[keycloak-dev] resource excludes in web.xml not working in latest master build

Hi all, I created today a build from the latest master branch and struggled with the following problem. I've got some REST services which are excluded from keycloak, so I can access them without a logged in user. (see detail from web.xml) The request body in these post rest services were always empty. I found out that my wildfly tried to authenticate all requests. The tokenStore.saveRequest() method in the OAuthRequestAuthenticator class read the inputStream and so it was empty later on. I dont understand why all my requests are authenticated, even when they are excluded through the web.xml file. So, I added the following lines in the ServletKeycloakAuthMech class in the authenticate method: (see https://github.com/gerbermichi/keycloak/commit/1eaafcd3d9ad4082429ab5...) if (!deployment.isConfigured() || !securityContext.isAuthenticationRequired()) {             return AuthenticationMechanismOutcome.NOT_ATTEMPTED; } This hack solved all my problems. Is this a bug and should i create a pull request? Or are there some problems in my project configuration? Detail from my web.xml file:   <security-constraint>         <web-resource-collection>             <web-resource-name>Client WS</web-resource-name>             <url-pattern>/clientws/*</url-pattern>         </web-resource-collection>         <web-resource-collection>             <web-resource-name>Client Exchange WS</web-resource-name>             <url-pattern>/services/exchange/*</url-pattern>         </web-resource-collection>         <user-data-constraint>             <transport-guarantee>CONFIDENTIAL</transport-guarantee>         </user-data-constraint>     </security-constraint>     <security-constraint>         <web-resource-collection>             <web-resource-name>All</web-resource-name>             <url-pattern>/*</url-pattern>         </web-resource-collection>         <auth-constraint>             <role-name>myRole</role-name>         </auth-constraint>         <user-data-constraint>             <transport-guarantee>CONFIDENTIAL</transport-guarantee>         </user-data-constraint>     </security-constraint>     <login-config>         <auth-method>KEYCLOAK</auth-method>         <realm-name>myRealm</realm-name>     </login-config>     <security-role>         <role-name>myRole</role-name>     </security-role>