diff --git a/pom.xml b/pom.xml
index e13802a..0079729 100644
--- a/pom.xml
+++ b/pom.xml
@@ -132,7 +132,7 @@
 			<scope>test</scope>
 		</dependency>
  <!--jaxb jdk11 support-->
-		<dependency>
+		<!--dependency>
 			<groupId>javax.xml.bind</groupId>
 			<artifactId>jaxb-api</artifactId>
 			<version>2.3.1</version>
@@ -152,7 +152,7 @@
 			<artifactId>jaxws-ri</artifactId>
 			<version>2.3.2</version>
 			<type>pom</type>
-		</dependency>
+		</dependency-->
 		<dependency>
 			<groupId>org.gcube.common</groupId>
 			<artifactId>keycloak-client</artifactId>
diff --git a/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java b/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
index 21c2ad5..006d8fb 100644
--- a/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
+++ b/src/main/java/org/gcube/informationsystem/icproxy/resources/ServiceEndpointResource.java
@@ -14,12 +14,16 @@ import javax.ws.rs.core.MediaType;
 
 import lombok.extern.slf4j.Slf4j;
 
+//import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+//import org.gcube.common.keycloak.model.ModelUtils;
+import org.gcube.common.authorization.library.provider.AccessTokenProvider;
+import org.gcube.common.keycloak.model.ModelUtils;
 import org.gcube.common.resources.gcore.*;
 import org.gcube.common.resources.gcore.utils.Group;
 import org.gcube.common.scope.api.ScopeProvider;
 import org.gcube.resources.discovery.client.api.DiscoveryClient;
 import org.gcube.resources.discovery.client.queries.api.SimpleQuery;
-import org.gcube.resources.discovery.client.queries.impl.XQuery;
+//import org.gcube.resources.discovery.client.queries.impl.XQuery;
 import org.gcube.common.encryption.StringEncrypter;
 
 @Slf4j
@@ -64,16 +68,35 @@ public class ServiceEndpointResource {
 		if(Objects.nonNull(endpoints)) {
 			log.debug("retrieved resources are "+endpoints.size());
 			if (isDecrypt) {
-				List<ServiceEndpoint> ses = new ArrayList<>(endpoints.size());
-				for (ServiceEndpoint resource : endpoints) {
-					ses.add(decryptResource(resource));
+				if (isRoleEnabled()){
+					List<ServiceEndpoint> ses = new ArrayList<>(endpoints.size());
+					for (ServiceEndpoint resource : endpoints) {
+						ses.add(decryptResource(resource));
+					}
+					return ses;
+				}else{
+					log.info("user not enabled to see the resource free to air, sorry");
 				}
-				return ses;
 			}
 		}
 		return endpoints;
 	}
 
+	private boolean isRoleEnabled(){
+		String at= AccessTokenProvider.instance.get();
+		try{
+			if (ModelUtils.getAccessTokenFrom(at).getRealmAccess().getRoles().contains("service-endpoint-key" )) {
+				log.info("The client is authorized to see the resource as 'free-to-air'");
+				return true;
+			}
+		}catch (Exception e){
+			log.error("token not retrieved properly: "+e.getMessage());
+			e.printStackTrace();
+		}
+		log.info("user not authorized, sorry");
+		return false;
+	}
+
 //	@GET
 //	@Path("/{category}/{name}/{ap}")
 //	@Produces(MediaType.TEXT_XML)