Главная » Языки программирования

Keycloak admin client java

На чтение 6 мин
Содержание
  1. Keycloak admin client java
  2. Method Summary
  3. Methods inherited from class java.lang.Object
  4. Method Detail
  5. setClientProvider
  6. getClientProvider
  7. getInstance
  8. getInstance
  9. getInstance
  10. getInstance
  11. getInstance
  12. getInstance
  13. getInstance
  14. getInstance
  15. getInstance
  16. realms
  17. realm
  18. serverInfo
  19. Using Keycloak Admin Client
  20. Prerequisites
  21. Creating the Project
  22. Quarkus Keycloak Admin Client Configuration Reference

Keycloak admin client java

Provides a Keycloak client. By default, this implementation uses a the default RestEasy client builder settings. To customize the underling client, use a KeycloakBuilder to create a Keycloak client. To read Responses, you can use CreatedResponseUtil for objects created

Method Summary

Methods inherited from class java.lang.Object

Method Detail

setClientProvider

getClientProvider

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, SSLContext sslContext, Object customJacksonProvider, boolean disableTrustManager, String authToken, String scope)

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, SSLContext sslContext, Object customJacksonProvider, boolean disableTrustManager, String authToken)

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String username, String password, String clientId, String clientSecret)

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, SSLContext sslContext)

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String username, String password, String clientId, String clientSecret, SSLContext sslContext, Object customJacksonProvider)

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String username, String password, String clientId)

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String username, String password, String clientId, SSLContext sslContext)

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String clientId, String authToken)

getInstance

public static Keycloak getInstance​(String serverUrl, String realm, String clientId, String authToken, SSLContext sllSslContext)

realms

realm

serverInfo

Источник

Читайте также:  Мультиклассы

Using Keycloak Admin Client

The Quarkus Keycloak Admin Client and its reactive twin support Keycloak Admin Client which can be used to configure a running Keycloak server.

This guide demonstrates how you can leverage the Quarkus ArC and inject the admin client to your Quarkus application, as well as how to create it directly in the application code.

To learn more about the Keycloak Admin Client, please refer to its reference guide.

Prerequisites

To complete this guide, you need:

  • Roughly 15 minutes
  • An IDE
  • JDK 11+ installed with JAVA_HOME configured appropriately
  • Apache Maven 3.9.3
  • A working container runtime (Docker or Podman)
  • Optionally the Quarkus CLI if you want to use it
  • Optionally Mandrel or GraalVM installed and configured appropriately if you want to build a native executable (or Docker if you use a native container build)
  • Keycloak

Creating the Project

First, we need a new project. Create a new project with the following command:

quarkus create app org.acme:security-keycloak-admin-client \ --extension='keycloak-admin-client-reactive,resteasy-reactive-jackson' \ --no-code cd security-keycloak-admin-client

To create a Gradle project, add the —gradle or —gradle-kotlin-dsl option.

For more information about how to install the Quarkus CLI and use it, please refer to the Quarkus CLI guide.

mvn io.quarkus.platform:quarkus-maven-plugin:3.2.1.Final:create \ -DprojectGroupId=org.acme \ -DprojectArtifactId=security-keycloak-admin-client \ -Dextensions='keycloak-admin-client-reactive,resteasy-reactive-jackson' \ -DnoCode cd security-keycloak-admin-client

To create a Gradle project, add the -DbuildTool=gradle or -DbuildTool=gradle-kotlin-dsl option.

This command generates a project which imports the keycloak-admin-client-reactive and resteasy-reactive-jackson extensions.

If you already have your Quarkus project configured, you can add the keycloak-admin-client-reactive and resteasy-reactive-jackson extensions to your project by running the following command in your project base directory:

quarkus extension add 'keycloak-admin-client-reactive,resteasy-reactive-jackson'
./mvnw quarkus:add-extension -Dextensions='keycloak-admin-client-reactive,resteasy-reactive-jackson'
./gradlew addExtension --extensions='keycloak-admin-client-reactive,resteasy-reactive-jackson'

This will add the following to your build file:

 io.quarkus quarkus-keycloak-admin-client-reactive  io.quarkus quarkus-resteasy-reactive-jackson 
implementation("io.quarkus:quarkus-keycloak-admin-client-reactive") implementation("io.quarkus:quarkus-resteasy-reactive-jackson")

We also are going to need a simple resource with a Keycloak injected as request scoped CDI bean.

package org.acme.keycloak.admin.client; import org.keycloak.admin.client.Keycloak; import org.keycloak.representations.idm.RoleRepresentation; import jakarta.inject.Inject; import jakarta.ws.rs.GET; import jakarta.ws.rs.Path; import java.util.List; @Path("/api/admin") public class RolesResource (1) @GET @Path("/roles") public List getRoles() < return keycloak.realm("quarkus").roles().list(); >>
1 Create a default Keycloak Admin Client which can perform Keycloak master realm administration tasks as an admin-cli client, such as adding new realms, clients and users.
Читайте также:  Php session save path redis

The only configuration which is required to create this Keycloak Admin Client is a Keycloak server URL.

# Quarkus based Keycloak distribution quarkus.keycloak.admin-client.server-url=http://localhost:8081
# WildFly based Keycloak distribution quarkus.keycloak.admin-client.server-url=http://localhost:8081/auth

It is important that quarkus.keycloak.admin-client.server-url is configured if you would like to have Keycloak injected. The injection will fail if you attempt to inject Keycloak without configuring this property.

Injecting Keycloak Admin Client instead of creating it directly in the application code is a simpler and more flexible option but you can create the same admin client manually if necessary:

package org.acme.keycloak.admin.client; import org.keycloak.admin.client.Keycloak; import org.keycloak.admin.client.KeycloakBuilder; import org.keycloak.representations.idm.RoleRepresentation; import jakarta.annotations.PostConstruct; import jakarta.annotations.PreConstruct; import jakarta.ws.rs.GET; import jakarta.ws.rs.Path; import java.util.List; @Path("/api/admin") public class RolesResource < Keycloak keycloak; @PostConstruct public void initKeycloak() < keycloak = KeycloakBuilder.builder() .serverUrl("http://localhost:8081") .realm("master") .clientId("admin-cli") .grantType("password") .username("admin") .password("admin") .build(); >@PreDestroy public void closeKeycloak() < keycloak.close(); >@GET @Path("/roles") public List getRoles() < return keycloak.realm("quarkus").roles().list(); >>

You can configure Keycloak Admin Client to administer other realms and clients. It can use either a password or client_credentials grant to acquire an access token to call the Admin REST API which requires authorization.

If you exchange user’s credentials for the access token, here is an example configuration for the password grant type:

quarkus.keycloak.admin-client.server-url=http://localhost:8081 quarkus.keycloak.admin-client.realm=quarkus quarkus.keycloak.admin-client.client-id=quarkus-client quarkus.keycloak.admin-client.username=alice quarkus.keycloak.admin-client.password=alice quarkus.keycloak.admin-client.grant-type=PASSWORD (1)

An example using the client-credentials grant type needs only a minor adjustments:

quarkus.keycloak.admin-client.enabled=true quarkus.keycloak.admin-client.server-url=http://localhost:8081 quarkus.keycloak.admin-client.realm=quarkus quarkus.keycloak.admin-client.client-id=quarkus-client quarkus.keycloak.admin-client.client-secret=secret quarkus.keycloak.admin-client.username= # remove default username quarkus.keycloak.admin-client.password= # remove default password quarkus.keycloak.admin-client.grant-type=CLIENT_CREDENTIALS (1)

Quarkus Keycloak Admin Client Configuration Reference

Configuration property fixed at build time — All other configuration properties are overridable at runtime

Источник

Оцените статью
© 2023 Программирование