[keycloak-user] JAX-RS @PermitAll with invalid token fails

Hi there, I am trying to setup a JAX-RS webservice with keycloak authentication and want to use the Java EE security annotations (@PermitAll, @RolesAllowed). My current implementation works well with one exception: If I have set an invalid bearer token in the authorization header the TokenVerifier throws a VerificationException stating: Token is not active. I fully understand why it is thrown and that the token is checked before the routing in JAX-RS starts. But if I use @PermitAll I want that everyone reagrdless of any authorization header can access the resource. How can I handle this use case? P.S.: If I access the resource without a token, than I get the correct result from the webservice. Best regards Georg