Hello, I'm trying to configure security for simple Spring Rest Webapp and Keycloak. I've configured Keycloak server 1.7.0.Final on WildFly 9.0.2 (created realms, clients, roles, etc.). And it works just fine. Then I created simple Spring Rest App (boot-less) to test Keycloak security login. I generated keycloak.json file and put it in my WEB-INF folder. Then I configured web.xml and Spring dispatcher-servlet.xml. And finally created annotation driven security config. protected void configure(HttpSecurity http) throws Exception { super.configure(http); http.authorizeRequests().antMatchers("/*").hasRole("tms-rest"); } But when I try to test my web app in browser it does not redirect me to keycloak login page. I made it work when I configured security-constraint in web.xml. <security-constraint> <web-resource-collection> <web-resource-name>tms</web-resource-name> <url-pattern>/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>tms-rest</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>tms-rest</role-name> </security-role> It seems to me that Spring isn't picking up my security rules from security config bean. Is there any suggestion what am I doing wrong? And how to be able to set config programmatically? My app source is in attachment.