spring-bootpermissionsjwtkeycloakaccess-token
Retrieve Keycloak attributes in access_token
I can't get permissions that a role has defined in my access_token.
I defined 3 roles (with Keycloak): ADMIN, GUEST and SUPERADMIN.
SUPERADMIN has read, write and gestion permissions (p_Read, p_Write and p_gestion).
With postman, SUPERADMIN do login, and gets the obfuscated access_token.
When I deobfuscate it, I get the following information (which is correct)
"iat": 1654784756,
"jti": "6bc716df-66fc-47ad-9eaf-8ef252969c61",
"iss": "https://dev.mydomain.com/auth/realms/Licenses",
"aud": "account",
"sub": "55552ce7-3f92-49a7-835f-7cd356a34d7e",
"typ": "Bearer",
"azp": "Licenses",
"session_state": "1cb9ac94-0d53-423c-9cd6-66472c8ce02b",
"acr": "1",
"realm_access": {
"roles": [
"SUPERADMIN",
"offline_access",
"default-roles-licenses",
"uma_authorization"
]
},
"resource_access": {
"Licenses": {
"roles": [
"SUPERADMIN"
]
},
"account": {
"roles": [
"manage-account",
"manage-account-links",
"view-profile"
]
}
},
"scope": "openid email profile",
"email_verified": false,
"name": "Pepe",
"preferred_username": "[email protected]",
"given_name": "Pepe",
"family_name": "Pepe",
"email": "[email protected]"
but, I don't receive the permissions configured for SUPERADMIN. I need to receive the "p_Read","p_Write" and "p_Gestion" permissions in my access_token.
Am I missing some setting or am I doing something wrong?
Solution
You can get attributes by Get role API. Also user needs the "manage-realm" role when you get the token.
Steps
Assign "manage-realm" to user
Get Token
Get Role
- Search from database and display it in web page using spring boot + html
- Find/Remove in @DBref list items in MongoDB for Spring
- Spring Boot control target JAR file name
- Name for argument of type [java.lang.String] not specified, and parameter name information not available via reflection
- Cannot load configs from Config Server - No suitable HttpMessageConverter
- How to prevent Spring Boot/Hibernate from converting entity column names from PascalCase to snake_case?
- How to specify target architecture when using Spring Boot gradle task bootBuildImage
- Error executing DDL "create table in Spring Data JPA?
- not able to call upload file API using RestTemplate
- How to Add JVM Arguments in Azure Application Service?
- How to handle microservice Interaction when one of the microservice is down
- Lombok classes not generated
- LdapCtxFactory because module java.naming does not export com.sun.jndi.ldap to unnamed module
- Is it possible to use @Transactional and kotlin coroutines in spring boot?
- How to convert spring boot app with Okta to read okta groups
- How to add Header - Authorization for swagger 3, spring boot
- SpringBoot RestTemplate ignores spring.jackson.serialization.WRITE_DATES_AS_TIMESTAMPS = false
- Spring Boot 1.5.1 caches JSP
- How does Spring Boot control Tomcat cache?
- How can I change the default location of log4j2.xml in Java Spring Boot?
- Spring Boot application is encountering a NullPointerException after running for a while
- Problem connecting springboot to mysql with docker-compose
- Map as parameter in RestAPI Post request
- Cause ERROR Recursive call to appender. Is there a way to solve it?
- Swagger-ui keeps showing example petstore instead of my API
- Apache Spark with Spring boot - failed to start exception Factory method 'javaSparkContext' threw exception with message: javax/servlet/Servlet
- Reactive Mongo secondaryPreferred
- Flyway: Found non-empty schema(s) "public" without schema history table! Use baseline() - on Empty database
- Spring boot not loading log4j2.xml
- @Repository not necessary when implementing JpaRepository?