t.j*_*joe 5 java permissions keycloak
我正在尝试通过 keycloak authzclient 从 keycloak 服务器检查用户权限。但是不断失败,现在我不确定我是否对这个过程有一些误解。
AuthzClient authzClient = AuthzClient.create();
String eat = authzClient.obtainAccessToken("tim", "test123").getToken();
AuthorizationResource resource = authzClient.authorization(eat);
PermissionRequest request = new PermissionRequest();
request.setResourceSetName("testresource");
String ticket = authzClient.protection().permission().forResource(request).getTicket();
AuthorizationResponse authResponse = resource.authorize(new AuthorizationRequest(ticket));
System.out.println(authResponse.getRpt());
最后一次调用 authResponse.getRpt() 失败并显示 403 forbidden。但是管理控制台中的以下设置评估为 Permit?
客户端配置是:
{
"realm": "testrealm",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "tv",
"credentials": {
"secret": "d0c436f7-ed19-483f-ac84-e3b73b6354f0"
},
"use-resource-role-mappings": true
}
以下代码:
AuthzClient authzClient = AuthzClient.create();
String eat = authzClient.obtainAccessToken("tim", "test123").getToken();
EntitlementResponse response = authzClient.entitlement(eat).getAll("tv");
String rpt = response.getRpt();
TokenIntrospectionResponse requestingPartyToken = authzClient.protection().introspectRequestingPartyToken(rpt);
if (requestingPartyToken.getActive()) {
for (Permission granted : requestingPartyToken.getPermissions()) {
System.out.println(granted.getResourceSetId()+" "+granted.getResourceSetName()+" "+granted.getScopes());
}
}
只给我“默认资源”
7d0f10d6-6f65-4866-816b-3dc5772fc465 Default Resource []
但即使我把这个默认资源放在第一个代码片段中
...
PermissionRequest request = new PermissionRequest();
request.setResourceSetName("Default Resource");
...
它给我一个 403 。我哪里错了?
亲切的问候
Keycloak 服务器是 3.2.1.Final。keycloak-authz-client 是 3.2.0.Final。
发帖几分钟后就发现了问题。对不起。我必须执行 EntitlementRequest。
AuthzClient authzClient = AuthzClient.create();
String eat = authzClient.obtainAccessToken("tim", "test123").getToken();
PermissionRequest request = new PermissionRequest();
request.setResourceSetName("testresource");
EntitlementRequest entitlementRequest = new EntitlementRequest();
entitlementRequest.addPermission(request);
EntitlementResponse entitlementResponse = authzClient.entitlement(eat).get("tv", entitlementRequest);
String rpt = entitlementResponse.getRpt();
TokenIntrospectionResponse requestingPartyToken = authzClient.protection().introspectRequestingPartyToken(rpt);
if (requestingPartyToken.getActive()) {
for (Permission granted : requestingPartyToken.getPermissions()) {
System.out.println(granted.getResourceSetId()+" "+granted.getResourceSetName()+" "+granted.getScopes());
}
}
输出:27b3d014-b75a-4f52-a97f-dd01b923d2ef 测试资源 []
亲切的问候
| 归档时间: |
|
| 查看次数: |
3942 次 |
| 最近记录: |