[英]Keycloak Admin Client in Spring Boot
I'm having some trouble to use keycloak-admin-client in spring boot.我在 spring 引导中使用 keycloak-admin-client 时遇到了一些麻烦。
If I try with this code I get 401 (unauthorized):如果我尝试使用此代码,我会得到 401(未经授权):
public Keycloak getKeycloakInstance() {
var keycloak = KeycloakBuilder.builder()
.serverUrl(SERVER_URL)
.realm(REALM)
.username(USERNAME)
.password(PASSWORD)
.clientId(CLIENT_ID)
.build();
return keycloak;
}
Also, if I put .resteasyClient(....)
and .clientSecret(...)
in the code above i get badrequest.另外,如果我将
.resteasyClient(....)
和.clientSecret(...)
放在上面的代码中,我会收到 badrequest。
In the client roles I created a new composite role and gave all realm-management roles to it, maybe I configured something wrong?在客户端角色中,我创建了一个新的复合角色并将所有领域管理角色赋予它,也许我配置了错误?
Where can I find some documentation on how to use this Admin Client Dependency?我在哪里可以找到有关如何使用此 Admin Client Dependency 的一些文档?
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
<version>10.0.0</version>
</dependency>
Question answered in keycloak discourse by @zonaut. @zonaut 在keycloak 演讲中回答的问题。 Maybe it helps someone!
也许它可以帮助某人!
"Personally I would choose example 2, creating a dedicated service account client as we are communicating service to service". “就我个人而言,我会选择示例 2,在我们将服务与服务进行通信时创建一个专用的服务帐户客户端”。
Example 1 -> Using a user示例 1 -> 使用用户
Code:代码:
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.PASSWORD)
.realm("realm-name")
.clientId("keycloak-admin")
.username("username")
.password("password")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
Example 2 -> Using a confidential service account示例 2 -> 使用机密服务帐户
Code:代码:
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
.realm("realm-name")
.clientId("keycloak-admin")
.clientSecret("1c7e2815-c4dc-401c-af2f-ebddad3b4a79")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
Example 3 -> Using admin account示例 3 -> 使用管理员帐户
You could also use the admin user with the password grant and use the existing admin-cli client.您还可以使用具有密码授权的 admin 用户并使用现有的 admin-cli 客户端。
Keycloak keycloak = KeycloakBuilder.builder()
.serverUrl("http://localhost:8080/auth")
.grantType(OAuth2Constants.PASSWORD)
.realm("master")
.clientId("admin-cli")
.username("admin")
.password("password")
.resteasyClient(
new ResteasyClientBuilder()
.connectionPoolSize(10).build()
).build();
keycloak.tokenManager().getAccessToken();
RealmResource realmResource = keycloak.realm("realm-name");
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.