I'm currently testing the @SecurityDomain("keycloak") and @RolesAllowed annotations on my JAX-RS services and was surprised to see that I get a HTTP 500 (internal server error) when a requesting user doesn't have the role that is required by @RolesAllowed. Is this intentional or a known issue or am I doing something wrong in the config? 

I'm using Wildfly 8.0.0.Final with the default RestEasy module. Would upgrading RestEasy do the trick?

Cheers,

Nils