See: http://lists.jboss.org/pipermail/keycloak-dev/2014-May/001851.html
To differentiate "admin" from "developers", fine grained permissions like @RolesAllowed is required or any other methods anything else to authorize the execution of admin's endpoint.
|