So far I have been playing with KeyCloak and been able to set it up and running the customer-portal example successfully. Now I need to actually use it in my application, and I am not totally sure whether KeyCloak is the right thing that I am looking for, but I believe my need is just a common use case and hopefully KeyCloak is the right software that I am looking for..
When a user comes to my website, he registers and makes a post. Both the post and the user information is stored into databases, and the link between the user and post, i.e. who made which post? So I have two tables in my database: Post(id, post) and User(id,name), and another table UserPost(PostID, UserID) to store linking information. This is all fine in my own database.
But now when KeyCloak comes into play, the user first registers in KeyCloak server and user information are stored in its own database there, which seems unrelated to the database (Post and User) in my application. I don't want to duplicate two User databases in two servers, right? Even if I can tolerate the duplication, how to make the connection between KeyCloak database and my application database? I am using JBoss, Hibernate/JPA in my application.
Maybe I am missing something in the way how to connect KeyCloak user table with my own application database. Is there any tutorial or documentation that I can read?
Thank you.
Updated: This User table in my application only stores an id, which will come from the KeyCloak user registration information, and one more field 'reputation' which will be assigned based on this user's new post. Most other attributes of a user will be kept intact in the KeyCloak's USER_ENTITY table. Now, whenever a new user registers, KeyCloak will insert a record into the USER_ENTITY table. No worry about that. But at the same time, I need to add a record to the User table in my application based on the user ID from the KeyCloak USER_ENTITY. The question is how to get the User ID from Keycloak from the registration html page?
@Entity
public class User {
@Id
private Long id;
private int reputation = 0;
@OneToMany(mappedBy = "user", cascade = CascadeType.ALL, orphanRemoval = true)
private List<Post> posts = new ArrayList<>();
public User() {
}
public User(Long id, int reputation) {
this.id = id;
this.reputation = reputation;
}
public void setId(Long id) {
}
public Long getId() {
return id;
}
public void setReputation(int reputation) {
this.reputation = reputation;
}
public int getReputation() {
return reputation;
}
public List<Post> getPosts() {
return posts;
}
}
@Entity
public class Post {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
@ManyToOne
private User user;
private String text;
public Post() {
}
public Long getId() {
return id;
}
public void setUser(User user) {
this.user = user;
}
public User getUser() {
return user;
}
public void setText(String text) {
this.text = text;
}
public String getText() {
return text;
}
}
I'm in the process of a conversion almost exactly like this. I had users and roles in a home grown database and used Wildfly security via a custom UsernamePasswordLoginModule. I'm now moving to Keycloak.
I too had database referential integrity for users to other things. What I've done is to not remove the user table completely but to move all of the user attributes over to Keycloak. I maintain a user table with a very minimal amount of information and a primary key that is the Keycloak "user name" (a GUID). You can get that from getting the principal:
@Context
private SecurityContext sc;
...
String userId = sc.getUserPrincipal().getName();
Now I have a key that I can use with JPA to get a user and tie them to anything they need to be tied to.
There will be a further step where I get more data from Keycloak about the user. Right now I have enough in the AccessToken:
KeycloakPrincipal<KeycloakSecurityContext> kcPrincipal = (KeycloakPrincipal<KeycloakSecurityContext>)(sc.getUserPrincipal());
AccessToken accessToken = kcPrincipal.getKeycloakSecurityContext().getToken();
String firstName = accessToken.getGivenName();
String lastName = accessToken.getFamilyName();
but I will eventually have custom user attributes pushed over to the Keycloak side that I'll need to get access to.
来源:https://stackoverflow.com/questions/39259607/how-to-integrate-or-make-use-of-keycloak-user-database-in-my-application