diff --git a/pom.xml b/pom.xml
index 33287a67edb208121a0935c13ae7ab66d8690f7b..1d8ac0d6cf939e91c4630dfc95b7951a50cd87a7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -249,6 +249,18 @@
             <artifactId>java-jwt</artifactId>
             <version>3.8.3</version>
         </dependency>
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>3.8.3</version>
+        </dependency>
+        <dependency>
+            <groupId>org.keycloak</groupId>
+            <artifactId>keycloak-spring-boot-2-starter</artifactId>
+            <version>4.0.0.Final</version>
+        </dependency>
+
+
     </dependencies>
 
     <build>
diff --git a/src/main/application.properties b/src/main/application.properties
new file mode 100644
index 0000000000000000000000000000000000000000..a2a68cdc67d6dec29a86f7bd40198adb258ba8eb
--- /dev/null
+++ b/src/main/application.properties
@@ -0,0 +1,14 @@
+keycloak.realm=Demo
+keycloak.resource=vanilla
+keycloak.auth-server-url=http://localhost:8080/auth
+keycloak.ssl-required=external
+keycloak.public-client=true
+
+#keycloak.securityConstraints[0].authRoles[0]=Member
+#keycloak.securityConstraints[0].authRoles[1]=Librarian
+#keycloak.securityConstraints[0].securityCollections[0].name=member resource
+#keycloak.securityConstraints[0].securityCollections[0].patterns[0]=/books
+
+#keycloak.securityConstraints[1].authRoles[0]=Librarian
+#keycloak.securityConstraints[1].securityCollections[0].name=librarian resource
+#keycloak.securityConstraints[1].securityCollections[0].patterns[0]=/manager
\ No newline at end of file
diff --git a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
index d8ec1acfbc932f8cb5faa1a42199904ffc88a092..adacd7a814d7a50434df94ec843160f93dc2ade8 100644
--- a/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
+++ b/src/main/java/eu/hbp/mip/configuration/SecurityConfiguration.java
@@ -88,6 +88,9 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
     @Value("#{'${hbp.resource.revokeTokenUri:https://services.humanbrainproject.eu/oidc/revoke}'}")
     private String revokeTokenURI;
 
+    @Autowired
+    private HttpServletRequest request;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         // @formatter:off
@@ -108,9 +111,11 @@ public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
                     .addFilterBefore(ssoFilter(), BasicAuthenticationFilter.class);
         }
         else {
-            http.antMatcher("/**")
-                    .authorizeRequests()
-                    .antMatchers("/**").permitAll().and().csrf().disable();
+            //keycloak
+            (KeycloakSecurityContext) request.getAttribute(KeycloakSecurityContext.class.getName());
+//            http.antMatcher("/**")
+//                    .authorizeRequests()
+//                    .antMatchers("/**").permitAll().and().csrf().disable();
         }
     }