java - Keycloak check permissions via Authzclient -
i'm trying check user permissions keycloak server via keycloak authzclient. failing constantly, i'm not sure if have misconceptions process.
authzclient authzclient = authzclient.create(); string eat = authzclient.obtainaccesstoken("tim", "test123").gettoken(); authorizationresource resource = authzclient.authorization(eat); permissionrequest request = new permissionrequest(); request.setresourcesetname("testresource"); string ticket = authzclient.protection().permission().forresource(request).getticket(); authorizationresponse authresponse = resource.authorize(new authorizationrequest(ticket)); system.out.println(authresponse.getrpt());
the last call authresponse.getrpt() fails 403 forbidden. following settings in admin console evaluates permit?
the client config is:
{ "realm": "testrealm", "auth-server-url": "http://localhost:8080/auth", "ssl-required": "external", "resource": "tv", "credentials": { "secret": "d0c436f7-ed19-483f-ac84-e3b73b6354f0" }, "use-resource-role-mappings": true }
the following code:
authzclient authzclient = authzclient.create(); string eat = authzclient.obtainaccesstoken("tim", "test123").gettoken(); entitlementresponse response = authzclient.entitlement(eat).getall("tv"); string rpt = response.getrpt(); tokenintrospectionresponse requestingpartytoken = authzclient.protection().introspectrequestingpartytoken(rpt); if (requestingpartytoken.getactive()) { (permission granted : requestingpartytoken.getpermissions()) { system.out.println(granted.getresourcesetid()+" "+granted.getresourcesetname()+" "+granted.getscopes()); } }
just gives me "default resource"
7d0f10d6-6f65-4866-816b-3dc5772fc465 default resource []
but when put default resource in first code snippet
... permissionrequest request = new permissionrequest(); request.setresourcesetname("default resource"); ...
it fives me 403 . wrong?
kind regards
keycloak server 3.2.1.final. keycloak-authz-client 3.2.0.final.
minutes after posting found problem. sorry. had perform entitlementrequest.
authzclient authzclient = authzclient.create(); string eat = authzclient.obtainaccesstoken("tim", "test123").gettoken(); permissionrequest request = new permissionrequest(); request.setresourcesetname("testresource"); entitlementrequest entitlementrequest = new entitlementrequest(); entitlementrequest.addpermission(request); entitlementresponse entitlementresponse = authzclient.entitlement(eat).get("tv", entitlementrequest); string rpt = entitlementresponse.getrpt(); tokenintrospectionresponse requestingpartytoken = authzclient.protection().introspectrequestingpartytoken(rpt); if (requestingpartytoken.getactive()) { (permission granted : requestingpartytoken.getpermissions()) { system.out.println(granted.getresourcesetid()+" "+granted.getresourcesetname()+" "+granted.getscopes()); } }
ouputs: 27b3d014-b75a-4f52-a97f-dd01b923d2ef testresource []
kind regards
Comments
Post a Comment