[keycloak-user] Add additional rights mapping step to request chain

Hi, We are using the keycloak-as7-adapter from beta2 and have configured the adapter to use bearer token. We would like to add in some extra processing after the bearer token has been validated in order to map user rights for the user identified by the bearer token using some proprietary code. This is currently done with a custom LoginModule configured for the security-domain of the app. Can you suggest how we might go about adding this extra rights mapping to the request chain after the keycloak adapter has validated the bearer token? Thank you, Jim