How to get the AccessToken of Keycloak in Spring Boot and/or Java EE

May 14, 2016

In many of my Keycloak consulting projects, I get asked again and again, how to get easy access to the authorization data of the Keycloak SSO server:
the AccessToken.

Spring Boot

In Spring Boot, things are really easy (as most things are in Spring Boot). Just create a request scoped @Bean annotated method to get the AccessToken:

@Bean
@Scope(scopeName = WebApplicationContext.SCOPE_REQUEST,
       proxyMode = ScopedProxyMode.TARGET_CLASS)
public AccessToken getAccessToken() {
  HttpServletRequest request =
    ((ServletRequestAttributes) RequestContextHolder
      .currentRequestAttributes()).getRequest();
  return ((KeycloakPrincipal) request.getUserPrincipal())
    .getKeycloakSecurityContext().getToken();
}

Then, you can just auto-wire the AccessToken object in your appropriate controller bean and use it. Easy.

Java EE

In Java EE, it’s pretty similar, we do it with a request scoped CDI producer bean, which provides a method returning the AccessToken annotated with @Produces.

@RequestScoped
public class AccessTokenProducer {

  @Inject private HttpServletRequest request;

  @Produces
  public AccessToken getAccessToken() {
    return ((KeycloakPrincipal) request.getUserPrincipal())
      .getKeycloakSecurityContext().getToken();
  }
}

Now you can inject the AccessToken object anywhere you need it and have access to the authorization data.


Both approaches assume that you have set up your Keycloak SSO server properly and configured the applications also the right way. I created two small demo applications, where you can review the code:

dasniko/keycloak-springboot-demo
dasniko/keycloak-javaee-demo

Tags: keycloak javaee springboot