Thank you.  I tried what you said.  I am able access that REST service on the Keycloak server but it returns an AccountService object.  Actually, I get a 406 error response on my end.  I think it is because I did not have the keycloak-services dependency in my application's pom.  However, when I add it and I try to start the server, I get the error: Could not find constructor for class: org.keycloak.services.resources.RealmsResource.  Should I make my own local version of AccountService and not add keycloak-services to my application?  What is the best approach?  Any ideas why I might be getting a 406 error?  

SkeletonKeySession session = (SkeletonKeySession) request
                .getAttribute(SkeletonKeySession.class.getName());
        ResteasyClient client = new ResteasyClientBuilder()
                .trustStore(session.getMetadata().getTruststore())
                .hostnameVerification(
                        ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
                .build();

        String username = request.getRemoteUser();

        Profile profile = null;

        try {
        
            Response response = client
                    .target("http://server:8080/auth/rest/realms/myrealm/account")
                    .request()
                    .header(HttpHeaders.AUTHORIZATION,
                            "Bearer " + session.getTokenString()).get();

.
.
.
  


On Wed, Mar 5, 2014 at 3:09 AM, Stian Thorgersen <stian@redhat.com> wrote:
There's also a Keycloak specific mechanism for accessing the account of the user associated with the token.

To do this open the scope mappings for your app/client, and select 'account' in the application roles, select 'view-profile' and click the right-arrow. This will allow your app/client to view the profile of the current user.

Then you can make a request (with bearer token) to:

/auth/rest/realms/myrealm/account

In the future we'll add support to do all account specific things through these REST endpoints to support all operations provided by the account management application.

----- Original Message -----
> From: "Dean Peterson" <peterson.dean@gmail.com>
> To: keycloak-user@lists.jboss.org
> Sent: Tuesday, 4 March, 2014 7:15:31 PM
> Subject: [keycloak-user] How to access realms/{realm}/users/{user} with       Application
>
> Hello,
>
> I am trying to find the best way to access the UsersResource.java Rest
> services outside the keycloak admin application to get a user's information.
> How do I make a request using just the client's credentials?
>
> I currently use something like this but I get a 401 because I am using a
> user's oauth token and they only have user privileges:
> SkeletonKeySession session = (SkeletonKeySession) request
> .getAttribute(SkeletonKeySession.class.getName());
> ResteasyClient client = new ResteasyClientBuilder()
> .trustStore(session.getMetadata().getTruststore())
> .hostnameVerification(
> ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
> .build();
>
> String username = request.getRemoteUser();
>
> Profile profile = null;
>
> try {
>
> Response response = client
> .target(" http://server:8080/auth/rest/admin/realms/myrealm/users/ ")
> .path(username)
> .request()
> .header(HttpHeaders.AUTHORIZATION,
> "Bearer " + session.getTokenString()).get();
>
> // Get the existing entry if there is one. Otherwise, just return
> // the regular
> // entity retrieved from the remote system.
> try {
> profile = profileRepository
> .findByRegistrationId(member.getId());
>
> } catch (NoResultException e) {
> // ignore
> }
>
> } finally {
> client.close();
> }
>
> Is there a way for the application to make a request directly as an admin
> without giving the user admin privileges?
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user@lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user