You don't get these error if you remove the 2 code lines?
When deploying your apps, it is not enough to add the keycloak core
dependency to access the keycloak principal, you also need to add all
possible dependency the keycloak lib is relying onto.
Basically on latest version of keycloak, I added almost everything that
comes in the adapter zip to my project/api dependency for runtime.
No idea how it was dealt with in previous version. Only dealt with
keycloak 1.6 and 1.7.
Since you had to provide some lib to your server (mine was tomcat 7) to
dealt with the keycloak implantation to secure my app, as soon as I
needed to acces keycloak token from my app code, I was required to add
the libs the adapter for tomcat 7 is providing.
Regards,
Johan Bos
Le 17/12/2015 10:39, Pavel Maslov a écrit :
Guys, I am repeating my question here. Any ideas on this?
I added the *org.keycloak.KeycloakPrincipal* definition in order
to get the token:
KeycloakPrincipal kcPrincipal = (KeycloakPrincipal)
srvl.getUserPrincipal();
String token =
kcPrincipal.getKeycloakSecurityContext().getTokenString();
but cannot deploy the project to the Wildfly server:
10:23:31,250 INFO [org.jboss.resteasy.spi.ResteasyDeployment]
(MSC service thread 1-2) Deploying javax.ws.rs.core.Application:
class si.liis.apitime.service.ApiTimeApplication
10:23:31,282 ERROR [org.jboss.msc.service.fail] (MSC service
thread 1-2) MSC000001: Failed to start service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1904)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_85]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_85]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_85]
Caused by: java.lang.NoClassDefFoundError:
com/google/zxing/WriterException
at java.lang.Class.getDeclaredMethods0(Native Method)
[rt.jar:1.7.0_85]
at java.lang.Class.privateGetDeclaredMethods(Class.java:2625)
[rt.jar:1.7.0_85]
at java.lang.Class.privateGetPublicMethods(Class.java:2743)
[rt.jar:1.7.0_85]
at java.lang.Class.getMethods(Class.java:1480) [rt.jar:1.7.0_85]
at
org.jboss.resteasy.spi.metadata.ResourceBuilder.fromAnnotations(ResourceBuilder.java:747)
at
org.jboss.resteasy.spi.metadata.ResourceBuilder.rootResourceFromAnnotations(ResourceBuilder.java:700)
at
org.jboss.resteasy.plugins.server.resourcefactory.POJOResourceFactory.<init>(POJOResourceFactory.java:29)
at
org.jboss.resteasy.core.ResourceMethodRegistry.addPerRequestResource(ResourceMethodRegistry.java:75)
at
org.jboss.resteasy.spi.ResteasyDeployment.registration(ResteasyDeployment.java:400)
at
org.jboss.resteasy.spi.ResteasyDeployment.start(ResteasyDeployment.java:241)
at
org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.init(ServletContainerDispatcher.java:112)
at
org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.init(HttpServletDispatcher.java:36)
at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:117)
at
org.wildfly.extension.undertow.security.RunAsLifecycleInterceptor.init(RunAsLifecycleInterceptor.java:79)
at
io.undertow.servlet.core.LifecyleInterceptorInvocation.proceed(LifecyleInterceptorInvocation.java:103)
at
io.undertow.servlet.core.ManagedServlet$DefaultInstanceStrategy.start(ManagedServlet.java:220)
at
io.undertow.servlet.core.ManagedServlet.createServlet(ManagedServlet.java:125)
at
io.undertow.servlet.core.DeploymentManagerImpl.start(DeploymentManagerImpl.java:508)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.startContext(UndertowDeploymentService.java:88)
at
org.wildfly.extension.undertow.deployment.UndertowDeploymentService.start(UndertowDeploymentService.java:72)
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1948)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1881)
[jboss-msc-1.2.2.Final.jar:1.2.2.Final]
... 3 more
10:23:31,285 ERROR [org.jboss.as.controller.management-operation]
(management-handler-thread - 1) JBAS014613: Operation ("redeploy")
failed - address: ([("deployment" => "apitime-rest.war")]) -
failure description: {"JBAS014671: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest"
=> "org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service
Caused by: java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}
10:23:31,285 ERROR [org.jboss.as.server]
(management-handler-thread - 1) JBAS015860: Redeploy of deployment
"apitime-rest.war" was rolled back with the following failure
message:
{"JBAS014671: Failed services" =>
{"jboss.undertow.deployment.default-server.default-host./apitime-rest"
=> "org.jboss.msc.service.StartException in service
jboss.undertow.deployment.default-server.default-host./apitime-rest:
Failed to start service
Caused by: java.lang.NoClassDefFoundError:
com/google/zxing/WriterException"}}
I am using Wildfly 8.2.0 with Keycloak adapter 1.3.1.
Any solution?
Thanks.
Regards,
Pavel Maslov, MS
On Wed, Dec 16, 2015 at 10:51 PM, Johan B. <johan.bos(a)c6.eu
<mailto:johan.bos@c6.eu>> wrote:
You answered it. I was not familiar with the whole setting list.
My question was: does something in the ui make the setting change
or is it a manual setup?
I think you are saying it is only manual and it is fine.
It would probably best for future version to have all these extra
adapter setting avail. From admin UI so people has the
switch/checkbox or input form to make direct application change to
the json
Moreover since you have a download installation button and a json
setting viewer
Le mercredi 16 décembre 2015, Johan Bos <johan.bos(a)c6.eu
<mailto:johan.bos@c6.eu>> a écrit :
oh when you said:
use-resource-role-mappings
it is only available through the keycloak.json
Nothing from Keycloak Admin UI allows you to set the options, so have the
installation file ready with everything ?
Regards,
Johan Bos
Le 16/12/2015 16:33, Johan Bos a écrit :
> So it is one or the other.
> The switch is at realm level or per clients?
>
> As I tend to make realm role for securing the clients only
> and client/resource roles for internal client management, I
> should be fine
>
> Still It would help to have some merging/mapping so from
> client we don't have to so much rely on KeyCloak
> implementation to test roles... Issue is that realm role can
> have same name as client role. But once there is always some
> pitfall to avoid.
>
> Thanks
>
> Regards,
>
> Johan Bos
>
> Le 16/12/2015 15:45, Bill Burke a écrit :
>> See use-resource-role-mappings switch:
>>
>> If set to true, the getResourceAccess("resource-name") roles
>> will be
>> mapped into isUserInRole, otherwise getRealmAccess is mapped
>> into
>> isUserInRole
>>
>> Not the best I know. We've been meaning to add some sort of
>> role
>> mapping facility to the adapter.
>>
>> On 12/16/2015 9:17 AM, Johan Bos wrote:
>>> Why is HttpRequest.isUserInRole(<role>) not capable to
>>> return true when
>>> the role is present in the AccessToken.getRealmAccess?
>>>
>>> Regards,
>>>
>>> Johan Bos
>>>
>>> Le 16/12/2015 15:09, Bill Burke a écrit :
>>>> AccessToken.getResourceAccess or AccessToken.getRealmAccess
>>>>
>>>> On 12/16/2015 4:51 AM, Tim Dudgeon wrote:
>>>>> Its not clear to me how you get the assigned roles from
>>>>> the AccessToken.
>>>>> For instance, is the realm has configured the user to
>>>>> have roles "user"
>>>>> and "editor" how do I find these in the
AccessToken?
>>>>>
>>>>> Tim
>>>>>
>>>>> On 07/12/2015 02:53, Bill Burke wrote:
>>>>>> For Java HttpServletRequest.isUserInRole() works. If
>>>>>> you typecast the
>>>>>> principal to KeycloakPrincipal you can obtain the
>>>>>> AccessToken.
>>>>>>
>>>>>> On 12/6/2015 5:39 PM, Pavel Maslov wrote:
>>>>>>> Hi everyone,
>>>>>>>
>>>>>>>
>>>>>>> Do Keycloak adapters support user authorization? I
>>>>>>> mean, of course
>>>>>>> they
>>>>>>> do :) For example, the API I have secured with
Keycloak
>>>>>>> receives a
>>>>>>> Keycloak access token from the client. How can I
>>>>>>> validate the token
>>>>>>> (check user roles) in my code? I am interested in the
Java
>>>>>>> (wildfly) and
>>>>>>> Javascript adapters.
>>>>>>>
>>>>>>> Manually I am using jwt.io <
http://jwt.io>
>>>>>>> <
http://jwt.io> <
http://jwt.io> to check
the token. I am
>>>>>>> just
>>>>>>> curious if the Keycloak adapters support smth
similar
>>>>>>> out of the box.
>>>>>>>
>>>>>>> Thank you for your answers.
>>>>>>>
>>>>>>>
>>>>>>> Regards,
>>>>>>> Pavel Maslov, MS
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> keycloak-user mailing list
>>>>>>> keycloak-user(a)lists.jboss.org
>>>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>>>
>>>>> _______________________________________________
>>>>> keycloak-user mailing list
>>>>> keycloak-user(a)lists.jboss.org
>>>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>>>
>>>
>>>
>>> _______________________________________________
>>> keycloak-user mailing list
>>> keycloak-user(a)lists.jboss.org
>>>
https://lists.jboss.org/mailman/listinfo/keycloak-user
>>>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
>
https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org <mailto:keycloak-user@lists.jboss.org>
https://lists.jboss.org/mailman/listinfo/keycloak-user