How to declare which resources need to be secured for a rest service implemented using RealmResourceProvider SPI in keycloak

We have implemented a custom rest end point based on and as per the source code here …but we want to secure the resources making sure that only certain client applications could access this end point …

since this creates a jar and not war we probably can’t use keycloak.json …is there any way like keycloak.json that would help us to secure the resources through configuration than code ?

for spring boot using keycloak adapter we specify configuration on which resources to be secured like this


We would like to do the same for rest service created by extending RealmResourceProvider SPI …Fairly new to Keycloak any help from the community in pointing us in the right direction would be great

1 Like

I was about to create the same question. Can we have an answer on this please ?