Securing a Servlet Application
The purpose of this getting started guide is to get you up and running as quickly as possible so that you can experiment with and test various authorization features provided by Keycloak. This quick tour relies heavily on the default database and server configurations and does not cover complex deployment options. For more information on features or configuration options, see the appropriate sections in this documentation.
This guide explains key concepts about Keycloak :
Enabling fine-grained authorization for a client application
Configuring a client application to be a resource server, with protected resources
Defining permissions and authorization policies to govern access to protected resources
Enabling policy enforcement in your applications.