Why intercept secure urls inside application

I am referring to the app-authz-spring-security quickstart to integrate spring application with Keycloak for authentication & authorisation. For authorisation, we prefer to completely maintain resources, policies & permissions in keycloak. However, we noticed that we are also forced to maintain the secured urls along with the desired role on the application side. Like below.
Is there a reason why we have to do this and cannot completely manage resources permissions in Keycloak? This puts some restrictions, like in keycloak, at runtime, I cannot allow admins to access account pages. For that, I will have to change this code.

protected void configure(HttpSecurity http) throws Exception {