[keycloak-user] How to access realms/{realm}/users/{user} with Application

Dean Peterson peterson.dean at gmail.com
Wed Mar 5 15:28:53 EST 2014 

Thank you.  I tried what you said.  I am able access that REST service on
the Keycloak server but it returns an AccountService object.  Actually, I
get a 406 error response on my end.  I think it is because I did not have
the keycloak-services dependency in my application's pom.  However, when I
add it and I try to start the server, I get the error: Could not find
constructor for class: org.keycloak.services.resources.RealmsResource.
 Should I make my own local version of AccountService and not add
keycloak-services to my application?  What is the best approach?  Any ideas
why I might be getting a 406 error?

SkeletonKeySession session = (SkeletonKeySession) request
                .getAttribute(SkeletonKeySession.class.getName());
        ResteasyClient client = new ResteasyClientBuilder()
                .trustStore(session.getMetadata().getTruststore())
                .hostnameVerification(

ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
                .build();

        String username = request.getRemoteUser();

        Profile profile = null;

        try {

            Response response = client
                    .target("
http://server:8080/auth/rest/realms/myrealm/account")
                    .request()
                    .header(HttpHeaders.AUTHORIZATION,
                            "Bearer " + session.getTokenString()).get();

.
.
.



On Wed, Mar 5, 2014 at 3:09 AM, Stian Thorgersen <stian at redhat.com> wrote:

> There's also a Keycloak specific mechanism for accessing the account of
> the user associated with the token.
>
> To do this open the scope mappings for your app/client, and select
> 'account' in the application roles, select 'view-profile' and click the
> right-arrow. This will allow your app/client to view the profile of the
> current user.
>
> Then you can make a request (with bearer token) to:
>
> /auth/rest/realms/myrealm/account
>
> In the future we'll add support to do all account specific things through
> these REST endpoints to support all operations provided by the account
> management application.
>
> ----- Original Message -----
> > From: "Dean Peterson" <peterson.dean at gmail.com>
> > To: keycloak-user at lists.jboss.org
> > Sent: Tuesday, 4 March, 2014 7:15:31 PM
> > Subject: [keycloak-user] How to access realms/{realm}/users/{user} with
>       Application
> >
> > Hello,
> >
> > I am trying to find the best way to access the UsersResource.java Rest
> > services outside the keycloak admin application to get a user's
> information.
> > How do I make a request using just the client's credentials?
> >
> > I currently use something like this but I get a 401 because I am using a
> > user's oauth token and they only have user privileges:
> > SkeletonKeySession session = (SkeletonKeySession) request
> > .getAttribute(SkeletonKeySession.class.getName());
> > ResteasyClient client = new ResteasyClientBuilder()
> > .trustStore(session.getMetadata().getTruststore())
> > .hostnameVerification(
> > ResteasyClientBuilder.HostnameVerificationPolicy.ANY)
> > .build();
> >
> > String username = request.getRemoteUser();
> >
> > Profile profile = null;
> >
> > try {
> >
> > Response response = client
> > .target(" http://server:8080/auth/rest/admin/realms/myrealm/users/ ")
> > .path(username)
> > .request()
> > .header(HttpHeaders.AUTHORIZATION,
> > "Bearer " + session.getTokenString()).get();
> >
> > // Get the existing entry if there is one. Otherwise, just return
> > // the regular
> > // entity retrieved from the remote system.
> > try {
> > profile = profileRepository
> > .findByRegistrationId(member.getId());
> >
> > } catch (NoResultException e) {
> > // ignore
> > }
> >
> > } finally {
> > client.close();
> > }
> >
> > Is there a way for the application to make a request directly as an admin
> > without giving the user admin privileges?
> >
> > _______________________________________________
> > keycloak-user mailing list
> > keycloak-user at lists.jboss.org
> > https://lists.jboss.org/mailman/listinfo/keycloak-user
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20140305/c27824e7/attachment-0001.html

More information about the keycloak-user mailing list