API to check if user token has roles for a particular resource

I have a keycloak server setup. I am using the token endpoint: http://localhost:8080/auth/realms/demo/protocol/openid-connect/token to authenticate a user and generate a token. This token I understand can be used in subsequent calls to verify if it is a valid user.

However, I am not sure how do I use this to authorize the user? ie verify if this user has the roles to access a resource.

I see that it is possible to configure a resource URI under the client section. But once that is done, I want to be able to read the token and verify if this user has the roles to access this resource.

Right now, this is what I am doing: I have used spring boot here.

doSomething(String token)
 1. get token info using: http://localhost:8080/auth/realms/demo/protocol/openid-connect/userinfo
 2. from this get the roles the user has
 3. Manually check the roles required for the above function. (Right now, this is set in a simple switch statement)
 4. If the role obtained from step 2 matches what we get in step 3, go ahead. Else return failure.

I want to know if step 3 above can be done in a better way. I know taht you can set a resource in clients from the keycloak console. What I was hoping is we could replace the 4 steps above with something like:


which would tell me whether this user has the roles (obtained from token) to access this resource.

Please suggest if this is doable.

Thanks in advance.