DEV Community

loading...

Keycloak Custom Rest Api (Search by user attribute - Keycloak)

silentrobi profile image Mohammad Abu Musa RABIUL ・3 min read

In this project we are going to develop and integrate a custom rest api in keycloak server.

About Keycloak

Keycloak is an open source Identity and Access Management solution aimed at modern applications and services. It makes it easy to secure applications and services with little to no code. It provides with following features,

  • Single-Sign On
  • Identity Brokering and Social Login
  • User Federation
  • Client Adapters
  • Admin Console
  • Account Management Console
  • Standard Protocols: OpenID Connect, OAuth 2.0, and SAML.

Keycloak setup

We are going to use docker container to run Keycloak along with postgreSQL. We have integrated PostgreSQL with Keycloak inside docker-compose.yml file.


To setup the docker containers, run the following command.
docker-compose -f ./docker-compose.yml up -d
Enter fullscreen mode Exit fullscreen mode

Now, your keycloak should run locally on 8090 port.

Keycloak setup and adding user

URL for keycloak http://localhost:8090/

Note: By default keycloak uses Master realm. As you can see we added user in Demo realm. In order to create new realm, do as follow
image

image
Now lets create a maven project. I will use VS Code as IDE for this project.However, you can use any IDE of your choice. You can check this link to configure VS Code for Java development.

Project Structure

image

pom.xml file contains all the required dependencies. You can copy the dependencies in your project.



Create a model user class UserDto.java under models folder.

Create a mapper class that will map keycloak's UserModel class object to UserDto class object. Use import org.keycloak.models.UserModel; to import UserModel class.


Keycloak provides RealmResourceProvider and RealmResourceProviderFactory interfaces that are used to implement custom rest api.
First we create KeyCloakUserApiProvider class that implements RealmResourceProvider interface. We will then define our custome api method named searchUsersByAttribute.
    @GET
    @Path("users/search-by-attr")
    @NoCache
    @Produces({ MediaType.APPLICATION_JSON })
    @Encoded
    public List<UserDto> searchUsersByAttribute(@DefaultValue(defaultAttr) @QueryParam("attr") String attr,
            @QueryParam("value") String value) {
        return session.users().searchForUserByUserAttribute(attr, value, session.getContext().getRealm())
                .stream().map(e -> userMapper.mapToUserDto(e)).collect(Collectors.toList());
    }
Enter fullscreen mode Exit fullscreen mode

The above method filters user list based on user attribute. Default filter attribute is merchant_id.

KeyCloakUserApiProvider class

Use import org.keycloak.services.resource.RealmResourceProvider; to import the interface.



Lets define KeyCloakUserApiProviderFactory class that implements RealmResourceProviderFactory.

KeyCloakUserApiProviderFactory class

Note: Factory instance will remain through out the lifecycle of keycloak server but KeyCloakUserApiProvider instance will be created at run time.

Register the KeyCloakUserApiProviderFactory class to keycloak by creating org.keycloak.services.resource.RealmResourceProviderFactory file under src\main\resources\META-INF\services\ folder.
Next copy the KeyCloakUserApiProviderFactory class name including package information into that file. For an example,


After that, build the maven project by running mvn clean install. This will generate a target folder. Under the target folder there will be {project artifact id}-*.jar file.

image

Copy that jar file to the Keycloak's standalone/deployments/ directory. For an example, If you run your Keycloak in docker container, you can use the following command:

docker cp <jar_file_path> keycloak:/opt/jboss/keycloak/standalone/deployments/
Enter fullscreen mode Exit fullscreen mode

Test our custom api

Get list of users with merchant_id 1

curl --location --request GET 'http://localhost:8090/auth/realms/demo/userapi-rest/users/search-by-attr?attr=merchant_id&value=1'
Enter fullscreen mode Exit fullscreen mode

image

You can find the project on this GitHub repository.

If you find this article useful, kindly give a start on GitHub.

Discussion (0)

pic
Editor guide