[keycloak-dev] Queries on Keycloak

Marek Posolda mposolda at redhat.com
Wed Aug 5 04:14:18 EDT 2015


Yes, you're supposed to add the "Authorization: Bearer 
access-token-here" header in each REST or WebService request from your 
frontend application. The adapter on webservice side will always 
validate the accessToken in each request and it allows it to pass just 
if it's valid.

Marek

On 5.8.2015 08:35, Satyajit Das wrote:
> Hi Bill,
>
> Thanks a lot  for the quick response. Just one more query on the 
> webservice side.
>
> As per the instruction , I made the webservice access type as bearer.
>
> Lets say. I have a service called http://localhost:8082/candidates/.
>
> This in turn has many webservice operation such as
> post: http://localhost:8082/candidates/{candidate} 
> <http://localhost:8082/candidates/%7Bcandidate%7D>
> put: http://localhost:8082/candidates/candidate/{id} 
> <http://localhost:8082/candidates/candidate/%7Bid%7D>
> get:http://localhost:8082/candidates/candidate/{id} 
> <http://localhost:8082/candidates/candidate/%7Bid%7D>.
>
> after a successful token verification:
>  HttpGet get = new 
> HttpGet(AdapterUtils.getOriginForRestCalls(req.getRequestURL().toString(), 
> session) + "/candidate/{some id}");
>             get.addHeader("Authorization", "Bearer " + 
> session.getTokenString());
>             try {
>                 HttpResponse response = client.execute(get);
>                 if (response.getStatusLine().getStatusCode() != 200) {
>                     throw new 
> Failure(response.getStatusLine().getStatusCode());
>                 }
>                 HttpEntity entity = response.getEntity();
>                 InputStream is = entity.getContent();
>                 try {
>                   //  return JsonSerialization.readValue(is, 
> String.class);
> return "hello";
>                 } finally {
>                     is.close();
>                 }
>
> do i need to further authenticate each call via the same method for 
> other restful call.
>
> Do we have any option where in we can say authenticate once and go 
> ahead with multiple webservice call without further token verification.
>
> Regards,
> Satya.
>
> On Tue, Aug 4, 2015 at 7:25 PM, Bill Burke <bburke at redhat.com 
> <mailto:bburke at redhat.com>> wrote:
>
>
>
>     On 8/4/2015 9:48 AM, Satyajit Das wrote:
>     > Hi Team,
>     >
>     > Kindly respond to the below queries.
>     >
>     > 1)What is the limit to the number of realms, roles per realm,
>     and users
>     > per realm or users per role in key cloak.
>     >
>
>     We haven't really tested the limits.  Should be pretty large.  I know
>     one keycloak user has a database of around 1 million users.
>
>     > 2)what is the expire time of a token id generated in key
>     > cloak.(session.getTokenString()).
>     >
>
>     Its configurable in admin console
>
>     > 3) is there any authentication done after successfull login ,if
>     I visit
>     > subsequent pages.
>     >
>
>     Do you mean is there any authentication with the Keycloak server?
>     Once a user is logged in, they do not see any more authentication
>     screens.  Once you visit one application, you are authenticated
>     for that
>     application.  If you visit another application, you are redirected to
>     keycloak auth server, auth server will validate the SSO cookie, then
>     generate a token for the aplication and send you back there.
>
>
>
>
>     --
>     Bill Burke
>     JBoss, a division of Red Hat
>     http://bill.burkecentral.com
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>
>
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150805/6312d7a9/attachment-0001.html 


More information about the keycloak-dev mailing list