Dev*_*Dio 8 java security spring spring-boot keycloak
我有使用 Keycloak 3.1.x 的应用程序,该应用程序使用以下依赖项与 Keycloak 远程交互:
<dependency>
<groupId>org.keycloak</groupId>
<artifactId>keycloak-admin-client</artifactId>
<version>3.4.1.Final</version>
</dependency>
该应用程序使用 Spring Boot,在 Controller 中我们得到两个参数:
现在在后端,我们必须验证旧密码是否与存储在 Keycloak 中的密码匹配,然后最终应用新密码。
我知道有一个端点/auth/admin/{realm}/account允许用户更改他的密码,但我需要后端的功能。
The dependency uses RestClient under the hood and from what I found in https://issues.jboss.org/browse/KEYCLOAK-943, the Keycloak does not provide REST API for the account console.
Does anybody know if it is possible to validate the old password from the Keycloak Admin API?
EDIT:
Maybe there is a way of getting user's old password and trying to get the new token? If fails, then that would be sign that old password is wrong.
| 归档时间: |
|
| 查看次数: |
2359 次 |
| 最近记录: |