|
import org.keycloak.admin.client.Keycloak; |
|
import org.keycloak.admin.client.KeycloakBuilder; |
|
import org.keycloak.admin.client.resource.AuthorizationResource; |
|
import org.keycloak.admin.client.resource.ClientResource; |
|
import org.keycloak.admin.client.resource.RealmResource; |
|
import org.keycloak.admin.client.resource.ResourceScopeResource; |
|
import org.keycloak.representations.idm.ClientRepresentation; |
|
import org.keycloak.representations.idm.authorization.ResourceRepresentation; |
|
|
|
import java.util.List; |
|
|
|
public class KeycloakClientAuthorization { |
|
|
|
private static final String AUTH_SERVER_URL = "http://localhost:8080/auth"; |
|
private static final String REALM_NAME = "myrealm"; |
|
private static final String CLIENT_ID = "admin-cli"; |
|
private static final String CLIENT_SECRET = "myadminsecret"; |
|
private static final String CLIENT_NAME = "myclient"; |
|
private static final String NEW_RESOURCE_NAME = "nike"; |
|
private static final String NEW_RESOURCE_URI = "/nike/**"; |
|
private static final String NEW_RESOURCE_ATTRIBUTE = "aaa"; |
|
|
|
public static void main(String[] args) { |
|
// 创建Keycloak客户端实例 |
|
Keycloak keycloak = KeycloakBuilder.builder() |
|
.serverUrl(AUTH_SERVER_URL) |
|
.realm(REALM_NAME) |
|
.clientId(CLIENT_ID) |
|
.clientSecret(CLIENT_SECRET) |
|
.build(); |
|
|
|
// 获取RealmResource和ClientResource实例 |
|
RealmResource realmResource = keycloak.realm(REALM_NAME); |
|
ClientResource clientResource = realmResource.clients().getByClientId(CLIENT_NAME); |
|
|
|
// 获取Keycloak客户端的默认授权资源 |
|
AuthorizationResource authorizationResource = clientResource.authorization(); |
|
List<ResourceRepresentation> defaultResources = authorizationResource.resources().findByName("default"); |
|
ResourceRepresentation defaultResource = defaultResources.get(0); |
|
|
|
// 创建新的授权资源 |
|
ResourceRepresentation newResource = new ResourceRepresentation(); |
|
newResource.setName(NEW_RESOURCE_NAME); |
|
newResource.setUri(NEW_RESOURCE_URI); |
|
authorizationResource.resources().create(newResource); |
|
|
|
// 获取新创建的授权资源的ID |
|
List<ResourceRepresentation> resources = authorizationResource.resources().findByName(NEW_RESOURCE_NAME); |
|
String resourceId = resources.get(0).getId(); |
|
|
|
// 创建一个新的授权范围并绑定请求属性 |
|
ResourceScopeResource scopeResource = authorizationResource.scopes().resource(resourceId); |
|
scopeResource.create(NEW_RESOURCE_ATTRIBUTE); |
|
String attributeId = authorizationResource.resources().findByUri(NEW_RESOURCE_URI).get(0).getAttributes().get(NEW_RESOURCE_ATTRIBUTE); |
|
|
|
// 打印结果 |
|
System.out.println("New resource created: " + NEW_RESOURCE_NAME); |
|
System.out.println("New scope created: " + NEW_RESOURCE_ATTRIBUTE); |
|
System.out.println("Attribute ID: " + attributeId); |
|
|
|
// 更新授权资源名称 |
|
newResource.setName("new-nike"); |
|
authorizationResource.resources().resource(resourceId).update(newResource); |
|
String updatedResourceName = authorizationResource.resources().resource(resourceId).toRepresentation().getName(); |
|
System.out.println("Resource updated: " + updatedResourceName); |
|
|
|
// 删除授权资源 |
|
authorizationResource.resources().resource(resourceId).remove(); |
|
List<ResourceRepresentation> resourcesAfterDeletion = authorizationResource.resources().findByName(NEW_RESOURCE_NAME); |
|
System.out.println("Resources after deletion: " + resourcesAfterDeletion); |
|
} |
|
} |
