通过Authzclient

时间:2017-07-28 10:51:21

标签: java permissions keycloak

我试图通过keycloak authzclient检查来自keycloak服务器的用户权限。但是经常失败,到现在为止我不确定我是否对这个过程有一些误解。

AuthzClient authzClient = AuthzClient.create();
String eat = authzClient.obtainAccessToken("tim", "test123").getToken();

AuthorizationResource resource = authzClient.authorization(eat);

PermissionRequest request = new PermissionRequest();
request.setResourceSetName("testresource");

String ticket = authzClient.protection().permission().forResource(request).getTicket();
AuthorizationResponse authResponse = resource.authorize(new AuthorizationRequest(ticket));

System.out.println(authResponse.getRpt());

最后一次调用authResponse.getRpt()失败,403禁止。 但是管理控制台中的以下设置是否为Permit?

keycloak evaluation setting

客户端配置为:

{
  "realm": "testrealm",
  "auth-server-url": "http://localhost:8080/auth",
  "ssl-required": "external",
  "resource": "tv",
  "credentials": {
    "secret": "d0c436f7-ed19-483f-ac84-e3b73b6354f0"
  },
  "use-resource-role-mappings": true
}

以下代码:

AuthzClient authzClient = AuthzClient.create();
String eat = authzClient.obtainAccessToken("tim", "test123").getToken();

EntitlementResponse response = authzClient.entitlement(eat).getAll("tv");
String rpt = response.getRpt();

TokenIntrospectionResponse requestingPartyToken = authzClient.protection().introspectRequestingPartyToken(rpt);
    if (requestingPartyToken.getActive()) {
        for (Permission granted : requestingPartyToken.getPermissions()) {

            System.out.println(granted.getResourceSetId()+" "+granted.getResourceSetName()+" "+granted.getScopes());
        }
    }

给我一​​个"默认资源" 

7d0f10d6-6f65-4866-816b-3dc5772fc465 Default Resource []

但即使我将此默认资源放在第一个代码段

...
PermissionRequest request = new PermissionRequest();
request.setResourceSetName("Default Resource");
...
这是我的403。我哪里错了?

亲切的问候

Keycloak Server是3.2.1.Final。 keycloak-authz-client是3.2.0.Final。

1 个答案:

答案 0 :(得分:1)

发布后几分钟发现问题。抱歉。我必须执行EntitlementRequest。 

AuthzClient authzClient = AuthzClient.create();
String eat = authzClient.obtainAccessToken("tim", "test123").getToken();

PermissionRequest request = new PermissionRequest();
request.setResourceSetName("testresource");

EntitlementRequest entitlementRequest = new EntitlementRequest();
entitlementRequest.addPermission(request);

EntitlementResponse entitlementResponse = authzClient.entitlement(eat).get("tv", entitlementRequest);
String rpt = entitlementResponse.getRpt();

TokenIntrospectionResponse requestingPartyToken = authzClient.protection().introspectRequestingPartyToken(rpt);
if (requestingPartyToken.getActive()) {
    for (Permission granted : requestingPartyToken.getPermissions()) {
        System.out.println(granted.getResourceSetId()+" "+granted.getResourceSetName()+" "+granted.getScopes());
    }
}

OUPUTS:     27b3d014-b75a-4f52-a97f-dd01b923d2ef testresource []

亲切的问候

相关问题
最新问题