KeyCloak SpringBoot Adapter


I would like to achieve that SpringBoot applications must authorize each service/application call.
Authentication is done in Access Layer via Apache HTTPD OIDC Connector, where end-user is redirected to SSO page, where they offer their credentials in order to be authenticated and to get access token.

Backend SpringBoot applications must authorize Bearer token retrieved from HTTP header, and which is passed from access layer.
I have set up SpringBoot aplication to use KeyCloak adapter and to validatate Bearer token (keycloak.bearer-only = true).
How do I enforce SpringBoot PEP to authorize received Bearer token against KeyCloak authorization REST interface? I have put some configuration which enforces authorization, but from tcpdump I see that SpringBoot adapter authenticates specified client with client id and it’s secret it does not pass end-user Bearer token to Authorization endpoint.
I have tested KeyCloak authorization endpoint with Postman and it works as expected.
Can somebody give me instructions how to configure Adapter on SpringBoot, or even better if there is any documentation that explains all the parameters that can be configured along with their definitions inside of SpringBoot application?