Keycloak comes with[自带] a fully functional Admin REST API with all features provided by the Admin Console.
To invoke the API you need to obtain an access token with the appropriate permissions.
There’s a Java client library for the Admin REST API that makes it easy to use from Java.
To use it from your application add a dependency on the keycloak-admin-client library.
Complete Javadoc for the admin client is available at API Documentation.
https://www.keycloak.org/docs/4.0/api_documentation/
使用 java keycloak-admin-client library之前,需要先引入maven依赖。
地址:
http://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client/3.4.3.Final
示例1:获取accessToken
Keycloak keycloak = Keycloak.getInstance("http://localhost:8080/auth",// keycloak地址
"master",// 指定 Realm master
"admin",// 管理员账号
"1",// 管理员密码
// 指定client(admin-cli是Master Realm中的内置client,Direct Access
// Grants Enabled)
"admin-cli");
String accessTokenStr = keycloak.tokenManager().getAccessTokenString();
System.out.println(accessTokenStr);
内置Realm Master,内置 client admin-cli ,协议是 openid-connect,并且 Direct Access Grants Enabled。
Direct Access Grants Enabled 开启后,客户端应用可以直接凭借账号、密码获取 Token 。
Access Type 值为 public,客户端应用不需要出具secret。
示例2:新建Realm、client、role、user、为user授权、为user添加自定义属性等
//maven依赖包
//http://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client/3.4.3.Final
public static void main(String[] args) {
Keycloak keycloak = Keycloak.getInstance("http://localhost:8080/auth",// keycloak地址
"master",// 指定 Realm master
"admin",// 管理员账号
"1",// 管理员密码
// 指定client(admin-cli是Master Realm中的内置client,Direct Access
// Grants Enabled)
"admin-cli");
// 新建 Realm
RealmRepresentation realm = new RealmRepresentation();
realm.setId("testRealmId01");
realm.setRealm("testRealmName01");// realm name
realm.setEnabled(true);
keycloak.realms().create(realm);
// 进入 testRealmName01
RealmResource realmResource = keycloak.realm("testRealmName01");
// 新建 Realm 角色
RoleRepresentation role = new RoleRepresentation();
role.setName("testRealmRoleName01");
realmResource.roles().create(role);
// 新建 client
ClientRepresentation client = new ClientRepresentation();
client.setId("testClientId01");
client.setName("testClientName01");
client.setBearerOnly(false);
client.setPublicClient(false);
client.setSecret("******");
client.setProtocol("openid-connect");
// client redirect uri
List<String> redirectUris = new ArrayList<String>();
redirectUris.add("http://aa.bb.cc/*");
client.setRedirectUris(redirectUris);
realmResource.clients().create(client);
ClientResource rr = realmResource.clients().get("testClientId01");
ClientRepresentation aa = rr.toRepresentation();
// 新建 client 角色
RoleRepresentation clientRole = new RoleRepresentation();
clientRole.setName("testClientRoleName01");
realmResource.clients().get("testClientId01").roles().create(clientRole);
// 新建用户
UserRepresentation user = new UserRepresentation();
// 设置登录账号
user.setUsername("zhangsan");
// 设置账号“启用”
user.setEnabled(true);
// 设置密码
List<CredentialRepresentation> credentials = new ArrayList<CredentialRepresentation>();
CredentialRepresentation cr = new CredentialRepresentation();
cr.setType(CredentialRepresentation.PASSWORD);
cr.setValue("123456");
cr.setTemporary(false);
credentials.add(cr);
user.setCredentials(credentials);
//设置自定义用户属性
Map<String, List<String>> attributes = new HashMap<String, List<String>>();
List<String> list = new ArrayList<String>();
list.add("音乐");
list.add("美术");
attributes.put("爱好", list);
user.setAttributes(attributes);
// 创建用户
realmResource.users().create(user);
// 根据 username 查找用户
UserRepresentation getUser = realmResource
.users()
.search("zhangsan")
.get(0);
// 取得指定用户的 roleMappingResource
RoleMappingResource roleMappingResource = realmResource
.users()
.get(getUser.getId())
.roles();
// 为用户分配Realm角色
List<RoleRepresentation> realmRolesToAdd = new ArrayList<RoleRepresentation>();
RoleRepresentation realmRole = realmResource
.roles()
.get("testRealmRoleName01")
.toRepresentation();
realmRolesToAdd.add(realmRole);
roleMappingResource.realmLevel().add(realmRolesToAdd);
// 为用户分配client角色
List<RoleRepresentation> clientRolesToAdd = new ArrayList<RoleRepresentation>();
RoleRepresentation clientRole_ = realmResource
.clients()
.get("testClientId01")
.roles()
.get("testClientRoleName01")
.toRepresentation();
clientRolesToAdd.add(clientRole_);
roleMappingResource.clientLevel("testClientId01").add(clientRolesToAdd);
// 取得accesstoken
String accessToken = keycloak.tokenManager().getAccessTokenString();
System.out.println(accessToken);
}
添加的用户自定义属性
为用户授予的角色
