Spring 引导中的 Keycloak 管理客户端
[英]Keycloak Admin Client in Spring Boot
问题描述
I'm having some trouble to use keycloak-admin-client in spring boot.
我在 spring 引导中使用 keycloak-admin-client 时遇到了一些麻烦。
If I try with this code I get 401 (unauthorized):如果我尝试使用此代码,我会得到 401(未经授权):
public Keycloak getKeycloakInstance() {
var keycloak = KeycloakBuilder.builder()
.serverUrl(SERVER_URL)
.realm(REALM)
.username(USERNAME)
.password(PASSWORD)
.clientId(CLIENT_ID)
.build();
return keycloak;
}
Also, if I put .resteasyClient(....) and .clientSecret(...) in the code above i get badrequest.另外,如果我将.resteasyClient(....)和.clientSecret(...)放在上面的代码中,我会收到 badrequest。
In the client roles I created a new composite role and gave all realm-management roles to it, maybe I configured something wrong?在客户端角色中,我创建了一个新的复合角色并将所有领域管理角色赋予它,也许我配置了错误?
Where can I find some documentation on how to use this Admin Client Dependency?我在哪里可以找到有关如何使用此 Admin Client Dependency 的一些文档?
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
<version>10.0.0</version>
</dependency>
1 个解决方案
解决方案1
3 2020-05-07 20:03:29
Question answered in keycloak discourse by @zonaut. @zonaut 在keycloak 演讲中回答的问题。 Maybe it helps someone!也许它可以帮助某人!
"Personally I would choose example 2, creating a dedicated service account client as we are communicating service to service". “就我个人而言,我会选择示例 2,在我们将服务与服务进行通信时创建一个专用的服务帐户客户端”。
Example 1 -> Using a user示例 1 -> 使用用户
- Create new client under your desired realm -> keycloak-admin在您想要的 realm -> keycloak-admin 下创建新客户端
- Select public client with only direct access grant enabled Select 公共客户端,仅启用了直接访问授权
- Create new role, enable composite roles创建新角色,启用复合角色
- type realm-managment into client roles under composite roles在复合角色下的客户端角色中键入领域管理
- add available roles that you need添加您需要的可用角色
- type realm-managment into client roles under composite roles
- Select a user and open role mappings tab Select 用户并打开角色映射选项卡
- type keycloak-admin in client roles and add needed roles在客户端角色中键入 keycloak-admin 并添加所需的角色
- type keycloak-admin in client roles and add needed roles
Code:代码:
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.PASSWORD)
.realm("realm-name")
.clientId("keycloak-admin")
.username("username")
.password("password")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
Example 2 -> Using a confidential service account示例 2 -> 使用机密服务帐户
- Create new client under your desired realm -> keycloak-admin在您想要的 realm -> keycloak-admin 下创建新客户端
- Select confidential client with only service account enabled Select 仅启用服务帐户的机密客户端
- Select tab service account roles Select 选项卡服务帐户角色
- type realm-management into client roles在客户端角色中输入领域管理
- add available roles that you need添加您需要的可用角色
- type realm-management into client roles
Code:代码:
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
.realm("realm-name")
.clientId("keycloak-admin")
.clientSecret("1c7e2815-c4dc-401c-af2f-ebddad3b4a79")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
Example 3 -> Using admin account示例 3 -> 使用管理员帐户
You could also use the admin user with the password grant and use the existing admin-cli client.您还可以使用具有密码授权的 admin 用户并使用现有的 admin-cli 客户端。
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.PASSWORD)
.realm("master")
.clientId("admin-cli")
.username("admin")
.password("password")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.