java - Keycloak check permissions via Authzclient -


i'm trying check user permissions keycloak server via keycloak authzclient. failing constantly, i'm not sure if have misconceptions process.

authzclient authzclient = authzclient.create(); string eat = authzclient.obtainaccesstoken("tim", "test123").gettoken();  authorizationresource resource = authzclient.authorization(eat);  permissionrequest request = new permissionrequest(); request.setresourcesetname("testresource");  string ticket = authzclient.protection().permission().forresource(request).getticket(); authorizationresponse authresponse = resource.authorize(new authorizationrequest(ticket));  system.out.println(authresponse.getrpt()); 

the last call authresponse.getrpt() fails 403 forbidden. following settings in admin console evaluates permit?

keycloak evaluation setting

the client config is:

{   "realm": "testrealm",   "auth-server-url": "http://localhost:8080/auth",   "ssl-required": "external",   "resource": "tv",   "credentials": {     "secret": "d0c436f7-ed19-483f-ac84-e3b73b6354f0"   },   "use-resource-role-mappings": true } 

the following code:

authzclient authzclient = authzclient.create(); string eat = authzclient.obtainaccesstoken("tim", "test123").gettoken();  entitlementresponse response = authzclient.entitlement(eat).getall("tv"); string rpt = response.getrpt();  tokenintrospectionresponse requestingpartytoken = authzclient.protection().introspectrequestingpartytoken(rpt);     if (requestingpartytoken.getactive()) {         (permission granted : requestingpartytoken.getpermissions()) {              system.out.println(granted.getresourcesetid()+" "+granted.getresourcesetname()+" "+granted.getscopes());         }     } 

just gives me "default resource"

7d0f10d6-6f65-4866-816b-3dc5772fc465 default resource [] 

but when put default resource in first code snippet

... permissionrequest request = new permissionrequest(); request.setresourcesetname("default resource"); ...  

it fives me 403 . wrong?

kind regards

keycloak server 3.2.1.final. keycloak-authz-client 3.2.0.final.

minutes after posting found problem. sorry. had perform entitlementrequest.

authzclient authzclient = authzclient.create(); string eat = authzclient.obtainaccesstoken("tim", "test123").gettoken();  permissionrequest request = new permissionrequest(); request.setresourcesetname("testresource");  entitlementrequest entitlementrequest = new entitlementrequest(); entitlementrequest.addpermission(request);  entitlementresponse entitlementresponse = authzclient.entitlement(eat).get("tv", entitlementrequest); string rpt = entitlementresponse.getrpt();  tokenintrospectionresponse requestingpartytoken = authzclient.protection().introspectrequestingpartytoken(rpt); if (requestingpartytoken.getactive()) {     (permission granted : requestingpartytoken.getpermissions()) {         system.out.println(granted.getresourcesetid()+" "+granted.getresourcesetname()+" "+granted.getscopes());     } } 

ouputs: 27b3d014-b75a-4f52-a97f-dd01b923d2ef testresource []

kind regards


Comments

Popular posts from this blog

php - Vagrant up error - Uncaught Reflection Exception: Class DOMDocument does not exist -

vue.js - Create hooks for automated testing -

Add new key value to json node in java -