I wonder what would be the best approach, when using Keycloak, to just protect POST, PUT and DELETE and keep GET unprotected and ideally  using the same application path ?