So far I have been playing with KeyCloak and been able to set it up and running the customer-portal example successfully. Now I need to actually use it in my application, and I am not totally sure whether KeyCloak is the right thing that I am looking for, but I believe my need is just a common use case and hopefully KeyCloak is the right software that I am looking for..
When a user comes to my website, he registers and makes a post. Both the post and the user information is stored into databases, and the link between the user and post, i.e. who made which post? So I have two tables in my database: Post(id, post) and User(id,name), and another table UserPost(PostID, UserID) to store linking information. This is all fine in my own database.
But now when KeyCloak comes into play, the user first registers in KeyCloak server and user information are stored in its own database there, which seems unrelated to the database (Post and User) in my application. I don't want to duplicate two User databases in two servers, right? Even if I can tolerate the duplication, how to make the connection between KeyCloak database and my application database? I am using JBoss, Hibernate/JPA in my application.
Maybe I am missing something in the way how to connect KeyCloak user table with my own application database. Is there any tutorial or documentation that I can read?
Thank you.
Updated: This User table in my application only stores an id, which will come from the KeyCloak user registration information, and one more field 'reputation' which will be assigned based on this user's new post. Most other attributes of a user will be kept intact in the KeyCloak's USER_ENTITY table. Now, whenever a new user registers, KeyCloak will insert a record into the USER_ENTITY table. No worry about that. But at the same time, I need to add a record to the User table in my application based on the user ID from the KeyCloak USER_ENTITY. The question is how to get the User ID from Keycloak from the registration html page?
@Entity
public class User {
@Id
private Long id;
private int reputation = 0;
@OneToMany(mappedBy = "user", cascade = CascadeType.ALL, orphanRemoval = true)
private List<Post> posts = new ArrayList<>();
public User() {
}
public User(Long id, int reputation) {
this.id = id;
this.reputation = reputation;
}
public void setId(Long id) {
}
public Long getId() {
return id;
}
public void setReputation(int reputation) {
this.reputation = reputation;
}
public int getReputation() {
return reputation;
}
public List<Post> getPosts() {
return posts;
}
}
@Entity
public class Post {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@ManyToOne
private User user;
private String text;
public Post() {
}
public Long getId() {
return id;
}
public void setUser(User user) {
this.user = user;
}
public User getUser() {
return user;
}
public void setText(String text) {
this.text = text;
}
public String getText() {
return text;
}
}
The credentials of this user will be used by the Keycloak server to connect to the MySQL database. When creating a new user for the Keycloak database, you can give this user any valid username and password. In the MySQL command above, I have created a new user with username “ keycloak-user ” and password “ 1h7rHhfy3 “.
When creating a new user for the Keycloak database, you can give this user any valid username and password. In the MySQL command above, I have created a new user with username “ keycloak-user ” and password “ 1h7rHhfy3 “.
Start the application ng s, then you will have the login screen provided by the Keycloak, log in with the correct user to access your application who has the roles that are assigned in the routing configuration Thanks for this awesome article, but what is the difference between using keycloak instead of simple JWT ?? Thanks for reading...
Out-of-the-box, Keycloak provides a range of standard-based integrations based on protocols like SAML, OpenID Connect, and OAuth2. While this built-in functionality is quite powerful, sometimes it's not enough. A common requirement, especially when legacy systems are involved, is to integrate users from those systems into Keycloak.
I'm in the process of a conversion almost exactly like this. I had users and roles in a home grown database and used Wildfly security via a custom UsernamePasswordLoginModule. I'm now moving to Keycloak.
I too had database referential integrity for users to other things. What I've done is to not remove the user table completely but to move all of the user attributes over to Keycloak. I maintain a user table with a very minimal amount of information and a primary key that is the Keycloak "user name" (a GUID). You can get that from getting the principal:
@Context
private SecurityContext sc;
...
String userId = sc.getUserPrincipal().getName();
Now I have a key that I can use with JPA to get a user and tie them to anything they need to be tied to.
There will be a further step where I get more data from Keycloak about the user. Right now I have enough in the AccessToken:
KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sc.getUserPrincipal());
AccessToken accessToken = kcPrincipal.getKeycloakSecurityContext().getToken();
String firstName = accessToken.getGivenName();
String lastName = accessToken.getFamilyName();
but I will eventually have custom user attributes pushed over to the Keycloak side that I'll need to get access to.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With