[keycloak-user] Keycloak fine grained permissions with Spring Boot / Spring Security

I would like to use permissions or scopes or similar to allow fine grained access to REST resource. Ideally I would like to do something like: @PreAuthorize("hasPermission('Brands', 'brands:write')") ResponseEntity<Brand> getBrand(@PathVariable("brandCode") String brandCode); where 'Brands' is a keycloak client authorization resource with scopes 'brands:write, brands:read'. The only annotation that seems to work is @Secured with a role, I do not with to do RBAC. @Secured({"ROLE_STAFF"}) I have looked at the PolicyEnforcer, it is unclear to me exactly how it is supposed to be used. I can write code of the form: KeycloakSecurityContext keycloakSecurityContext = (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName()); AuthorizationContext authzContext = keycloakSecurityContext.getAuthorizationContext(); if (authzContext.hasScopePermission("brands:write")) { // This works.... } How can I tie the AuthorizationContext from PolicyEnforcing to the standard Spring security annotations ? thanks David