I am not too familiar with JWT authentication in Spring Security. But I think you don't have the right privilege to access to order service.
Usually, people have a database table to store the users and their privilege. This table is looked up during authorization.
Every time you till, you lose 30% of your organic matter. But this tiny ad is durable:
a bit of art, as a gift, the permaculture playing cards