[keycloak-user] Recommendations for protecting REST service with bearer token and basic auth

Hi I've just started looking at KeyCloak to use with the Overlord governance projects. I have tried the examples, and see how we could leverage KeyCloak to protect the UI apps and the backend REST services they use. However we also need to provide the REST services as independent services using basic auth - but would like the basic auth to be performed against the users managed by KeyCloak. Is there any recommendations on how this can be achieved? Do we need to provide our own filter - is there any example code to do this? Is it possible to do something via the KeyCloak subsystem configuration approach, in case we wanted to secure the REST service without modifying the war? Thanks in advance. Regards Gary