如何在我的应用程序中集成或利用KeyCloak用户数据库? [英] How to integrate or make use of KeyCloak user database in my application?

问题描述

到目前为止，我一直在使用KeyCloak并能够对其进行设置并成功运行客户门户示例.现在，我需要在我的应用程序中实际使用它，并且我不能完全确定KeyCloak是否是我所寻找的正确的东西，但是我相信我的需求只是一个普通的用例，希望KeyCloak是我所需要的正确的软件.寻找..

So far I have been playing with KeyCloak and been able to set it up and running the customer-portal example successfully. Now I need to actually use it in my application, and I am not totally sure whether KeyCloak is the right thing that I am looking for, but I believe my need is just a common use case and hopefully KeyCloak is the right software that I am looking for..

当用户访问我的网站时，他注册并发布了帖子.帖子和用户信息都存储在数据库中，以及用户和帖子之间的链接，即谁发布了哪个帖子?所以我的数据库中有两个表:Post(id，post)和User(id，name)，另一个表UserPost(PostID，UserID)用于存储链接信息.在我自己的数据库中，一切都很好.

When a user comes to my website, he registers and makes a post. Both the post and the user information is stored into databases, and the link between the user and post, i.e. who made which post? So I have two tables in my database: Post(id, post) and User(id,name), and another table UserPost(PostID, UserID) to store linking information. This is all fine in my own database.

但是现在KeyCloak发挥作用时，用户首先在KeyCloak服务器中注册，并且用户信息存储在该服务器自己的数据库中，这似乎与我的应用程序中的数据库(Post和User)无关.我不想在两个服务器中复制两个用户数据库，对吗?即使我可以容忍重复，如何在KeyCloak数据库和我的应用程序数据库之间建立连接?我在应用程序中使用的是JBoss，Hibernate/JPA.

But now when KeyCloak comes into play, the user first registers in KeyCloak server and user information are stored in its own database there, which seems unrelated to the database (Post and User) in my application. I don't want to duplicate two User databases in two servers, right? Even if I can tolerate the duplication, how to make the connection between KeyCloak database and my application database? I am using JBoss, Hibernate/JPA in my application.

也许我在如何将KeyCloak用户表与我自己的应用程序数据库连接方面丢失了一些东西.有没有我可以阅读的教程或文档?

Maybe I am missing something in the way how to connect KeyCloak user table with my own application database. Is there any tutorial or documentation that I can read?

谢谢.

已更新:我的应用程序中的此用户表仅存储一个ID(该ID来自KeyCloak用户注册信息)以及一个基于该用户的新帖子分配的信誉"字段.用户的大多数其他属性将在KeyCloak的USER_ENTITY表中保持不变.现在，每当有新用户注册时，KeyCloak都会在USER_ENTITY表中插入一条记录.不用担心.但是同时，我需要根据KeyCloak USER_ENTITY中的用户ID在我的应用程序的User表中添加一条记录.问题是如何从注册html页面从Keycloak获取用户ID?

Updated: This User table in my application only stores an id, which will come from the KeyCloak user registration information, and one more field 'reputation' which will be assigned based on this user's new post. Most other attributes of a user will be kept intact in the KeyCloak's USER_ENTITY table. Now, whenever a new user registers, KeyCloak will insert a record into the USER_ENTITY table. No worry about that. But at the same time, I need to add a record to the User table in my application based on the user ID from the KeyCloak USER_ENTITY. The question is how to get the User ID from Keycloak from the registration html page?

@Entity
public class User {

    @Id
    private Long id;

    private int reputation = 0;

    @OneToMany(mappedBy = "user", cascade = CascadeType.ALL, orphanRemoval = true)
     private List<Post> posts = new ArrayList<>();

     public User() {

     }

     public User(Long id, int reputation) {
         this.id = id;
         this.reputation = reputation;
     }

     public void setId(Long id) {

     }

     public Long getId() {
         return id;
     }

     public void setReputation(int reputation) {
         this.reputation = reputation;
     }

     public int getReputation() {
         return reputation;
     }

     public List<Post> getPosts() {
         return posts;
     }
}


@Entity
public class Post {

    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    @ManyToOne
    private User user;

    private String text;

    public Post() {

    }

    public Long getId() {
        return id;
    }

    public void setUser(User user) {
        this.user = user;
    }

    public User getUser() {
        return user;
    }

    public void setText(String text) {
        this.text = text;
    }

    public String getText() {
        return text;
    }
}

推荐答案

我正在进行转换，几乎完全像这样.我在本地数据库中拥有用户和角色，并通过自定义的UsernamePasswordLoginModule使用了Wildfly安全性.我现在要移到Keycloak.

I'm in the process of a conversion almost exactly like this. I had users and roles in a home grown database and used Wildfly security via a custom UsernamePasswordLoginModule. I'm now moving to Keycloak.

我也具有数据库参照完整性，以使用户可以进行其他操作.我要做的是不完全删除用户表，而是将所有用户属性移到Keycloak上.我维护一个用户表，该表具有非常少量的信息和一个主键，该主键是Keycloak用户名"(GUID).您可以通过获取本金来实现:

I too had database referential integrity for users to other things. What I've done is to not remove the user table completely but to move all of the user attributes over to Keycloak. I maintain a user table with a very minimal amount of information and a primary key that is the Keycloak "user name" (a GUID). You can get that from getting the principal:

@Context
private SecurityContext sc;

...

String userId = sc.getUserPrincipal().getName();

现在，我有了一个密钥，可以与JPA一起使用，以获取用户并将其绑定到需要绑定的任何内容.

Now I have a key that I can use with JPA to get a user and tie them to anything they need to be tied to.

还有一个进一步的步骤，我将从Keycloak获取有关用户的更多数据.现在，我在AccessToken中已经足够了:

There will be a further step where I get more data from Keycloak about the user. Right now I have enough in the AccessToken:

KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sc.getUserPrincipal());
AccessToken accessToken = kcPrincipal.getKeycloakSecurityContext().getToken();

String firstName = accessToken.getGivenName();
String lastName = accessToken.getFamilyName();

但是我最终将把需要访问的自定义用户属性推到Keycloak端.

but I will eventually have custom user attributes pushed over to the Keycloak side that I'll need to get access to.

这篇关于如何在我的应用程序中集成或利用KeyCloak用户数据库?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！