在 Vim/Neovim 中编辑密码：如何从命令行禁用交换、备份、撤消等文件

Question

Spindoctor

Asked: 2024-11-01 23:19:41 +0800 CST2024-11-01 23:19:41 +0800 CST 2024-11-01 23:19:41 +0800 CST

KeyCloak Java 服务帐户创建用户

772

我是 Keycloak 的新手，正在尝试弄清楚如何使用Keycloack 管理客户端正确注册用户

文档中没有具体的例子，并且缺少大量屏幕截图，从而产生了歧义。

我找到了两个基于 JAVA 的示例，它们提供了一些有关 API 调用应如何工作的见解：这里和这里，但每次我尝试创建用户或查看领域表示时，我都会遇到 jakarta.ws.rs.NotFoundException：HTTP 404 Not Found。有什么帮助可以解释为什么会发生这种情况吗？

我已经创建了客户端凭证客户端，并分配了以下角色以便能够管理用户（创建、删除、修改）。

我能够使用 POSTMAN 中的客户端凭证流从令牌端点接收令牌

下面你会发现 Java 调用

private Keycloak getAdminKeycloak() {
        this.base = environment.getProperty(MyConstants.KEYCLOAK_TOKEN_END_POINT);
        this.realm = environment.getProperty(MyConstants.KEYCLOAK_REALM);
        this.username = environment.getProperty(MyConstants.KEYCLOAK_SERVER_API_CLIENTID);
        this.password = environment.getProperty(MyConstants.KEYCLOAK_SERVICE_API_SECRET);
        return KeycloakBuilder.builder().serverUrl(base)
                .realm(realm)
                .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
                .clientId(username)
                .clientSecret(password).build();
    }

    @Override
    public ResponseEntity<String> registerUser(User user) {
        
        Keycloak keycloak = getAdminKeycloak();
        // set user representation
        UserRepresentation newuser = new UserRepresentation();
        newuser.setEmail(user.getEmail());
        newuser.setFirstName(user.getFirstName());
        newuser.setLastName(user.getLastName());
        newuser.setEnabled(true);
        // Get realm
        RealmResource realmResource = keycloak.realm(realm);
        System.out.print(realmResource.toRepresentation().toString());
        UsersResource usersResource = realmResource.users();
        ArrayList<UserRepresentation> users = (ArrayList<UserRepresentation>) usersResource.list();
        // create user
        Response response = usersResource.create(newuser);
        String userID = CreatedResponseUtil.getCreatedId(response);
        if (userID == null || userID.isEmpty()) {
            return new ResponseEntity<>(MyConstants.ERROR_OCCURED, HttpStatus.METHOD_FAILURE);
        }
        // set credentials
        CredentialRepresentation passwordCred = new CredentialRepresentation();
        passwordCred.setTemporary(false);
        passwordCred.setType(CredentialRepresentation.PASSWORD);
        passwordCred.setValue(user.getPassword());
        UserResource userResource = usersResource.get(userID);
        userResource.resetPassword(passwordCred);

        return new ResponseEntity<>(MyConstants.REGISTRATION_COMPLETE, HttpStatus.OK);
    }

1 个回答

Voted

Bench Vue · Answer 1 · 2024-11-02T22:33:23+08:00

要求

Maven 3.9.9 和 Java 17

有关 keycloak docker 启动的更多详细信息请参见此处

Keycloak 使用 docker compose 和版本 23.0.7

docker-compose.yml

version: '3.6'

services:
  keycloak_web:
    image: quay.io/keycloak/keycloak:23.0.7
    container_name: keycloak_web
    environment:
      KC_DB: postgres
      KC_DB_URL: jdbc:postgresql://keycloakdb:5432/keycloak
      KC_DB_USERNAME: keycloak
      KC_DB_PASSWORD: password

      KC_HOSTNAME: localhost
      KC_HOSTNAME_PORT: 8080
      KC_HOSTNAME_STRICT: false
      KC_HOSTNAME_STRICT_HTTPS: false

      KC_LOG_LEVEL: info
      KC_METRICS_ENABLED: true
      KC_HEALTH_ENABLED: true
      KEYCLOAK_ADMIN: admin
      KEYCLOAK_ADMIN_PASSWORD: admin
    command: start-dev
    depends_on:
      - keycloakdb
    ports:
      - 8080:8080

  keycloakdb:
    image: postgres:15
    volumes:
      - postgres_data:/var/lib/postgresql/data
    environment:
      POSTGRES_DB: keycloak
      POSTGRES_USER: keycloak
      POSTGRES_PASSWORD: password

volumes:
  postgres_data:

设置客户端 ID/密码和管理员用户角色

更多详细信息请见此处获取主令牌

通过 curl 测试客户端令牌

curl -X POST "http://localhost:8080/realms/my-realm/protocol/openid-connect/token" \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=my-client" \
  -d "client_secret=hzkBBj8MY8hDaqHblrSkKbaDQvUnhbyb" \
  -d "grant_type=client_credentials"

Java 代码

文件树

C:\Users\benchvue\temp\6>tree /F
Folder PATH listing
Volume serial number is 8837-26D8
C:.
│   docker-compose.yml
│   pom.xml
│
└───src
    └───main
        ├───java
        │   └───com
        │       └───example
        │               KeycloakUserRegistrationApplication.java
        │               KeycloakUserService.java
        │               User.java
        │
        └───resources
                application.properties

主要代码

KeycloakUserRegistrationApplication.java

package com.example;

import org.springframework.boot.CommandLineRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
import org.springframework.context.annotation.Bean;
import org.springframework.http.ResponseEntity;

@SpringBootApplication
public class KeycloakUserRegistrationApplication {

    public static void main(String[] args) {
        new SpringApplicationBuilder(KeycloakUserRegistrationApplication.class)
                .properties("server.port=8081")
                .run(args);
    }

    @Bean
    public CommandLineRunner run(KeycloakUserService keycloakUserService) {
        return args -> {
            User newUser = new User();
            newUser.setUsername("testuser");  // Setting the required username
            newUser.setEmail("[email protected]");
            newUser.setFirstName("John");
            newUser.setLastName("Kim");
            newUser.setPassword("password123");  // Example password, adjust as needed

            keycloakUserService.registerUser(newUser);
        };
    }
}

KeycloakUserService.java

package com.example;

import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;

import javax.ws.rs.core.Response;

@Service
public class KeycloakUserService {

    @Autowired
    private Environment environment;

    private Keycloak getAdminKeycloak() {
        String serverUrl = environment.getProperty("keycloak.server-url");
        String masterRealm = environment.getProperty("keycloak.master-realm");
        String clientId = environment.getProperty("keycloak.master-client-id");
        String clientSecret = environment.getProperty("keycloak.master-client-secret");
        
        System.out.println("Server URL: " + serverUrl);
        System.out.println("Master Realm: " + masterRealm);
        System.out.println("Client ID: " + clientId);
        System.out.println("Client Secret: " + clientSecret);

        // Using the password grant type for admin client
        return KeycloakBuilder.builder()
                .serverUrl(serverUrl)
                .realm(masterRealm)
                .grantType(OAuth2Constants.PASSWORD)
                .clientId("admin-cli")
                .username("admin")  // Ensure this matches the username in Keycloak
                .password("admin")  // Ensure this matches the password in Keycloak
                .build();
    }

    private Keycloak getClientKeycloak() {
        String serverUrl = environment.getProperty("keycloak.server-url");
        String targetRealm = environment.getProperty("keycloak.target-realm");
        String clientId = environment.getProperty("keycloak.client-id");
        String clientSecret = environment.getProperty("keycloak.client-secret");

        System.out.println("Target Realm Keycloak Config:");
        System.out.println("serverUrl: " + serverUrl);
        System.out.println("targetRealm: " + targetRealm);
        System.out.println("clientId: " + clientId);
        System.out.println("clientSecret: " + clientSecret);

        // Using client_credentials for non-admin clients
        Keycloak keycloak = KeycloakBuilder.builder()
                .serverUrl(serverUrl)
                .realm(targetRealm)
                .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
                .clientId(clientId)
                .clientSecret(clientSecret)
                .build();

        try {
            AccessTokenResponse tokenResponse = keycloak.tokenManager().getAccessToken();
            System.out.println("Access Token for client: " + tokenResponse.getToken());
        } catch (Exception e) {
            System.out.println("Failed to retrieve client access token: " + e.getMessage());
        }

        return keycloak;
    }

    public ResponseEntity<String> registerUser(User user) {
        Keycloak keycloak = getAdminKeycloak();  // Using admin Keycloak instance
        String targetRealm = environment.getProperty("keycloak.target-realm");
    
        System.out.println("Using target realm: " + targetRealm);
        System.out.println("Creating user with email: " + user.getEmail());
    
        UserRepresentation newUser = new UserRepresentation();
        newUser.setUsername(user.getUsername());  // Ensure username is set here
        newUser.setEmail(user.getEmail());
        newUser.setFirstName(user.getFirstName());
        newUser.setLastName(user.getLastName());
        newUser.setEnabled(true);
    
        RealmResource realmResource = keycloak.realm(targetRealm);
        UsersResource usersResource = realmResource.users();
    
        Response response = usersResource.create(newUser);
        int status = response.getStatus();
        System.out.println("Response status: " + status);
    
        if (status == 201) {
            return new ResponseEntity<>("User registration completed successfully.", HttpStatus.CREATED);
        } else {
            String errorResponse = response.readEntity(String.class);
            System.out.println("Response: " + errorResponse);
            return new ResponseEntity<>("An error occurred while creating the user: " + errorResponse, HttpStatus.BAD_REQUEST);
        }
    }
    
}

应用程序.属性

# Keycloak server URL

keycloak.server-url=http://localhost:8080
keycloak.master-realm=master
keycloak.master-client-id=admin
keycloak.master-client-secret=admin
keycloak.target-realm=my-realm
keycloak.client-id=my-client
keycloak.client-secret=hzkBBj8MY8hDaqHblrSkKbaDQvUnhbyb


# Messages for registration status
registration.complete=User registration completed successfully.
error.occurred=An error occurred while creating the user.

用户.java

package com.example;

public class User {
    private String username;
    private String email;
    private String password;
    private String firstName;
    private String lastName;

    // Getter and setter for username
    public String getUsername() {
        return username;
    }

    public void setUsername(String username) {
        this.username = username;
    }

    // Getter and setter for email
    public String getEmail() {
        return email;
    }

    public void setEmail(String email) {
        this.email = email;
    }

    // Getter and setter for password
    public String getPassword() {
        return password;
    }

    public void setPassword(String password) {
        this.password = password;
    }

    // Getter and setter for firstName
    public String getFirstName() {
        return firstName;
    }

    public void setFirstName(String firstName) {
        this.firstName = firstName;
    }

    // Getter and setter for lastName
    public String getLastName() {
        return lastName;
    }

    public void setLastName(String lastName) {
        this.lastName = lastName;
    }
}

pom.xml

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>com.example</groupId>
    <artifactId>keycloak-user-registration</artifactId>
    <version>1.0-SNAPSHOT</version>
    <packaging>jar</packaging>

    <properties>
        <java.version>17</java.version>
        <spring-boot.version>3.1.0</spring-boot.version>
        <keycloak.version>23.0.7</keycloak.version>
    </properties>

    <dependencies>
        <!-- Spring Boot Starter -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
            <version>${spring-boot.version}</version>
        </dependency>

        <!-- Spring Boot Starter Web -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
            <version>${spring-boot.version}</version>
        </dependency>

        <!-- Keycloak Admin Client (downgraded to 18.0.0) -->
        <dependency>
            <groupId>org.keycloak</groupId>
            <artifactId>keycloak-admin-client</artifactId>
            <version>18.0.0</version>
        </dependency>

        <!-- Javax JAX-RS API (for javax.ws.rs.core) -->
        <dependency>
            <groupId>javax.ws.rs</groupId>
            <artifactId>javax.ws.rs-api</artifactId>
            <version>2.1.1</version>
        </dependency>

        <!-- Logback for logging compatibility -->
        <dependency>
            <groupId>ch.qos.logback</groupId>
            <artifactId>logback-classic</artifactId>
            <version>1.4.7</version>
        </dependency>

        <!-- Lombok (Optional for Getter/Setter) -->
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <version>1.18.24</version>
            <scope>provided</scope>
        </dependency>

        <!-- Testing Dependencies -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <version>${spring-boot.version}</version>
            <scope>test</scope>
        </dependency>

        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-databind</artifactId>
            <version>2.14.3</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-annotations</artifactId>
            <version>2.14.3</version>
        </dependency>
        <dependency>
            <groupId>com.fasterxml.jackson.core</groupId>
            <artifactId>jackson-core</artifactId>
            <version>2.14.3</version>
        </dependency>

    </dependencies>




    <build>
        <plugins>
            <!-- Spring Boot Maven Plugin -->
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
                <version>${spring-boot.version}</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>repackage</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <mainClass>com.example.KeycloakUserRegistrationApplication</mainClass>
                </configuration>
            </plugin>

            <!-- Compiler Plugin for Java 17 -->
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.8.1</version>
                <configuration>
                    <source>${java.version}</source>
                    <target>${java.version}</target>
                </configuration>
            </plugin>
        </plugins>
    </build>
</project>

编译并运行

mvn clena compile
mvn clean package
java -jar target/keycloak-user-registration-1.0-SNAPSHOT.jar

结果 - 用户创建

仅使用 my-realm 进行更新

KeycloakUserService.java

package com.example;

import org.keycloak.OAuth2Constants;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.KeycloakBuilder;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;

import javax.ws.rs.core.Response;
import org.keycloak.admin.client.resource.UserResource;


@Service
public class KeycloakUserService {

    @Autowired
    private Environment environment;

    private Keycloak getClientKeycloak() {
        String serverUrl = environment.getProperty("keycloak.server-url");
        String targetRealm = environment.getProperty("keycloak.target-realm");
        String clientId = environment.getProperty("keycloak.client-id");
        String clientSecret = environment.getProperty("keycloak.client-secret");
    
        System.out.println("Target Realm Keycloak Config:");
        System.out.println("serverUrl: " + serverUrl);
        System.out.println("targetRealm: " + targetRealm);
        System.out.println("clientId: " + clientId);
        System.out.println("clientSecret: " + clientSecret);
    
        // Building Keycloak instance using client credentials
        Keycloak keycloak = KeycloakBuilder.builder()
                .serverUrl(serverUrl)
                .realm(targetRealm) // Set to 'my-realm'
                .grantType(OAuth2Constants.CLIENT_CREDENTIALS)
                .clientId(clientId) // Set to 'my-client'
                .clientSecret(clientSecret) // Set to 'my-client' secret
                .build();
    
        try {
            AccessTokenResponse tokenResponse = keycloak.tokenManager().getAccessToken();
            System.out.println("Access Token for client: " + tokenResponse.getToken());
        } catch (Exception e) {
            System.out.println("Failed to retrieve client access token: " + e.getMessage());
        }
    
        return keycloak;
    }
    
    public ResponseEntity<String> registerUser(User user) {
        // Using the client Keycloak instance for user registration
        Keycloak keycloak = getClientKeycloak();
        
        System.out.println("Creating user with email: " + user.getEmail());
        
        // Set up the user representation for Keycloak
        UserRepresentation newUser = new UserRepresentation();
        newUser.setUsername(user.getUsername());
        newUser.setEmail(user.getEmail());
        newUser.setFirstName(user.getFirstName());
        newUser.setLastName(user.getLastName());
        newUser.setEnabled(true);
    
        // Access target realm
        RealmResource realmResource = keycloak.realm(environment.getProperty("keycloak.target-realm"));
        UsersResource usersResource = realmResource.users();
    
        // Create user in Keycloak
        Response response = usersResource.create(newUser);
        if (response.getStatus() != 201) {
            System.out.println("Response status: " + response.getStatus());
            System.out.println("Response: " + response.readEntity(String.class));
            return new ResponseEntity<>("An error occurred while creating the user", HttpStatus.BAD_REQUEST);
        }
    
        String userId = response.getLocation().getPath().replaceAll(".*/([^/]+)$", "$1");
        System.out.println("User created with ID: " + userId);
        response.close();
    
        // Set credentials
        CredentialRepresentation passwordCred = new CredentialRepresentation();
        passwordCred.setTemporary(false);
        passwordCred.setType(CredentialRepresentation.PASSWORD);
        passwordCred.setValue(user.getPassword());
    
        UserResource userResource = usersResource.get(userId);
        userResource.resetPassword(passwordCred);
    
        return new ResponseEntity<>("User registration completed successfully.", HttpStatus.OK);
    }
    
}

应用程序.属性

keycloak.server-url=http://localhost:8080
keycloak.target-realm=my-realm
keycloak.client-id=my-client
keycloak.client-secret=hzkBBj8MY8hDaqHblrSkKbaDQvUnhbyb

KeyCloak Java 服务帐户创建用户

要求

Keycloak 使用 docker compose 和版本 23.0.7

设置客户端 ID/密码和管理员用户角色

Java 代码

主要代码

编译并运行

结果 - 用户创建

仅使用 my-realm 进行更新

Vue 3：创建时出错“预期标识符但发现‘导入’”[重复]

为什么这个简单而小的 Java 代码在所有 Graal JVM 上的运行速度都快 30 倍，但在任何 Oracle JVM 上却不行？

具有指定基础类型但没有枚举器的“枚举类”的用途是什么？

如何修复未手动导入的模块的 MODULE_NOT_FOUND 错误？

`(表达式，左值) = 右值` 在 C 或 C++ 中是有效的赋值吗？为什么有些编译器会接受/拒绝它？

何时应使用 std::inplace_vector 而不是 std::vector？

在 C++ 中，一个不执行任何操作的空程序需要 204KB 的堆，但在 C 中则不需要

PowerBI 目前与 BigQuery 不兼容：Simba 驱动程序与 Windows 更新有关

AdMob：MobileAds.initialize() - 对于某些设备，“java.lang.Integer 无法转换为 java.lang.String”

我正在尝试仅使用海龟随机和数学模块来制作吃豆人游戏

KeyCloak Java 服务帐户创建用户

1 个回答

要求

Keycloak 使用 docker compose 和版本 23.0.7

设置客户端 ID/密码和管理员用户角色

Java 代码

主要代码

编译并运行

结果 - 用户创建

仅使用 my-realm 进行更新

相关问题