Keycloak comes with[自带] a fully functional Admin REST API with all features provided by the Admin Console.
To invoke the API you need to obtain an access token with the appropriate permissions.
There’s a Java client library for the Admin REST API that makes it easy to use from Java.
To use it from your application add a dependency on the keycloak-admin-client library.
Complete Javadoc for the admin client is available at API Documentation.
https://www.keycloak.org/docs/4.0/api_documentation/
使用 java keycloak-admin-client library之前,需要先引入maven依赖。
地址:
http://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client/3.4.3.Final
示例1:获取accessToken
Keycloak keycloak = Keycloak.getInstance("http://localhost:8080/auth",// keycloak地址 "master",// 指定 Realm master "admin",// 管理员账号 "1",// 管理员密码 // 指定client(admin-cli是Master Realm中的内置client,Direct Access // Grants Enabled) "admin-cli"); String accessTokenStr = keycloak.tokenManager().getAccessTokenString(); System.out.println(accessTokenStr);
内置Realm Master,内置 client admin-cli ,协议是 openid-connect,并且 Direct Access Grants Enabled。
Direct Access Grants Enabled 开启后,客户端应用可以直接凭借账号、密码获取 Token 。
Access Type 值为 public,客户端应用不需要出具secret。
示例2:新建Realm、client、role、user、为user授权、为user添加自定义属性等
//maven依赖包 //http://mvnrepository.com/artifact/org.keycloak/keycloak-admin-client/3.4.3.Final public static void main(String[] args) { Keycloak keycloak = Keycloak.getInstance("http://localhost:8080/auth",// keycloak地址 "master",// 指定 Realm master "admin",// 管理员账号 "1",// 管理员密码 // 指定client(admin-cli是Master Realm中的内置client,Direct Access // Grants Enabled) "admin-cli"); // 新建 Realm RealmRepresentation realm = new RealmRepresentation(); realm.setId("testRealmId01"); realm.setRealm("testRealmName01");// realm name realm.setEnabled(true); keycloak.realms().create(realm); // 进入 testRealmName01 RealmResource realmResource = keycloak.realm("testRealmName01"); // 新建 Realm 角色 RoleRepresentation role = new RoleRepresentation(); role.setName("testRealmRoleName01"); realmResource.roles().create(role); // 新建 client ClientRepresentation client = new ClientRepresentation(); client.setId("testClientId01"); client.setName("testClientName01"); client.setBearerOnly(false); client.setPublicClient(false); client.setSecret("******"); client.setProtocol("openid-connect"); // client redirect uri List<String> redirectUris = new ArrayList<String>(); redirectUris.add("http://aa.bb.cc/*"); client.setRedirectUris(redirectUris); realmResource.clients().create(client); ClientResource rr = realmResource.clients().get("testClientId01"); ClientRepresentation aa = rr.toRepresentation(); // 新建 client 角色 RoleRepresentation clientRole = new RoleRepresentation(); clientRole.setName("testClientRoleName01"); realmResource.clients().get("testClientId01").roles().create(clientRole); // 新建用户 UserRepresentation user = new UserRepresentation(); // 设置登录账号 user.setUsername("zhangsan"); // 设置账号“启用” user.setEnabled(true); // 设置密码 List<CredentialRepresentation> credentials = new ArrayList<CredentialRepresentation>(); CredentialRepresentation cr = new CredentialRepresentation(); cr.setType(CredentialRepresentation.PASSWORD); cr.setValue("123456"); cr.setTemporary(false); credentials.add(cr); user.setCredentials(credentials); //设置自定义用户属性 Map<String, List<String>> attributes = new HashMap<String, List<String>>(); List<String> list = new ArrayList<String>(); list.add("音乐"); list.add("美术"); attributes.put("爱好", list); user.setAttributes(attributes); // 创建用户 realmResource.users().create(user); // 根据 username 查找用户 UserRepresentation getUser = realmResource .users() .search("zhangsan") .get(0); // 取得指定用户的 roleMappingResource RoleMappingResource roleMappingResource = realmResource .users() .get(getUser.getId()) .roles(); // 为用户分配Realm角色 List<RoleRepresentation> realmRolesToAdd = new ArrayList<RoleRepresentation>(); RoleRepresentation realmRole = realmResource .roles() .get("testRealmRoleName01") .toRepresentation(); realmRolesToAdd.add(realmRole); roleMappingResource.realmLevel().add(realmRolesToAdd); // 为用户分配client角色 List<RoleRepresentation> clientRolesToAdd = new ArrayList<RoleRepresentation>(); RoleRepresentation clientRole_ = realmResource .clients() .get("testClientId01") .roles() .get("testClientRoleName01") .toRepresentation(); clientRolesToAdd.add(clientRole_); roleMappingResource.clientLevel("testClientId01").add(clientRolesToAdd); // 取得accesstoken String accessToken = keycloak.tokenManager().getAccessTokenString(); System.out.println(accessToken); }
添加的用户自定义属性
为用户授予的角色