Keycloak Spring Boot - Authorization ignored

Hi,
i have 3 Views,

/
/about
/useronly

I added Spring Security and Keycloak, login is working etc.

BUT when i am logged in and navigate to another menu by using tab, i can access the menu. When i reload the page i get the error “Access denied” is looks like the navigation ignores the Autentication or did not reload the page?!

Has anyone an idea?

@KeycloakConfiguration
public class SecurityConfig extends KeycloakWebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(keycloakAuthenticationProvider());
    }



    @Bean
    @Override
    protected SessionAuthenticationStrategy sessionAuthenticationStrategy() {
        return new RegisterSessionAuthenticationStrategy(new SessionRegistryImpl());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        super.configure(http);
        http.httpBasic().disable();
        http.formLogin().disable();
        // disable spring security csrf as Vaadin already provides this
        // also possible to disable this in Vaadin and leave this enabled
        http.csrf().disable();
         http.anonymous().disable();
        http
                .authorizeRequests()
                .antMatchers("/about").hasAnyRole("admin", "user")
                .antMatchers("/useronly").hasRole("user")
                .anyRequest().permitAll();
    }

    /**
     * Allows access to static resources, bypassing Spring security.
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                // Vaadin Flow static resources //
                "/VAADIN/**",
                // the standard favicon URI
                "/favicon.ico",
                // the robots exclusion standard
                "/robots.txt",
                // web application manifest //
                "/manifest.webmanifest",
                "/sw.js",
                "/offline-page.html",
                // (development mode) static resources //
                "/frontend/**",
                // (development mode) webjars //
                "/webjars/**",
                // (production mode) static resources //
                "/frontend-es5/**", "/frontend-es6/**");
    }

}

tab.add(new RouterLink(“Benutzerbereich”, Useronly.class)); //navigate to page /useronly


@Route(value = “useronly”, layout = MainView.class)
@PageTitle(“Useronly”)
public class Useronly extends Div {

public Useronly() {
    setId("about-view");
    add(new Text("Userarea"));
}

}