spring-bootkeycloak
Adding user to keycloak using Spring Boot
I am using keycloak admin for user login and user creation. I was able to login a user thru my spring boot application and return a AccessTokenResponse. For user creation I am getting a 403 response. I followed this tutorial and the UI is different now for Keycloak:21.1.0.
What I need to do is to add the manage-users to my client the old UI looks like this:
The new UI looks like this:
CODE:
Here's my KeycloackConfig:
import org.keycloak.OAuth2Constants;
import org.keycloak.adapters.KeycloakConfigResolver;
import org.keycloak.adapters.springboot.KeycloakSpringBootConfigResolver;
import org.keycloak.adapters.springsecurity.KeycloakConfiguration;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
@KeycloakConfiguration
public class KeycloakConfig {
@Value("${keycloak.auth-server-url}")
public String serverURL;
@Value("${keycloak.realm}")
public String realm;
@Value("${keycloak.resource}")
public String clientID;
@Value("${keycloak.credentials.secret}")
public String clientSecret;
@Bean
public Keycloak keycloak() {
return KeycloakBuilder.builder()
.realm(realm)
.serverUrl(serverURL)
.clientId(clientID)
.clientSecret(clientSecret)
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
.build();
}
@Bean
public KeycloakConfigResolver keycloakConfigResolver() {
return new KeycloakSpringBootConfigResolver();
}
}
Here's my KeycloakService:
import lombok.RequiredArgsConstructor;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Service;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotAuthorizedException;
import javax.ws.rs.core.Response;
import java.util.Collections;
@Service
@RequiredArgsConstructor
public class KeycloakService {
@Value("${keycloak.auth-server-url}")
private String serverURL;
@Value("${keycloak.realm}")
private String realm;
@Value("${keycloak.resource}")
private String clientID;
@Value("${keycloak.credentials.secret}")
private String clientSecret;
private final Keycloak keycloakAdminClient;
public void registerExisting(SignUpRequest request) {
this.createKeycloakUser(request);
}
public AccessTokenResponse login(LoginRequest request) {
try (Keycloak keycloak = this.keycloakCredentialBuilder(request)) {
return keycloak.tokenManager().getAccessToken();
} catch (NotAuthorizedException e) {
throw new KeycloakUnauthorizedException(e.getMessage());
} catch (BadRequestException e) {
throw new KeycloakBadRequestException(e.getMessage());
}
}
public void createKeycloakUser(SignUpRequest request) {
UsersResource usersResource = this.keycloakAdminClient.realm(this.realm).users();
CredentialRepresentation credentialRepresentation = createPasswordCredentials(request.getPassword());
UserRepresentation user = new UserRepresentation();
user.setUsername(request.getUsername());
user.setEmail(request.getEmail());
user.setFirstName(request.getFirstName());
user.setLastName(request.getLastName());
user.singleAttribute("phoneNumber",request.getPhoneNumber());
user.setCredentials(Collections.singletonList(credentialRepresentation));
try (Response response = usersResource.create(user)) {
if(response.getStatus() == 201) {
System.out.println("Created");
} else {
System.out.println(response.getStatus());
}
} catch (Exception e) {
System.out.println(e.getMessage());
}
}
private Keycloak keycloakAdminBuilder() {
return KeycloakBuilder.builder()
.realm(realm)
.serverUrl(serverURL)
.clientId(clientID)
.clientSecret(clientSecret)
.grantType(OAuth2Constants.CLIENT_CREDENTIALS)
.build();
}
private Keycloak keycloakCredentialBuilder(LoginRequest request) {
return KeycloakBuilder.builder()
.realm(this.realm)
.serverUrl(this.serverURL)
.clientId(this.clientID)
.clientSecret(this.clientSecret)
.username(request.getUsername())
.password(request.getPassword())
.build();
}
private CredentialRepresentation createPasswordCredentials(String password) {
CredentialRepresentation passwordCredentials = new CredentialRepresentation();
passwordCredentials.setTemporary(false);
passwordCredentials.setType(CredentialRepresentation.PASSWORD);
passwordCredentials.setValue(password);
return passwordCredentials;
}
}
QUESTIONS
- I checked my clients on my realm and there is a manage-users in my real-management. Do I need to add another role in my client?
- Is my code right? Or do I need to add or modify something?
Solution
The code was right. The problem was in configuration.
Here is the steps of how I resolved this:
- Under Realm Roles > Create a new Role > Add a name for the role > Click Save
- Select that role you just created, then click Action on the upper right side.
- Click Add Associated Role > Click Filter By Clients > Select the
manage-usersunderrealm-management. - Under Client > Select your client > Click Service Account Roles > Add the role you just created earlier.
This should respond 201 when you create a user. Took me days to figure this out. Hope that this post would help someone.
- Upgrading to Spring Boot 3/ JDK 17/ Spring 6 - JAXB conflict issue IllegalAnnotationsException
- Using toFuture in Spring webClient when using virtual threads
- Maven-shade plugin - how to resolve version mismatch
- Spring Boot + JPA : Column name annotation ignored
- spring validation for requestparam not working
- JPQL cant recognize column
- If STOMP "expires" header is set for a message, the message expires right away without waiting for the expiry period set in the header
- Error registering user in Keycloak: username required while using Keycloak Admin Client API
- jdbc fails to connect to a postgresql database in docker
- How to create a Spring Library and consumers can import all the beans automatically?
- Generated column isn't returned by save() when performing an update
- @AfterReturning method not being triggered correctly in Spring webflux Application
- ElasticSearch QueryBuilder library for Java Spring Boot 3.0.5 is not support
- Spring Security 6 .permitAll() not working
- How to disable CSRF in Spring Boot 3 only for tests
- Unable to compute HS256 signature with JCA algorithm 'HmacSHA256'
- SpringBoot @Valid on one field, based on the value of another field
- Unable to connect to service in same namespace in kubernetes
- @Retryable only retrying once in integration test
- Spring boot - method 'POST' is not supported (multipart/form-data)
- Spring tool suite- SunCertPathBuilderException: unable to find valid certification path to requested target
- How to use different authentication methods for different paths using Spring Security
- how to fetch and validate csv header in open csv?
- create an Exe combining Spring and OpenJFX
- Exception in thread "main" java.lang.IllegalStateException: Attempted to load Config resource 'class path resource [application.yml]'
- How to recover data from Google pub/sub topic subscription when my service is down
- How to enable all endpoints in actuator (Spring Boot 2.0.0 RC1)
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- Problem with file directory link in amazon s3
- WebFluxSecurity does not add Authentication to SecurityContext