How to authenticate some services in my webapp

Hi all,
I am new to Keycloak.
I need to authenticate some services exposed by my webapp through Keycloak using authentication through Identity providers. (Google, facebook).
Currently my webapp (java application) is running in Tomcat 9.
My idea is to expose a (new) service on which a resource Keycloak and a policy / permission are mapped.
I can login sucessfull through my Realm using Identity Provider and read the logged in principal without problems,
Unfortunately, however, the entire application is subjected to authentication and therefore access to any other exposed service is denied. (on-deny-redirect-to).
Is it possible to reserve authentication only for one or more services?
It seems that the URI configured in the resource is absolutely not considered.

Many thanks!!
Ciao,
Matteo

My web.xml extract:


Develop keycloak
/rest/product/jAuth/
/config/

/rest/jindex/*


default-roles-googlerealm
admin


NONE

<login-config>
	<auth-method>KEYCLOAK</auth-method>
	<realm-name>GoogleRealm</realm-name>
</login-config>

<security-role>
	<role-name>default-roles-googlerealm</role-name>
</security-role>

<security-role>
	<role-name>admin</role-name>
</security-role>

My Keycloak dump:

{
“allowRemoteResourceManagement”: false,
“policyEnforcementMode”: “ENFORCING”,
“resources”: [
{
“name”: “admin services”,
“ownerManagedAccess”: false,
“displayName”: “admin services”,
“attributes”: {},
“_id”: “7d6cd054-550b-4e02-88bf-473784b55b55”,
“uris”: [
“/config/",
"/rest/jindex/

]
},
{
“name”: “product authentication services”,
“ownerManagedAccess”: false,
“displayName”: “authentication rest services”,
“attributes”: {},
“_id”: “a4cab3ae-e3f4-456c-b408-d62d451a544e”,
“uris”: [
“/rest/product/jAuth/*”
]
}
],
“policies”: [
{
“id”: “86a5562b-811b-42e5-879c-02c7b0fd8a94”,
“name”: “Admin user policy”,
“description”: “Single user admin policy”,
“type”: “user”,
“logic”: “POSITIVE”,
“decisionStrategy”: “UNANIMOUS”,
“config”: {
“users”: “[“admin”]”
}
},
{
“id”: “e5151334-1565-45c1-9b06-e71b09567c6d”,
“name”: “Any product users policy”,
“description”: “Defines that any user can do something”,
“type”: “role”,
“logic”: “POSITIVE”,
“decisionStrategy”: “UNANIMOUS”,
“config”: {
“roles”: “[{“id”:“default-roles-googlerealm”,“required”:false}]”
}
},
{
“id”: “047ea46b-6fa5-4731-8d46-df4d7350575c”,
“name”: “Administrative Console Resource Permission”,
“description”: “A policy that defines access to administrative console”,
“type”: “resource”,
“logic”: “POSITIVE”,
“decisionStrategy”: “UNANIMOUS”,
“config”: {
“resources”: “[“admin services”]”,
“applyPolicies”: “[“Admin user policy”]”
}
},
{
“id”: “7d789f9b-7db8-4267-859e-b8f8e3a5df81”,
“name”: “product authentication permission”,
“description”: “A policy that defines IP login”,
“type”: “resource”,
“logic”: “POSITIVE”,
“decisionStrategy”: “UNANIMOUS”,
“config”: {
“resources”: “[“product authentication services”]”,
“applyPolicies”: “[“Any product users policy”]”
}
}
],
“scopes”: [],
“decisionStrategy”: “UNANIMOUS”
}