Are you identifying you user mainly by the email?
On Fri, Jul 10, 2015 at 6:24 PM, Scott Dunbar <scott@xigole.com> wrote:
It is injected into the bean - sorry, might not have been enough code before. A small example:
import javax.annotation.Resource; import javax.annotation.security.RolesAllowed; import javax.ejb.SessionContext; import javax.ejb.Stateless; import javax.ws.rs.GET; import javax.ws.rs.Path; import javax.ws.rs.Produces; import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response;import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory;import org.keycloak.KeycloakPrincipal; import org.keycloak.KeycloakSecurityContext; import org.keycloak.representations.IDToken;@Path("/user") @Stateless public class UserService { private static final Log log = LogFactory.getLog(UserService.class);@Resource private SessionContext sessionContext; @Path("/getCurrentUserInfo") @Produces({ MediaType.APPLICATION_JSON }) @GET @RolesAllowed({"someRole"}) public Response getCurrentUser() { @SuppressWarnings("unchecked") KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); log.debug( "email from token is \"" + idToken.getEmail() + "\"" );// your return is likely something more useful return Response.ok().build(); } }
Your use case might be different but this is how it is working for me. Again, there may be a better way.
On 07/10/2015 05:01 PM, Juan Diego wrote:
Where do you get sessionContext from?
On Fri, Jul 10, 2015 at 5:54 PM, Scott Dunbar <scott@xigole.com> wrote:
I use something like:
import org.keycloak.KeycloakPrincipal; import org.keycloak.KeycloakSecurityContext; import org.keycloak.representations.IDToken; ... @Resource private SessionContext sessionContext; ... @SuppressWarnings("unchecked") KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sessionContext.getCallerPrincipal()); IDToken idToken = kcPrincipal.getKeycloakSecurityContext().getIdToken(); log.debug( "email from token is \"" + idToken.getEmail() + "\"" );
Not sure if that's the recommended way but it works well.
On 07/10/2015 04:48 PM, Juan Diego wrote:
ThanksI dont know how to get info from the accesToken, or does the access token class already has methods to do that. I know this is more of a question of design. This part is not really clear for me.I have a backend with java that should connect to my keycloak server once it gets the tokenHiI want to be able to update the user password and some preferences from my web app, in order to update some of the user info from my portal i can see in the rest api that you need the user ID.
KeycloakSecurityContext securityContext = (KeycloakSecurityContext) httpRequest
.getAttribute(KeycloakSecurityContext.class.getName());
AccessToken accessToken = securityContext.getToken();
_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Scott Dunbar
Xigole Systems, Inc.
Enterprise consulting, development, and hosting
303·667·6343
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user
--
Scott Dunbar
Xigole Systems, Inc.
Enterprise consulting, development, and hosting
303·667·6343
_______________________________________________ keycloak-user mailing list keycloak-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user