禁止Keycloak REST API 403 [英] Keycloak REST API 403 forbidden
问题描述
我正在尝试使用keycloak REST API删除用户会话, 但是获取403禁止的Http状态代码. 我正在将令牌和cookie传递到标题中,如果我遗漏了一些东西,请告诉我.
I am trying to delete user session using keycloak REST API, But getting the 403 forbidden Http status code. I am passing the token and cookie in to the header, please let me know if I missing something.
static void logOut(String userId,KeycloakSecurityContext session){
userId = "a12c13b7-fa2e-412f-ac8e-376fdca16a83";
String url = "http://localhost:8081/auth/admin/realms/TestRealm/users/a12c13b7-fa2e-412f-ac8e-376fdca16a83/logout";
HttpClient httpclient = HttpClients.createDefault();
HttpPost httppost = new HttpPost(url);
HttpResponse response;
try {
httppost.addHeader("Accept", "application/json");
httppost.addHeader("Content-Type","application/json");
httppost.addHeader("Cookie", "JSESSIONID=CABD8A135C74864F0961FA629D6D489B");
httppost.addHeader("Authorization", "Bearer "+session.getTokenString());
response = httpclient.execute(httppost);
HttpEntity entity = response.getEntity();
System.out.println("entity :"+response.getStatusLine());
if (entity != null) {
String responseString = EntityUtils.toString(entity, "UTF-8");
System.out.println("body ....."+responseString);
}
} catch (ClientProtocolException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
推荐答案
您用于根据功能访问的用户需要相应领域的权限.
the user you use to access according functions needs according rights on your realm.
例如,我的"admin"用户需要CLIENT"realm-management"的CLIENT ROLE"view-users"才能获取有关用户的信息.在您的情况下,当您需要删除用户时,您可能需要角色"manager-users"或功能更强大.
For example my 'admin' user needed a CLIENT ROLE "view-users" of CLIENT "realm-management" to be able to get information about users. In your case, when you need to delete a user, you may need a role "manage-users" or may be something more powerful.
这篇关于禁止Keycloak REST API 403的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!