我正在尝试使用java-admin-client创建一个新用户。我使用keycloak UI在自己的领域中创建了一个新客户端。
客户:
访问类型:机密
角色:视图用户,视图领域,视图客户端,管理用户(这些角色只是按名称添加在keycloak UI中)
代码:
Private Sub Workbook_Open()
Application.OnKey "~", "recordEnterKeypress"
End Sub
Public enterWasPressed As Boolean
Sub recordEnterKeypress()
enterWasPressed = True
End Sub
Private Sub Worksheet_Change(ByVal Target As Range)
If enterWasPressed = True And Not Intersect(Target, Range("C2")) Is Nothing Then
Call FILTER_SHEET
End If
enterWasPressed = False
End Sub
最后一行给了我403 Forbidden。
答案 0 :(得分:1)
我认为403,因为您没有角色“ manager-users”。通过领域内的“领域管理”客户端将其添加到您的用户中。
我们创建了一个服务帐户用户,仅用于通过uuid查询用户。这三个文件可以做到这一点,还有application.properties中的属性。更新代码并尝试您想要的
@EnableOAuth2Client
@Configuration
public class KeycloakConfiguration {
// token-service-uri=https://keycloak.internal/auth/realms/some-realm/protocol/openid-connect/token
// admin-query.client-id=client
// admin-query.username=service-account
// admin-query.password=password
// admin-query.admin-base-url=https://keycloak.internal/auth/admin/realms/realm
@Value("${token-service-uri}")
private String tokenServiceUri;
@Value("${admin-query.client-id}")
private String clientId;
@Value("${keycloak.credentials.secret}")
private String clientSecret;
@Value("${admin-query.username}")
private String username;
@Value("${admin-query.password}")
private String password;
private final String grantType = "password";
@Bean
public OAuth2ProtectedResourceDetails cryptoKeycloakResourceDetails() {
ResourceOwnerPasswordResourceDetails details = new ResourceOwnerPasswordResourceDetails();
details.setAccessTokenUri(tokenServiceUri);
details.setClientId(clientId);
details.setClientSecret(clientSecret);
details.setGrantType(grantType);
details.setUsername(username);
details.setPassword(password);
return details;
}
@Bean
public OAuth2RestTemplate cryptoKeycloakRestTemplate(OAuth2ClientContext clientContext) throws Exception {
// build template with custom SSL TrustStrategy
TrustStrategy acceptingTrustStrategy = (X509Certificate[] chain, String authType) -> true;
SSLContext sslContext = org.apache.http.ssl.SSLContexts.custom()
.loadTrustMaterial(null, acceptingTrustStrategy)
.build();
SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
CloseableHttpClient httpClient = HttpClients.custom()
.setSSLSocketFactory(csf)
.build();
HttpComponentsClientHttpRequestFactory requestFactory = new HttpComponentsClientHttpRequestFactory();
requestFactory.setHttpClient(httpClient);
AuthorizationCodeAccessTokenProvider authCodeAccessTokenProvider = new AuthorizationCodeAccessTokenProvider();
authCodeAccessTokenProvider.setRequestFactory(requestFactory);
ImplicitAccessTokenProvider implicitAccessTokenProvider = new ImplicitAccessTokenProvider();
implicitAccessTokenProvider.setRequestFactory(requestFactory);
ResourceOwnerPasswordAccessTokenProvider resourceOwnerTokenProvider = new ResourceOwnerPasswordAccessTokenProvider();
resourceOwnerTokenProvider.setRequestFactory(requestFactory);
ClientCredentialsAccessTokenProvider clientCredentialsTokenProvider = new ClientCredentialsAccessTokenProvider();
AccessTokenProvider accessTokenProvider = new AccessTokenProviderChain(
Arrays.<AccessTokenProvider> asList(authCodeAccessTokenProvider, implicitAccessTokenProvider,
resourceOwnerTokenProvider, clientCredentialsTokenProvider));
AccessTokenRequest request = new DefaultAccessTokenRequest();
OAuth2RestTemplate template = new OAuth2RestTemplate(cryptoKeycloakResourceDetails(), new DefaultOAuth2ClientContext(request));
template.setAccessTokenProvider(accessTokenProvider);
template.setRequestFactory(requestFactory);
return template;
}
}
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.stereotype.Service;
import org.springframework.web.client.HttpClientErrorException;
import java.util.HashMap;
import java.util.Map;
@Service
@Slf4j
public class KeycloakAdminQueryService {
@Autowired
private OAuth2RestOperations cryptoKeycloakRestTemplate;
@Value("${admin-query.admin-base-url}")
private String keycloakAdminQueryBaseUrl;
public KeycloakUserProfile getUserProfile(final String userId)
throws UserProfileNotFoundException {
Map<String,Object> uriVars = new HashMap<String,Object>();
uriVars.put("userId", userId);
try {
ResponseEntity<KeycloakUserProfile> response = cryptoKeycloakRestTemplate.getForEntity(
keycloakAdminQueryBaseUrl + "/users/{userId}", KeycloakUserProfile.class, uriVars);
return response.getBody();
} catch (HttpClientErrorException e) {
if (e.getStatusCode() == HttpStatus.NOT_FOUND) {
throw new UserProfileNotFoundException("Keycloak could not find user: " + userId, e);
} else {
throw e;
}
}
}
}
@Data
public class KeycloakUserProfile {
private String id;
private String createdTimestamp;
private String username;
private boolean enabled;
private boolean totp;
private boolean emailVerified;
private String firstName;
private String lastName;
private String email;
private List<String> disableableCredentialTypes;
private List<String> requiredActions;
private int notBefore;
private Access access;
@Data
public static class Access {
private boolean manageGroupMembership;
private boolean view;
private boolean mapRoles;
private boolean impersonate;
private boolean manage;
}
}