I’m assessing how to best secure a vendor app with Keycloak.
I have hooks in the system where I can intercept an incoming token on the Auth header – and I need to validate this token (ideally caching the keys to minimize round trips to Keycloak).
This doesn’t use spring security and wouldn’t fit as a servlet filter – what is the suggested approach here short of just using a rest client to manually perform the steps?
Thanks!
jc