[keycloak-user] @RolesAllowed on @Stateless

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello, I'm playing with Keycloak on a pet project, and I'm really impressed with it. It looks really nice and it's easy to get it working fast. I have one question, though. I know it's early and it's alpha, but I wonder if this is a bug or a non-implemented feature :-) Basically, I wanted to annotate a REST method with @RolesAllowed("admin") for a DELETE request, and @RolesAllowed("user") for a @GET, something that works on with the usual scenario. With Keycloak, however, it seems that it's not being properly propagated to the EJB layer, so, I get a execution denied on the GET, even if the user has the "user" role. I've done a quick experiment, and it's available here: https://github.com/jpkrohling/sample-ejb-roles-basic On the master branch, the implementation with Keycloak. At the "Endpoint" class, I've added the output from Wildfly 8 as a comment: https://github.com/jpkrohling/sample-ejb-roles-basic/blob/master/src/main... On the "QuickStartCode" branch, I've done the same: https://github.com/jpkrohling/sample-ejb-roles-basic/blob/QuickstartCode/... So, is this scenario supposed to work already, or is it planned for a future release? Thanks! Juca.