How does Policy Enforcement even work?

This is basically a follow-up question to one that I already asked at Stack Overflow - java - Protect individual resources from Spring Boot via Keycloak - Stack Overflow

I managed to protect an individual resource (/persons/1) via policies, resources and permissions.

My question is: How does policy enforcement actually work?

In this video

he says that the whole policy enforcement configuration is taken from Keycloak when my Spring Boot application starts and is then evaluated whenever a user makes a request to my resource server.

How is this done? Is there some kind of API that I haven’t found yet? I even looked at Wireshark but couldn’t see any interaction between my server and Keycloak.

Any ideas? Some links to videos or specification would also be fine.

This is my configuration

  "realm": "myrealm",
  "auth-server-url": "http://localhost:8081/auth/",
  "ssl-required": "external",
  "resource": "myclient",
  "verify-token-audience": true,
  "credentials": {
    "secret": "3fcf4f28-6d11-4942-a8fc-b9445183992a"
  "confidential-port": 0,
  "policy-enforcer": {}

Thank you very much. I’m pretty lost at the moment.