I have tried to add:
        org.keycloak.representations.IDToken idToken = principal.getKeycloakSecurityContext().getIdToken();
        org.keycloak.representations.AccessToken token = principal.getKeycloakSecurityContext().getToken();

        writer.write("<br/>Access Token id: " + token.getId());
        writer.write("<br/>Access Token String: " + principal.getKeycloakSecurityContext().getTokenString());
        writer.write("<br/>ID Token id: " + idToken.getId());
        writer.write("<br/>ID Token String: " + principal.getKeycloakSecurityContext().getIdTokenString());

        writer.write(String.format("<br/><a href=\"/multitenant/%s/logout\">Logout</a>", realm));

        try
        {
                java.net.URL url = new java.net.URL( "http://localhost:8080/auth/admin/realms/" + principal.getKeycloakSecurityContext().getRealm() + "/roles" );
                java.net.HttpURLConnection conn = (java.net.HttpURLConnection)url.openConnection();
                conn.setRequestMethod( "GET" );
                conn.setRequestProperty("Authorization", "Bearer " + principal.getKeycloakSecurityContext().getTokenString());
                java.io.BufferedReader in = new java.io.BufferedReader( new java.io.InputStreamReader( conn.getInputStream()));
                String line;
                while ((line = in.readLine()) != null)
                {
                    writer.write( line );
                }
                in.close();
        }
        catch( Exception e )
        {
                e.printStackTrace();
        }

to keycloak-demo-1.3.1.Final/examples/multi-tenant/src/main/java/org/keycloak/example/multitenant/boundary/ProtectedServlet.java

But I am getting an error:
12:28:28,317 WARN  [org.jboss.resteasy.core.ExceptionHandler] (default task-16) Failed executing GET /admin/realms/tenant1/roles: org.keycloak.services.ForbiddenException


In stepping through the AdminClient of the admin-access-app I have found an example bearer token was 1157 characters long.

principal.getKeycloakSecurityContext().getIdTokenString() turned out to be 645 characters long.

principal.getKeycloakSecurityContext().getTokenString() turned out to be 865 characters long.


What is it that I am missing ?

On Tue, Jul 7, 2015 at 10:08 AM, Bill Burke <bburke@redhat.com> wrote:
The access token should already be available.

On 7/7/2015 10:01 AM, Stephen More wrote:
> Or perhaps a better question would be: Once a user is already logged
> into keycloak, how can a
> org.keycloak.representations.AccessTokenResponse without providing a
> password a second time ?
>
> On Sun, Jul 5, 2015 at 12:00 PM, Stephen More <stephen.more@gmail.com
> <mailto:stephen.more@gmail.com>> wrote:
>
>     How could I extend the multi-tenant example (
>     https://github.com/keycloak/keycloak/tree/master/examples/
>     <https://github.com/keycloak/keycloak/tree/master/examples/multi-tenant>multi-tenant
>     ) to make a Rest admin api call back to keycloak using java ?
>
>     I think this would be a helpful example in upcoming releases.
>
>     Thanks
>
>
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
>

--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user