Assuming you're securing your paths using web.xml there's http-method-omission
which allows omitting specific methods from the secure web collection.
From: "Sebastien Blanc" <sblanc(a)redhat.com>
To: keycloak-user(a)lists.jboss.org
Sent: Sunday, April 19, 2015 8:20:49 PM
Subject: [keycloak-user] Best practice public API Rest (GET Method) Vs Protected
Hi all,
I wonder what would be the best approach, when using Keycloak, to just
protect POST, PUT and DELETE and keep GET unprotected and ideally using the
same application path ?
Sebi
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user