Hi there, Can someone give me some hint about how to correctly setup a client that can accept REST request from a httpclient in keycloak? For example, I use the admin-access example from keycloak source project and modify it to do a DELETE action through REST API, however I keep getting the request Forbidden 403 from keycloak server. I don’t change any setting of the admin-client imported from the json file and my code snippet of deleting user as below: public static void deleteUser(HttpServletRequest request, AccessTokenResponse res) throws Failure { HttpClient client = new DefaultHttpClient(); String userId = "e20277f8-2ebe-4e5e-aa00-0cee9c578249"; try { HttpDelete delete = new HttpDelete(getBaseUrl(request) + "/admin/realms/demo/users/" + userId); delete.addHeader("Authorization", "Bearer " + res.getToken()); HttpResponse response = client.execute(delete); System.out.println(response.getStatusLine().getReasonPhrase()); if (response.getStatusLine().getStatusCode() != 200) { throw new Failure(response.getStatusLine().getStatusCode()); } HttpEntity entity = response.getEntity(); InputStream is = entity.getContent(); if (is != null) is.close(); } catch (IOException e) { throw new RuntimeException(e); } finally { client.getConnectionManager().shutdown(); } } _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Hi Thomas, Thank’s for the recommendation. However, I bumped into some clossloader issue when I tried it on my EAP 6.4+ Keycloak 1.1.7.Final environment. I keep get the class not found error against RestEasy Client, "java.lang.NoClassDefFoundError: org/jboss/resteasy/client/jaxrs/ResteasyClientBuilder”. Although I’d setup my jboss-deployment-structure.xml in my project under /WEB-INF/. The setting is like below: <jboss-deployment-structure> <deployment> <dependencies> <module name="org.jboss.resteasy.resteasy-jaxrs" services="import"/> </dependencies> </deployment> </jboss-deployment-structure> Thank you and best regards, — Jason Peng Solution Architect, Taiwan Ret Hat Limited TEL: +886-2-7743-2972 FAX: +886-2-7743-2974 Mobile: +886-988-836-827 EMAIL: hpeng(a)redhat.com From: Thomas Darimont <thomas.darimont(a)googlemail.com&gt; Date: Wednesday, January 13, 2016 at 3:26 AM To: JasonMacAir <hpeng(a)redhat.com&gt; Cc: keycloak-user <keycloak-user(a)lists.jboss.org&gt; Subject: Re: [keycloak-user] How to correctly use REST API? delete user through REST API for example Hi Jason, do you really need to use the raw REST API or would it be an option to use the keycloak-admin-client API? here is an example for creating and deleting a user via the admin-client API: package de.tdlabs.training.keycloak; import static java.util.Arrays.asList; import javax.ws.rs.core.Response; import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.KeycloakBuilder; import org.keycloak.representations.idm.CredentialRepresentation; import org.keycloak.representations.idm.UserRepresentation; public class KeycloakAdminClientExample { public static void main(String[] args) throws Exception { Keycloak kc = KeycloakBuilder.builder() // .serverUrl("http://localhost:8081/auth") // .realm("rest-example")// .username("rest-user-admin") // .password("password") // .clientId("admin-cli") // .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()) // .build(); CredentialRepresentation credential = new CredentialRepresentation(); credential.setType(CredentialRepresentation.PASSWORD); credential.setValue("test123"); credential.setTemporary(false); UserRepresentation user = new UserRepresentation(); user.setUsername("testuser"); user.setFirstName("Test"); user.setLastName("User"); user.setCredentials(asList(credential)); user.setEnabled(true); user.setRealmRoles(asList("admin")); // Create testuser Response result = kc.realm("rest-example").users().create(user); if (result.getStatus() != 201) { System.err.println("Couldn't create user."); System.exit(0); } System.out.println("Testuser created.... verify in keycloak!"); System.out.println("Press any key..."); System.in.read(); // Delete testuser String locationHeader = result.getHeaderString("Location"); String userId = locationHeader.replaceAll(".*/(.*)$", "$1"); kc.realm("rest-example").users().get(userId).remove(); } } https://gist.github.com/thomasdarimont/43689aefb37540624e35 Cheers, Thomas 2016-01-12 19:05 GMT+01:00 JasonPeng <hpeng(a)redhat.com&gt;: > Hi there, > > Can someone give me some hint about how to correctly setup a client that > can accept REST request from a httpclient in keycloak? > For example, I use the admin-access example from keycloak source project > and modify it to do a DELETE action through REST API, however I keep > getting the request Forbidden 403 from keycloak server. I don’t change any > setting of the admin-client imported from the json file and my code snippet > of deleting user as below: > > public static void deleteUser(HttpServletRequest request, > AccessTokenResponse res) throws Failure { > HttpClient client = new DefaultHttpClient(); > String userId = "e20277f8-2ebe-4e5e-aa00-0cee9c578249"; > try { > HttpDelete delete = new HttpDelete(getBaseUrl(request) + > "/admin/realms/demo/users/" + userId); > delete.addHeader("Authorization", "Bearer " + res.getToken()); > HttpResponse response = client.execute(delete); > System.out.println(response.getStatusLine().getReasonPhrase()); > if (response.getStatusLine().getStatusCode() != 200) { > throw new Failure(response.getStatusLine().getStatusCode()); > } > HttpEntity entity = response.getEntity(); > InputStream is = entity.getContent(); > if (is != null) > is.close(); > } catch (IOException e) { > throw new RuntimeException(e); > } finally { > client.getConnectionManager().shutdown(); > } > } > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user > _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-user

Hi Stian, Do you have an example of pom.xml if I want to fully control the Keycloak user management(ex: create user, change roles)? I’ve tried the approach you suggest, however it comes out with problem that I don’t know if it’s missing some dependency in my client project or I fail on configuring the jboss-deployment-structure.xml Thanks, Jason From: Stian Thorgersen <sthorger(a)redhat.com&gt; Reply-To: <stian(a)redhat.com&gt; Date: Thursday, January 14, 2016 at 5:00 PM To: JasonMacAir <hpeng(a)redhat.com&gt; Cc: Thomas Darimont <thomas.darimont(a)googlemail.com&gt;, keycloak-user < keycloak-user(a)lists.jboss.org&gt; Subject: Re: [keycloak-user] How to correctly use REST API? delete user through REST API for example EAP 6.4 has an old version of RestEasy without the RestEasy client. Easiest option is probably to just include newer RestEasy jars in your WAR. On 14 January 2016 at 09:55, JasonPeng <hpeng(a)redhat.com&gt; wrote: > Hi Thomas, > > Thank’s for the recommendation. However, I bumped into some clossloader > issue when I tried it on my EAP 6.4+ Keycloak 1.1.7.Final environment. > > I keep get the class not found error against RestEasy Client, > "java.lang.NoClassDefFoundError: > org/jboss/resteasy/client/jaxrs/ResteasyClientBuilder”. Although I’d setup > my jboss-deployment-structure.xml in my project under /WEB-INF/. The > setting is like below: > > <jboss-deployment-structure> > <deployment> > <dependencies> > <module name="org.jboss.resteasy.resteasy-jaxrs" > services="import"/> > </dependencies> > </deployment> > </jboss-deployment-structure> > > > Thank you and best regards, > — > Jason Peng > Solution Architect, Taiwan > Ret Hat Limited > TEL: +886-2-7743-2972 > FAX: +886-2-7743-2974 > Mobile: +886-988-836-827 > EMAIL: hpeng(a)redhat.com > > > > > From: Thomas Darimont <thomas.darimont(a)googlemail.com&gt; > Date: Wednesday, January 13, 2016 at 3:26 AM > To: JasonMacAir <hpeng(a)redhat.com&gt; > Cc: keycloak-user <keycloak-user(a)lists.jboss.org&gt; > Subject: Re: [keycloak-user] How to correctly use REST API? delete user > through REST API for example > > Hi Jason, > > do you really need to use the raw REST API or would it be an option to > use the keycloak-admin-client API? > > here is an example for creating and deleting a user via the admin-client > API: > > package de.tdlabs.training.keycloak; > > import static java.util.Arrays.asList; > > import javax.ws.rs.core.Response; > > import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder; > import org.keycloak.admin.client.Keycloak; > import org.keycloak.admin.client.KeycloakBuilder; > import org.keycloak.representations.idm.CredentialRepresentation; > import org.keycloak.representations.idm.UserRepresentation; > > public class KeycloakAdminClientExample { > > public static void main(String[] args) throws Exception { > > Keycloak kc = KeycloakBuilder.builder() // > .serverUrl("http://localhost:8081/auth") // > .realm("rest-example")// > .username("rest-user-admin") // > .password("password") // > .clientId("admin-cli") // > .resteasyClient(new > ResteasyClientBuilder().connectionPoolSize(10).build()) // > .build(); > > CredentialRepresentation credential = new CredentialRepresentation(); > credential.setType(CredentialRepresentation.PASSWORD); > credential.setValue("test123"); > credential.setTemporary(false); > > UserRepresentation user = new UserRepresentation(); > user.setUsername("testuser"); > user.setFirstName("Test"); > user.setLastName("User"); > user.setCredentials(asList(credential)); > user.setEnabled(true); > user.setRealmRoles(asList("admin")); > > // Create testuser > Response result = kc.realm("rest-example").users().create(user); > if (result.getStatus() != 201) { > System.err.println("Couldn't create user."); > System.exit(0); > } > System.out.println("Testuser created.... verify in keycloak!"); > > System.out.println("Press any key..."); > System.in.read(); > > // Delete testuser > String locationHeader = result.getHeaderString("Location"); > String userId = locationHeader.replaceAll(".*/(.*)$", "$1"); > kc.realm("rest-example").users().get(userId).remove(); > } > } > > > https://gist.github.com/thomasdarimont/43689aefb37540624e35 > > Cheers, > Thomas > > 2016-01-12 19:05 GMT+01:00 JasonPeng <hpeng(a)redhat.com&gt;: > >> Hi there, >> >> Can someone give me some hint about how to correctly setup a client that >> can accept REST request from a httpclient in keycloak? >> For example, I use the admin-access example from keycloak source project >> and modify it to do a DELETE action through REST API, however I keep >> getting the request Forbidden 403 from keycloak server. I don’t change any >> setting of the admin-client imported from the json file and my code snippet >> of deleting user as below: >> >> public static void deleteUser(HttpServletRequest request, >> AccessTokenResponse res) throws Failure { >> HttpClient client = new DefaultHttpClient(); >> String userId = "e20277f8-2ebe-4e5e-aa00-0cee9c578249"; >> try { >> HttpDelete delete = new HttpDelete(getBaseUrl(request) + >> "/admin/realms/demo/users/" + userId); >> delete.addHeader("Authorization", "Bearer " + res.getToken()); >> HttpResponse response = client.execute(delete); >> System.out.println(response.getStatusLine().getReasonPhrase()); >> if (response.getStatusLine().getStatusCode() != 200) { >> throw new Failure(response.getStatusLine().getStatusCode()); >> } >> HttpEntity entity = response.getEntity(); >> InputStream is = entity.getContent(); >> if (is != null) >> is.close(); >> } catch (IOException e) { >> throw new RuntimeException(e); >> } finally { >> client.getConnectionManager().shutdown(); >> } >> } >> >> _______________________________________________ >> keycloak-user mailing list >> keycloak-user(a)lists.jboss.org >> https://lists.jboss.org/mailman/listinfo/keycloak-user >> > > > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >