[keycloak-user] access to IDM form java EJB

Good afternoon. My English is not very good, so just apologize. I really liked your project Keycloak. I've had a number of questions on it, in which I ask your help. So ... 1 How REST interface through JSApp create user with specified password. In my case I "PUT" reset-password and get a "Access to the specified resource has been forbidden", but without password is ok. 2 How to check in Stateless EJB which role belongs to a particular user, get his ID, etc. That access to users IDM from the business code. Thank you very much.