[keycloak-user] Help Linsting Users
paolo lizarazu
polochepu at gmail.com
Wed Oct 31 12:40:59 EDT 2018
Hi All,
I am having some issues trying to list Keycloak user from and Spring Boot
application(SBA).
I want to have the SpringBootApp can be secured by keycloak and if the user
has the proper privileges can make the required actions, for my specific
case list the users
For my Realm(Test) I have created a client System-Management which is
configure like
Settings
* cliente protocol :openid-connect
* access Type :confidential
* standard flow enabled :true
* implicit flow enabled :false
* direct access grants enabled :false
* service account enalbed :true
* authorization enabled :true
* valid redirect uris : *
* web origins :*
Scope
* full Sxope Allowed :true
the spring boot application has configured the keycloak properties and it
is redirecting and to login and after success again redirected to the
application, with a second link in the application I want to list the
keycloak users but the request fail with 403 response
#Keycloak Configuration
keycloak.auth-server-url=http://localhost:9080/auth
keycloak.realm=test
keycloak.resource=system-management
keycloak.use-resource-role-mappings=false
keycloak.public-client=false
keycloak.credentials.secret=964ccde0-888e-4103-86a6-1f90961d6852
keycloak.principal-attribute=preferred_username
here my security config
class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {
@Autowired
public KeycloakClientRequestFactory keycloakClientRequestFactory;
// Submits the KeycloakAuthenticationProvider to the AuthenticationManager
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth)
throws Exception {
KeycloakAuthenticationProvider keycloakAuthenticationProvider
= keycloakAuthenticationProvider();
keycloakAuthenticationProvider.setGrantedAuthoritiesMapper(new
SimpleAuthorityMapper());
auth.authenticationProvider(keycloakAuthenticationProvider);
}
@Bean
public KeycloakSpringBootConfigResolver KeycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
// Specifies the session authentication strategy
@Bean
@Override
protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
return new RegisterSessionAuthenticationStrategy(new
SessionRegistryImpl());
}
@Bean
@Scope(ConfigurableBeanFactory.SCOPE_PROTOTYPE)
public KeycloakRestTemplate keycloakRestTemplate() {
KeycloakRestTemplate restTemplate = new
KeycloakRestTemplate(keycloakClientRequestFactory);
// we should add here the interceptor on debug mode
return restTemplate;
}
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
http.authorizeRequests()
.antMatchers("/customers*","/users*")
.authenticated();
}
@Bean
public FilterRegistrationBean
keycloakAuthenticationProcessingFilterRegistrationBean(
KeycloakAuthenticationProcessingFilter filter) {
FilterRegistrationBean registrationBean = new
FilterRegistrationBean(filter);
registrationBean.setEnabled(false);
return registrationBean;
}
and finally my service to get users
@Service
public class KeycloakService {
@Value("${keycloak.auth-server-url}")
private String SERVER_URL;
@Value("${keycloak.realm}")
private String REALM;
@Value("${keycloak.resource}")
private String CLIENT_ID;
@Value("${keycloak.credentials.secret}")
private String CLIENT_SECRET;
@Autowired
AccessToken accessToken;
private Keycloak getInstance() {
return KeycloakBuilder
.builder()
.serverUrl(SERVER_URL)
.authorization(accessToken.getAccessTokenHash())
.grantType(CLIENT_CREDENTIALS)
.clientId(CLIENT_ID)
.clientSecret(CLIENT_SECRET)
.realm(REALM)
.build();
}
public List<UserRepresentation> getUsers(){
return getInstance().realm(REALM).users().list();
}
any help will be grateful.
Note. the idea is to have an user administration out of keycloak.
More information about the keycloak-user
mailing list