Re: [keycloak-user] How to access realms/{realm}/users/{user} with Application

You don't need to add keycloak-services to your application. It doesn't actually return AccountService object, AccountService is JAX-RS sub-resource that handles all requests to 'account'. Assuming that you've looked at the source, have a peak inside AccountService.accountPage that's what actually handles the request. The 406 is caused by missing Accept header. Try adding: .header(HttpHeaders.ACCEPT, "application/json") Cheers, Stian ----- Original Message ----- > From: "Dean Peterson" <peterson.dean(a)gmail.com&gt; > To: "Stian Thorgersen" <stian(a)redhat.com&gt; > Cc: keycloak-user(a)lists.jboss.org > Sent: Wednesday, 5 March, 2014 8:28:53 PM > Subject: Re: [keycloak-user] How to access realms/{realm}/users/{user} with Application > > Thank you. I tried what you said. I am able access that REST service on > the Keycloak server but it returns an AccountService object. Actually, I > get a 406 error response on my end. I think it is because I did not have > the keycloak-services dependency in my application's pom. However, when I > add it and I try to start the server, I get the error: Could not find > constructor for class: org.keycloak.services.resources.RealmsResource. > Should I make my own local version of AccountService and not add > keycloak-services to my application? What is the best approach? Any ideas > why I might be getting a 406 error? > > SkeletonKeySession session = (SkeletonKeySession) request > .getAttribute(SkeletonKeySession.class.getName()); > ResteasyClient client = new ResteasyClientBuilder() > .trustStore(session.getMetadata().getTruststore()) > .hostnameVerification( > > ResteasyClientBuilder.HostnameVerificationPolicy.ANY) > .build(); > > String username = request.getRemoteUser(); > > Profile profile = null; > > try { > > Response response = client > .target(" > http://server:8080/auth/rest/realms/myrealm/account") > .request() > .header(HttpHeaders.AUTHORIZATION, > "Bearer " + session.getTokenString()).get(); > > . > . > . > > > > On Wed, Mar 5, 2014 at 3:09 AM, Stian Thorgersen <stian(a)redhat.com&gt; wrote: > > > There's also a Keycloak specific mechanism for accessing the account of > > the user associated with the token. > > > > To do this open the scope mappings for your app/client, and select > > 'account' in the application roles, select 'view-profile' and click the > > right-arrow. This will allow your app/client to view the profile of the > > current user. > > > > Then you can make a request (with bearer token) to: > > > > /auth/rest/realms/myrealm/account > > > > In the future we'll add support to do all account specific things through > > these REST endpoints to support all operations provided by the account > > management application. > > > > ----- Original Message ----- > > > From: "Dean Peterson" <peterson.dean(a)gmail.com&gt; > > > To: keycloak-user(a)lists.jboss.org > > > Sent: Tuesday, 4 March, 2014 7:15:31 PM > > > Subject: [keycloak-user] How to access realms/{realm}/users/{user} with > > Application > > > > > > Hello, > > > > > > I am trying to find the best way to access the UsersResource.java Rest > > > services outside the keycloak admin application to get a user's > > information. > > > How do I make a request using just the client's credentials? > > > > > > I currently use something like this but I get a 401 because I am using a > > > user's oauth token and they only have user privileges: > > > SkeletonKeySession session = (SkeletonKeySession) request > > > .getAttribute(SkeletonKeySession.class.getName()); > > > ResteasyClient client = new ResteasyClientBuilder() > > > .trustStore(session.getMetadata().getTruststore()) > > > .hostnameVerification( > > > ResteasyClientBuilder.HostnameVerificationPolicy.ANY) > > > .build(); > > > > > > String username = request.getRemoteUser(); > > > > > > Profile profile = null; > > > > > > try { > > > > > > Response response = client > > > .target(" http://server:8080/auth/rest/admin/realms/myrealm/users/") > > > .path(username) > > > .request() > > > .header(HttpHeaders.AUTHORIZATION, > > > "Bearer " + session.getTokenString()).get(); > > > > > > // Get the existing entry if there is one. Otherwise, just return > > > // the regular > > > // entity retrieved from the remote system. > > > try { > > > profile = profileRepository > > > .findByRegistrationId(member.getId()); > > > > > > } catch (NoResultException e) { > > > // ignore > > > } > > > > > > } finally { > > > client.close(); > > > } > > > > > > Is there a way for the application to make a request directly as an admin > > > without giving the user admin privileges? > > > > > > _______________________________________________ > > > keycloak-user mailing list > > > keycloak-user(a)lists.jboss.org > > > https://lists.jboss.org/mailman/listinfo/keycloak-user > > >