Hello, I'm trying to configure security for simple Spring Rest Webapp and Keycloak.

I've configured Keycloak server 1.7.0.Final on WildFly 9.0.2 (created realms, clients, roles, etc.). And it works just fine.

Then I created simple Spring Rest App (boot-less) to test Keycloak security login. I generated keycloak.json file and put it in my WEB-INF folder.

Then I configured web.xml and Spring dispatcher-servlet.xml. And finally created annotation driven security config.

protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.authorizeRequests().antMatchers("/*").hasRole("tms-rest");
}

But when I try to test my web app in browser it does not redirect me to keycloak login page. I made it work when I configured security-constraint in web.xml.

<security-constraint>
    <web-resource-collection>
        <web-resource-name>tms</web-resource-name>
        <url-pattern>/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>tms-rest</role-name>
    </auth-constraint>
</security-constraint>

<security-role>
    <role-name>tms-rest</role-name>
</security-role>

It seems to me that Spring isn't picking up my security rules from security config bean. Is there any suggestion what am I doing wrong?
And how to be able to set config programmatically?

My app source is in attachment.