Keycloak REST API 403禁止使用

时间:2017-06-28 05:21:07

标签: keycloak keycloak-services

我正在尝试使用keycloak REST API删除用户会话, 但获得403禁止的Http状态代码。 我将令牌和cookie传递到标题中,如果我遗漏了某些内容,请告诉我。

static void logOut(String userId,KeycloakSecurityContext session){

    userId = "a12c13b7-fa2e-412f-ac8e-376fdca16a83";

    String url = "http://localhost:8081/auth/admin/realms/TestRealm/users/a12c13b7-fa2e-412f-ac8e-376fdca16a83/logout";
    HttpClient httpclient = HttpClients.createDefault();
    HttpPost httppost = new HttpPost(url);

    HttpResponse response;
    try {

        httppost.addHeader("Accept", "application/json");
        httppost.addHeader("Content-Type","application/json");
        httppost.addHeader("Cookie", "JSESSIONID=CABD8A135C74864F0961FA629D6D489B");
        httppost.addHeader("Authorization", "Bearer "+session.getTokenString());


        response = httpclient.execute(httppost);
        HttpEntity entity = response.getEntity();

        System.out.println("entity :"+response.getStatusLine());

        if (entity != null) {
            String responseString = EntityUtils.toString(entity, "UTF-8");
            System.out.println("body ....."+responseString);
        }
    } catch (ClientProtocolException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }

}

1 个答案:

答案 0 :(得分:4)

用于根据功能访问的用户需要根据您的领域的权限。

例如,我的'admin'用户需要CLIENT ROLE“view-users”CLIENT“realm-management”才能获取有关用户的信息。在您的情况下,当您需要删除用户时,您可能需要一个“管理用户”角色,或者可能是更强大的角色。