diff --git a/security/keycloak-oidc-client-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/extended/restclient/OpenApiStoreSchemaIT.java b/security/keycloak-oidc-client-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/extended/restclient/OpenApiStoreSchemaIT.java
index 3b61a47f96..30e5d1f9ea 100644
--- a/security/keycloak-oidc-client-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/extended/restclient/OpenApiStoreSchemaIT.java
+++ b/security/keycloak-oidc-client-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/extended/restclient/OpenApiStoreSchemaIT.java
@@ -2,6 +2,8 @@
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.FileReader;
@@ -77,5 +79,38 @@ private void assertContent(JsonObject content) {
                 "Expected component.schema.Score object.");
         assertTrue(content.getJsonObject("paths").containsKey("/rest-ping"), "Missing expected path: /rest-ping");
         assertTrue(content.getJsonObject("paths").containsKey("/rest-pong"), "Missing expected path: /rest-pong");
+
+        // verify that path /secured/admin is only accessible by user with role 'admin'
+        var expectedRole = getRequiredRoleForPath(content, "/secured/admin");
+        assertEquals("admin", expectedRole);
+
+        // verify that path /secured/getClaimsFromBeans is accessible by any authenticated user
+        expectedRole = getRequiredRoleForPath(content, "/secured/getClaimsFromBeans");
+        // note: '**' is equivalent of @Authenticated and @RolesAllowed("**")
+        assertEquals("**", expectedRole);
+
+        // verify 'oidc' security schema
+        var securitySchema = content
+                .getJsonObject("components")
+                .getJsonObject("securitySchemes")
+                .getJsonObject("SecurityScheme");
+        var actual = securitySchema.getString("type");
+        assertEquals("openIdConnect", actual);
+        actual = securitySchema.getString("description");
+        assertEquals("Authentication", actual);
+        actual = securitySchema.getString("openIdConnectUrl");
+        assertNotNull(actual);
+        assertTrue(actual.endsWith("/auth/realms/test-realm/.well-known/openid-configuration"));
+    }
+
+    private static String getRequiredRoleForPath(JsonObject content, String path) {
+        return content
+                .getJsonObject("paths")
+                .getJsonObject(path)
+                .getJsonObject("get")
+                .getJsonArray("security")
+                .getJsonObject(0)
+                .getJsonArray("SecurityScheme")
+                .getString(0);
     }
 }
diff --git a/security/keycloak-oidc-client-reactive-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/reactive/extended/OpenApiStoreSchemaIT.java b/security/keycloak-oidc-client-reactive-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/reactive/extended/OpenApiStoreSchemaIT.java
index 959fb890c4..c85db491f1 100644
--- a/security/keycloak-oidc-client-reactive-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/reactive/extended/OpenApiStoreSchemaIT.java
+++ b/security/keycloak-oidc-client-reactive-extended/src/test/java/io/quarkus/ts/security/keycloak/oidcclient/reactive/extended/OpenApiStoreSchemaIT.java
@@ -2,6 +2,8 @@
 
 import static org.hamcrest.MatcherAssert.assertThat;
 import static org.hamcrest.Matchers.is;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
 import java.io.FileReader;
@@ -77,5 +79,38 @@ private void assertContent(JsonObject content) {
                 "Expected component.schema.Score object.");
         assertTrue(content.getJsonObject("paths").containsKey("/rest-ping"), "Missing expected path: /rest-ping");
         assertTrue(content.getJsonObject("paths").containsKey("/rest-pong"), "Missing expected path: /rest-pong");
+
+        // verify that path /secured/admin is only accessible by user with role 'admin'
+        var expectedRole = getRequiredRoleForPath(content, "/secured/admin");
+        assertEquals("admin", expectedRole);
+
+        // verify that path /secured/getClaimsFromBeans is accessible by any authenticated user
+        expectedRole = getRequiredRoleForPath(content, "/secured/getClaimsFromBeans");
+        // note: '**' is equivalent of @Authenticated and @RolesAllowed("**")
+        assertEquals("**", expectedRole);
+
+        // verify 'oidc' security schema
+        var securitySchema = content
+                .getJsonObject("components")
+                .getJsonObject("securitySchemes")
+                .getJsonObject("SecurityScheme");
+        var actual = securitySchema.getString("type");
+        assertEquals("openIdConnect", actual);
+        actual = securitySchema.getString("description");
+        assertEquals("Authentication", actual);
+        actual = securitySchema.getString("openIdConnectUrl");
+        assertNotNull(actual);
+        assertTrue(actual.endsWith("/auth/realms/test-realm/.well-known/openid-configuration"));
+    }
+
+    private static String getRequiredRoleForPath(JsonObject content, String path) {
+        return content
+                .getJsonObject("paths")
+                .getJsonObject(path)
+                .getJsonObject("get")
+                .getJsonArray("security")
+                .getJsonObject(0)
+                .getJsonArray("SecurityScheme")
+                .getString(0);
     }
 }
diff --git a/spring/spring-data/src/test/java/io/quarkus/ts/spring/data/rest/additional/OpenAPIIT.java b/spring/spring-data/src/test/java/io/quarkus/ts/spring/data/rest/additional/OpenAPIIT.java
index 0415cbd3bb..e59ceae9e7 100644
--- a/spring/spring-data/src/test/java/io/quarkus/ts/spring/data/rest/additional/OpenAPIIT.java
+++ b/spring/spring-data/src/test/java/io/quarkus/ts/spring/data/rest/additional/OpenAPIIT.java
@@ -61,12 +61,11 @@ void rolesAllowedResourceAuthPermitted() {
         assertNotNull(json.getString("paths.\"/article-jpa/{id}\".get"));
 
         json.setRootPath("");
-        assertEquals("admin", json.getString("paths.\"/secured/deny-all/{id}\".get.security[0].SecurityScheme[0]"));
-        assertEquals("admin", json.getString("paths./secured/roles-allowed.get.security[0].SecurityScheme[0]"));
-        assertEquals("admin", json.getString("paths.\"/secured/roles-allowed/{id}\".get.security[0].SecurityScheme[0]"));
-
-        // TODO: https://github.com/quarkusio/quarkus/issues/30997
-        //        assertEquals("user", json.getString("paths.\"/secured/roles-allowed/{id}\".delete.security[0].SecurityScheme[0]"));
+        // non-Oauth2 security requirement object should be empty
+        assertEquals(null, json.getString("paths.\"/secured/deny-all/{id}\".get.security[0].SecurityScheme[0]"));
+        assertEquals(null, json.getString("paths./secured/roles-allowed.get.security[0].SecurityScheme[0]"));
+        assertEquals(null, json.getString("paths.\"/secured/roles-allowed/{id}\".get.security[0].SecurityScheme[0]"));
+        assertEquals(null, json.getString("paths.\"/secured/roles-allowed/{id}\".delete.security[0].SecurityScheme[0]"));
 
         List<String> list = json.getList("components.schemas.Article.required");
         assertEquals(2, list.size());