Springboot Keycloak Admin添加角色或重置密码错误

Question

我尝试使用管理员客户端在我的密钥斗篷中创建一个新用户

使用此代码：

package br.com.fabioebner.surfpp.api.serivce;

import lombok.extern.slf4j.Slf4j;
import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.*;
import org.keycloak.representations.idm.*;
import org.springframework.boot.context.event.ApplicationReadyEvent;
import org.springframework.context.event.EventListener;
import org.springframework.stereotype.Service;

import javax.ws.rs.core.Response;
import java.util.*;

@Service
@Slf4j
public class KeycloakService {
    private final RealmResource realm;
    private final Keycloak keycloak;

    public KeycloakService() {
        this.keycloak = Keycloak.getInstance(
                "https://myKey/auth/",
                "master",
                "admin",
                "myPass",
                "admin-cli");
        this.realm = keycloak.realm("myRealm");
    }

    @EventListener(ApplicationReadyEvent.class)
    public void addUser(){
        UsersResource users = realm.users();
        ClientResource api = realm.clients().get("api");
//        RoleResource usuario = api.roles().get("USUARIO");
        UserRepresentation novoUsuario = new UserRepresentation();
        novoUsuario.setUsername("joao");
        novoUsuario.setEmail("joao@s.com");
        novoUsuario.setEnabled(true);
        novoUsuario.setFirstName("Joao");
        novoUsuario.setLastName("da Silva");
        novoUsuario.setEmailVerified(true);


        Response response = users.create(novoUsuario);
        String idCriado = response.getLocation().toString().substring(response.getLocation().toString().indexOf("/users/")+7);
        updatePassword(idCriado, "1234"); //HERE RETURN 400 ERROR
        assignRealmRoles(this.realm, idCriado, Collections.singletonList("USUARIO")); //HERE RETURN 404 ERROR

        System.out.println("ss");

    }
    private void updatePassword(String id,String pass){
        CredentialRepresentation cred = new CredentialRepresentation();
        cred.setType(CredentialRepresentation.PASSWORD);
        cred.setValue(pass);
        cred.setTemporary(false);
        realm.users().get(id).resetPassword(cred);
    }
    public static void assignRealmRoles(RealmResource realm, String userId, List<String> roles) {
        String realmName = realm.toRepresentation().getRealm();

        List<RoleRepresentation> roleRepresentations = new ArrayList<>();
        for (String roleName : roles) {
            RoleRepresentation role = realm.clients().get("f3fcd887-6b7d-497b-b344-248143542202").roles().get(roleName).toRepresentation();
            roleRepresentations.add(role);
        }

        UserResource userResource = realm.users().get(userId);
        userResource.roles().clientLevel("api").add(roleRepresentations);
    }
}

所以我尝试使用角色和密码创建用户但没有成功，现在用户已创建但我无法向该用户添加角色并更新密码。

Answer 1

更新密码：

您收到 400，因为用户 ID 无效。请尝试以下操作：

Response response = users.create(novoUsuario);
String idCriado = users.list().stream()
                            .filter(user -> user.getUsername().equals("joao"))
                            .findFirst()
                            .map(UserRepresentation::getId)
                            .orElseThrow();
updatePassword(idCriado, "1234");

添加角色

代替

userResource.roles().clientLevel("api").add(roleRepresentations);

在您的情况下，您需要将 clientID 传递给 clientLevel 方法：

userResource.roles().clientLevel("f3fcd887-6b7d-497b-b344-248143542202").add(roleRepresentations);