Skip to content

Instantly share code, notes, and snippets.

@kbzsoft

kbzsoft/KeycloakAdminClientExample.java

Forked from thomasdarimont/KeycloakAdminClientExample.java
Created June 24, 2019 05:43
Show Gist options
  • Save kbzsoft/137c04e1ce6b74bf260f7e787b4aab2b to your computer and use it in GitHub Desktop.
Save kbzsoft/137c04e1ce6b74bf260f7e787b4aab2b to your computer and use it in GitHub Desktop.
Download ZIP
Using Keycloak Admin Client to create user with roles (Realm and Client level)
Raw
KeycloakAdminClientExample.java
package de.tdlabs.keycloak.client;
import java.util.Arrays;
import java.util.Collections;
import javax.ws.rs.core.Response;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
public class KeycloakAdminClientExample {
public static void main(String[] args) {
String serverUrl = "http://localhost:8080/auth";
String realm = "demo";
String clientId = "idm-client";
String clientSecret = "a200cdf6-ad72-4f6c-af73-5b8e1cc48876";
// // Client "idm-client" needs service-account with at least "manage-users, view-clients, view-realm, view-users" roles for "realm-management"
// Keycloak keycloak = KeycloakBuilder.builder() //
// .serverUrl(serverUrl) //
// .realm(realm) //
// .grantType(OAuth2Constants.CLIENT_CREDENTIALS) //
// .clientId(clientId) //
// .clientSecret(clientSecret).build();
// User "idm-admin" needs at least "manage-users, view-clients, view-realm, view-users" roles for "realm-management"
Keycloak keycloak = KeycloakBuilder.builder() //
.serverUrl(serverUrl) //
.realm(realm) //
.grantType(OAuth2Constants.PASSWORD) //
.clientId(clientId) //
.clientSecret(clientSecret) //
.username("idm-admin") //
.password("admin") //
.build();
// Define user
UserRepresentation user = new UserRepresentation();
user.setEnabled(true);
user.setUsername("tester1");
user.setFirstName("First");
user.setLastName("Last");
user.setEmail("[email protected]");
user.setAttributes(Collections.singletonMap("origin", Arrays.asList("demo")));
// Get realm
RealmResource realmResource = keycloak.realm(realm);
UsersResource userRessource = realmResource.users();
// Create user (requires manage-users role)
Response response = userRessource.create(user);
System.out.println("Repsonse: " + response.getStatusInfo());
System.out.println(response.getLocation());
String userId = response.getLocation().getPath().replaceAll(".*/([^/]+)$", "$1");
System.out.printf("User created with userId: %s%n", userId);
// Get realm role "tester" (requires view-realm role)
RoleRepresentation testerRealmRole = realmResource.roles()//
.get("tester").toRepresentation();
// Assign realm role tester to user
userRessource.get(userId).roles().realmLevel() //
.add(Arrays.asList(testerRealmRole));
// Get client
ClientRepresentation app1Client = realmResource.clients() //
.findByClientId("app-javaee-petclinic").get(0);
// Get client level role (requires view-clients role)
RoleRepresentation userClientRole = realmResource.clients().get(app1Client.getId()) //
.roles().get("user").toRepresentation();
// Assign client level role to user
userRessource.get(userId).roles() //
.clientLevel(app1Client.getId()).add(Arrays.asList(userClientRole));
// Define password credential
CredentialRepresentation passwordCred = new CredentialRepresentation();
passwordCred.setTemporary(false);
passwordCred.setType(CredentialRepresentation.PASSWORD);
passwordCred.setValue("test");
// Set password credential
userRessource.get(userId).resetPassword(passwordCred);
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment