英文:
Keycloak roleResource.getRoleUserMembers(); throw a 403 error
问题
我有一个Spring Boot的Java应用程序,我正在尝试获取所有具有特定角色的用户。
为此,我使用以下代码:
RoleResource roleResource = keycloak.realm(realmId).roles().get(userId);
Set<UserRepresentation> users = roleResource.getRoleUserMembers();
但在roleResource.getRoleUserMembers()这一行,我得到了以下错误:
Caused by: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
我猜想我的Keycloak客户端需要更多的角色来执行这个操作,但我不知道是哪些角色。
有人对此有想法吗?
谢谢 
英文:
I hava springboot java application in which I am trying to get all users, that have a specific role.
For that I am using following code:
RoleResource roleResource = keycloak.realm(realmId).roles().get(userId);
Set<UserRepresentation> users = roleResource.getRoleUserMembers();
But in the line with the roleResource.getRoleUserMembers(); part, I am getting
> Caused by: javax.ws.rs.ForbiddenException: HTTP 403 Forbidden
I would gess my Keycloak client needs more roles to do this, but I dont know which ones.
Has anybody an idea on this?
Thank you
答案1
得分: 3
Little update on this.
我有一个403错误,因为我的客户端缺少正确的权限。
在Keycloak中,您必须转到客户端,在“Scope”和“Service Account Roles”下,在“realm-management”下,您必须设置roles query-clients、query-users、query-groups、view-clients、view-users和view-realm。
现在403错误消失了。
英文:
Little update on this.
I got a 403 error because my client was missing the correct rights.
In Keycloak you have to go to your client, under "Scope" and "Service Account Roles" you have to set under realm-management the roles query-clients, query-users, query-groups, view-clients, view-users and view-realm.
Now the 403 error is gone.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论