KeyCloak

Question

我们已决定转向 KeyCloak for our identity and access management solution, rather than implement it entirely within our Java EE web app. We're creating a multi-tenant solution, and would prefer to create security realms/users/groups programmatically through our workflow, rather than leveraging KeyCloak's self-registration functionality or web UI so that we can do things like grab credit card details for payment, etc. I know that we could likely leverage the admin REST APIs 来完成此操作，但我不确定除了手动编码 REST 调用之外是否有更简单的方法来完成此操作。 KeyCloak 是否提供了我们可以使用的管理客户端库？或者我们是否坚持自己为管理 API 实现 REST 客户端？

Answer 1

Keycloak Java adapters are focused in usage rather than configuration. You'll need to implement yourself making the necessary calls with the required parameters. There's one tool for that kind of thins, the admin-cli，但我认为它对你的情况没有用。

Answer 2

我发现了一些关于 KeyCloak Java Admin Client. This gist 的信息，其中有很多有用的示例展示了如何管理用户、领域等。

Answer 3

Keycloak kc = KeycloakBuilder.builder() 
            .serverUrl("https://localhost:8443/auth")
            .realm("master")
            .username("admin") 
            .password("admin") 
            .clientId("Mycli") 
            .resteasyClient(new ResteasyClientBuilder().connectionPoolSize(10).build()) 
            .build();

    CredentialRepresentation credential = new CredentialRepresentation();
    credential.setType(CredentialRepresentation.PASSWORD);
    credential.setValue("test123");

    UserRepresentation user = new UserRepresentation();
    user.setUsername("testuser2");
    user.setFirstName("Test2");
    user.setLastName("User2");
    user.setEmail("aaa@bbb.com");
    user.setCredentials(Arrays.asList(credential));
    user.setEnabled(true);
    user.setRealmRoles(Arrays.asList("admin"));

    // Create testuser
    Response result = kc.realm("my-realem").users().create(user);
    if (result.getStatus() != 201) {
        System.err.println("Couldn't create user.");
        System.exit(0);
    }else{
        System.out.println("Testuser created.... verify in keycloak!");
    }

Answer 4

你可以使用 Keycloak Java admin REST api client :

为你的项目添加依赖：

行家

<dependency>
    <groupId>org.keycloak</groupId>
    <artifactId>keycloak-admin-client</artifactId>
    <version>15.0.2</version>
</dependency>

Gradle

implementation 'org.keycloak:keycloak-admin-client:15.0.2'

为您的管理员用户和默认 admin-cli 客户端使用密码身份验证创建 Keycloak using KeycloakBuilder 实例：

Keycloak keycloak = KeycloakBuilder.builder()
            .serverUrl("http://localhost:8081/auth")
            .realm("master")
            .clientId("admin-cli")
            .username("admin")
            .password("admin")
            .build();

要创建新领域，请使用 RealmRepresentation:

RealmRepresentation rr = new RealmRepresentation();
rr.setId("test-realm");
rr.setRealm("test-realm");
rr.setEnabled(true);

keycloak.realms().create(rr);

创建新用户使用 UserRepresentation:

CredentialRepresentation credential = new CredentialRepresentation();
credential.setType(CredentialRepresentation.PASSWORD);
credential.setValue("1234");

UserRepresentation user = new UserRepresentation();
user.setUsername("test");
user.setFirstName("test");
user.setLastName("test");
user.setEmail("test@gmail.com");
user.setCredentials(Arrays.asList(credential));
user.setEnabled(true);
user.setRealmRoles(Arrays.asList("admin"));

keycloak.realm("test-realm").users().create(user);

要创建新组，请使用 GroupRepresentation:

GroupRepresentation groupRepresentation = new GroupRepresentation()
groupRepresentation.setName("group");

Response response = keycloak.realm("test-realm").groups().add(groupRepresentation);

请注意，在创建新的顶级群组时，您不应传递群组 ID - 您可以在创建群组后检索它。

KeyCloak - 以编程方式创建 Realms/Users/Groups？

KeyCloak - Create Realms/Users/Groups Programmatically?

java

rest

keycloak-services

jakarta-ee