "apitime-rest.war")]) - failure description: {"JBAS014671: Failed services" => {"jboss.undertow.deployment.default-server.default-host./apitime-rest" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./apitime-rest: Failed to start service</div><div> Caused by: java.lang.NoClassDefFoundError: com/google/zxing/WriterException"}}</div><div>10:23:31,285 ERROR [org.jboss.as.server] (management-handler-thread - 1) JBAS015860: Redeploy of deployment "apitime-rest.war" was rolled back with the following failure message: </div><div>{"JBAS014671: Failed services" => {"jboss.undertow.deployment.default-server.default-host./apitime-rest" => "org.jboss.msc.service.StartException in service jboss.undertow.deployment.default-server.default-host./apitime-rest: Failed to start service</div><div> Caused by: java.lang.NoClassDefFoundError: com/google/zxing/WriterException"}}</div><div> </div><div><br></div><div><br></div><div>I am using Wildfly 8.2.0 with Keycloak adapter 1.3.1.</div><div>Any solution?</div><div>Thanks.</div><div><br></div></div></blockquote></div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div style="font-family:arial;font-size:small"><div dir="ltr"><font color="#888888">Regards,<br>Pavel Maslov, MS</font></div></div></div></div></div></div></div>
<br><div class="gmail_quote">On Wed, Dec 16, 2015 at 10:51 PM, Johan B. <span dir="ltr"><<a href="mailto:johan.bos@c6.eu" target="_blank">johan.bos@c6.eu</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><font size="2"><span style="background-color:rgba(255,255,255,0)">You answered it. I was not familiar with the whole setting list. My question was: does something in the ui make the setting change or is it a manual setup?</span></font><div><font size="2"><span style="background-color:rgba(255,255,255,0)">I think you are saying it is only manual and it is fine.</span></font></div><div><font size="2"><span style="background-color:rgba(255,255,255,0)">It would probably best for future version to have all these extra adapter setting avail. From admin UI so people has the switch/checkbox or input form to make direct application change to the json</span></font></div><font size="2"><span style="background-color:rgba(255,255,255,0)">Moreover since you have a download installation button and a json setting viewer</span></font><div class="HOEnZb"><div class="h5"><div><br></div><div><font size="2"><span style="background-color:rgba(255,255,255,0)"></span></font><span></span>Le mercredi 16 décembre 2015, Johan Bos <<a href="mailto:johan.bos@c6.eu" target="_blank">johan.bos@c6.eu</a>> a écrit :<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
oh when you said: <br>
<pre>use-resource-role-mappings
it is only available through the keycloak.json
Nothing from Keycloak Admin UI allows you to set the options, so have the installation file ready with everything ?
</pre>
<pre cols="72">Regards,
Johan Bos</pre>
<div>Le 16/12/2015 16:33, Johan Bos a
écrit :<br>
</div>
<blockquote type="cite">So it is
one or the other.
<br>
The switch is at realm level or per clients?
<br>
<br>
As I tend to make realm role for securing the clients only and
client/resource roles for internal client management, I should be
fine
<br>
<br>
Still It would help to have some merging/mapping so from client we
don't have to so much rely on KeyCloak implementation to test
roles... Issue is that realm role can have same name as client
role. But once there is always some pitfall to avoid.
<br>
<br>
Thanks
<br>
<br>
Regards,
<br>
<br>
Johan Bos
<br>
<br>
Le 16/12/2015 15:45, Bill Burke a écrit :
<br>
<blockquote type="cite">See use-resource-role-mappings switch:
<br>
<br>
If set to true, the getResourceAccess("resource-name") roles
will be
<br>
mapped into isUserInRole, otherwise getRealmAccess is mapped
into
<br>
isUserInRole
<br>
<br>
Not the best I know. We've been meaning to add some sort of
role
<br>
mapping facility to the adapter.
<br>
<br>
On 12/16/2015 9:17 AM, Johan Bos wrote:
<br>
<blockquote type="cite">Why is
HttpRequest.isUserInRole(<role>) not capable to return
true when
<br>
the role is present in the AccessToken.getRealmAccess?
<br>
<br>
Regards,
<br>
<br>
Johan Bos
<br>
<br>
Le 16/12/2015 15:09, Bill Burke a écrit :
<br>
<blockquote type="cite">AccessToken.getResourceAccess or
AccessToken.getRealmAccess
<br>
<br>
On 12/16/2015 4:51 AM, Tim Dudgeon wrote:
<br>
<blockquote type="cite">Its not clear to me how you get the
assigned roles from the AccessToken.
<br>
For instance, is the realm has configured the user to have
roles "user"
<br>
and "editor" how do I find these in the AccessToken?
<br>
<br>
Tim
<br>
<br>
On 07/12/2015 02:53, Bill Burke wrote:
<br>
<blockquote type="cite">For Java
HttpServletRequest.isUserInRole() works. If you
typecast the
<br>
principal to KeycloakPrincipal you can obtain the
AccessToken.
<br>
<br>
On 12/6/2015 5:39 PM, Pavel Maslov wrote:
<br>
<blockquote type="cite">Hi everyone,
<br>
<br>
<br>
Do Keycloak adapters support user authorization? I
mean, of course
<br>
they
<br>
do :) For example, the API I have secured with
Keycloak receives a
<br>
Keycloak access token from the client. How can I
validate the token
<br>
(check user roles) in my code? I am interested in the
Java
<br>
(wildfly) and
<br>
Javascript adapters.
<br>
<br>
Manually I am using <a href="http://jwt.io" target="_blank">jwt.io</a> <a href="http://jwt.io" target="_blank"><http://jwt.io></a> to
check the token. I am
<br>
just
<br>
curious if the Keycloak adapters support smth similar
out of the box.
<br>
<br>
Thank you for your answers.
<br>
<br>
<br>
Regards,
<br>
Pavel Maslov, MS
<br>
<br>
<br>
_______________________________________________
<br>
keycloak-user mailing list
<br>
<a>keycloak-user@lists.jboss.org</a>
<br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
<br>
<br>
</blockquote>
</blockquote>
_______________________________________________
<br>
keycloak-user mailing list
<br>
<a>keycloak-user@lists.jboss.org</a>
<br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
_______________________________________________
<br>
keycloak-user mailing list
<br>
<a>keycloak-user@lists.jboss.org</a>
<br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a>
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
<fieldset></fieldset>
<br>
<pre>_______________________________________________
keycloak-user mailing list
<a>keycloak-user@lists.jboss.org</a>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</div>
</blockquote></div>
</div></div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>