0
我試圖通過keycloak authzclient從keycloak服務器檢查用戶權限。但是經常失敗,現在我不確定我是否對這個過程有一些誤解。Keycloak通過Authzclient檢查權限
AuthzClient authzClient = AuthzClient.create();
String eat = authzClient.obtainAccessToken("tim", "test123").getToken();
AuthorizationResource resource = authzClient.authorization(eat);
PermissionRequest request = new PermissionRequest();
request.setResourceSetName("testresource");
String ticket = authzClient.protection().permission().forResource(request).getTicket();
AuthorizationResponse authResponse = resource.authorize(new AuthorizationRequest(ticket));
System.out.println(authResponse.getRpt());
最後一次調用authResponse.getRpt()失敗,出現403禁止。 但管理控制檯中的以下設置評估爲允許?
客戶端配置爲:
{
"realm": "testrealm",
"auth-server-url": "http://localhost:8080/auth",
"ssl-required": "external",
"resource": "tv",
"credentials": {
"secret": "d0c436f7-ed19-483f-ac84-e3b73b6354f0"
},
"use-resource-role-mappings": true
}
下面的代碼:
AuthzClient authzClient = AuthzClient.create();
String eat = authzClient.obtainAccessToken("tim", "test123").getToken();
EntitlementResponse response = authzClient.entitlement(eat).getAll("tv");
String rpt = response.getRpt();
TokenIntrospectionResponse requestingPartyToken = authzClient.protection().introspectRequestingPartyToken(rpt);
if (requestingPartyToken.getActive()) {
for (Permission granted : requestingPartyToken.getPermissions()) {
System.out.println(granted.getResourceSetId()+" "+granted.getResourceSetName()+" "+granted.getScopes());
}
}
只是給我的 「默認資源」
7d0f10d6-6f65-4866-816b-3dc5772fc465 Default Resource []
但是,即使我把這個默認資源的第一個代碼片段
...
PermissionRequest request = new PermissionRequest();
request.setResourceSetName("Default Resource");
...
它五我一403。我錯在哪裏?
親切的問候
Keycloak Server是3.2.1.Final。 keycloak-authz-client是3.2.0.Final。