Fatal编程技术网
  • keycloak/
  • Keycloak KeyClope-使用ApicCalls向用户添加/删除领域角色

Keycloak KeyClope-使用ApicCalls向用户添加/删除领域角色

keycloak

Keycloak KeyClope-使用ApicCalls向用户添加/删除领域角色,keycloak,Keycloak,传递userRepresentation.id 到keydeposerverurl+“/auth/admin/realms/XXXX/users/”+userId+“/role mappings/realm” 我为某个用户获取这些角色 [ { "id": "xxxxxxx-1faf-4604-832a-fa7ab7eb4344", "name": "uma_authorization", "description": "${role_uma

传递userRepresentation.id 到keydeposerverurl+“/auth/admin/realms/XXXX/users/”+userId+“/role mappings/realm” 我为某个用户获取这些角色

[
    {
        "id": "xxxxxxx-1faf-4604-832a-fa7ab7eb4344",
        "name": "uma_authorization",
        "description": "${role_uma_authorization}",
        "composite": false,
        "clientRole": false,
        "containerId": "XXXX"
    },
    {
        "id": "xxxxxxx-ad9f-444e-adf4-be11ab7a3d98",
        "name": "member_paid",
        "description": "Membership Paid",
        "composite": false,
        "clientRole": false,
        "containerId": "XXXX"
    },
    {
        "id": "xxxxx-2d73-48a8-844d-a953cb570270",
        "name": "offline_access",
        "description": "${role_offline-access}",
        "composite": false,
        "clientRole": false,
        "containerId": "XXXX"
    }
]
我无法确定应该使用哪个API向用户添加/删除角色

请告诉我我需要使用什么API

我能找到的最好的是下面这个,但我不知道参数(路径和请求属性)应该是什么

端点是

获取角色映射:

GET/auth/admin/realms/{Realm}/users/{userid}/role mappings/Realm

添加角色映射:

POST/auth/admin/realms/{Realm}/users/{userid}/role mappings/Realm

删除角色映射:

删除/auth/admin/realms/{Realm}/users/{userid}/role mappings/Realm

示例添加角色 您有一个id为dc5572a5-b7e0-4c4b-b841-dc88108df70f的角色,例如名为
testrole
(当您打开KeyClope管理GUI时,您可以在url中看到该角色,或者通过其他重启请求获取该角色)

现在,我们有一个类型为
POST
的请求,请求到端点
/auth/admin/realms/{Realm}/users/{userid}/role mappings/Realm
,其主体类型为
application/json
,主体值如下

[
    {
        "id": "dc5572a5-b7e0-4c4b-b841-dc88108df70f",
        "name" : "testrole"
    }
]
成功执行后,您将得到一个HTTP代码204=>的响应,testrole-角色映射将应用于此用户

示例Curl请求 如果您想再次删除它,只需发送相同的请求(相同的正文),但使用HTTP方法
delete
,而不是
POST

请让我现在如果这解决了你的问题

根据上面的帖子邪恶帮我

使用Java(使用JEE8获得良好的JSON功能)

获取令牌(使用您在keydove中设置的客户机,访问类型为机密,并访问正确的角色(对于9.0.0,这一点现在更加隐藏)

然后添加一个角色(与remove类似-参见上面的帖子)

尝试添加角色会给我400个错误的请求“未知错误”。自从这篇文章以来有api更改吗? 
[
    {
        "id": "dc5572a5-b7e0-4c4b-b841-dc88108df70f",
        "name" : "testrole"
    }
]

curl --request POST \
  --url http://localhost/auth/admin/realms/{Realm}/users/{userid}/role-mappings/realm \
  --header 'authorization: Bearer eyJh......h3RLw' \
  --header 'content-type: application/json' \
  --data '[
    {
        "id": "dc5572a5-b7e0-4c4b-b841-dc88108df70f",
        "name" : "testrole"
    }
]'

public JsonObject getToken() throws IOException {

    String keycloakServerURL = environmentService.getEnvironmentVariable(EnvironmentService.KEYCLOAK_SERVER);

    String appClientId = environmentService.getEnvironmentVariable(EnvironmentService.APP_CLIENT_ID);
    String appClientSecret = environmentService.getEnvironmentVariable(EnvironmentService.APP_CLIENT_SECRET);

    URL url = new URL(keycloakServerURL + "/auth/realms/XXXXXX/protocol/openid-connect/token");
    HttpURLConnection con = (HttpURLConnection) url.openConnection();
    con.setRequestMethod("POST");

    String userpass = appClientId + ":" + appClientSecret;
    String basicAuth = "Basic " + new String(Base64.getEncoder().encode(userpass.getBytes()));

    con.setRequestProperty("Authorization", basicAuth);
    con.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");

    /* Payload support */
    con.setDoOutput(true);
    DataOutputStream out = new DataOutputStream(con.getOutputStream());
    out.writeBytes("grant_type=client_credentials");

    out.flush();
    out.close();

    int status = con.getResponseCode();
    BufferedReader in = new BufferedReader(new 
    InputStreamReader(con.getInputStream()));

    JsonReader jsonReader = Json.createReader(in);
    JsonObject responesAsJson = jsonReader.readObject();

    in.close();
    con.disconnect();

    // Pretty Print of String
    ObjectMapper objectMapper = new ObjectMapper();
    String jSonstring = objectMapper.writerWithDefaultPrettyPrinter().writeValueAsString(responesAsJson);
    logger.info("Response: " + jSonstring);
    // Pretty Print of String

    logger.info("Response status: " + status);

    //String contentString = responesAsJson.toString();
    //logger.info("Response: " + contentString);

    return responesAsJson;
}

public void addRole(JsonObject userToken, String userId, RoleRepresentation role) throws IOException {
    String keycloakServerURL = environmentService.getEnvironmentVariable(EnvironmentService.KEYCLOAK_SERVER);


    URL url = new URL(keycloakServerURL + "/auth/admin/realms/XXXXXX/users/" + userId + "/role-mappings/realm");
    HttpURLConnection con = (HttpURLConnection) url.openConnection();
    con.setRequestMethod("POST");

    String accessTokenFromUserToken = userToken.getString("access_token");
    con.setRequestProperty("Authorization", "Bearer " + accessTokenFromUserToken);

    con.setRequestProperty("Content-Type", "application/json");

    /* Payload support */
    con.setDoOutput(true);
    DataOutputStream out = new DataOutputStream(con.getOutputStream());
    JsonObject theBodyPart = Json.createObjectBuilder().
            add("id", role.getId()).
            add("name", role.getName()).
            build();
    JsonArray theBodyPartAsArray = Json.createArrayBuilder().add(theBodyPart).build();
    String theBodyPartAsJson = theBodyPartAsArray.toString();
    out.writeBytes(theBodyPartAsJson);      
    out.flush();
    out.close();

    int status = con.getResponseCode();
    logger.info("Response status: " + status);

    con.disconnect();
}