You can control the authorization behaviour downstream of an
@EnableZuulProxy through the
proxy.auth.* settings. Example:
proxy: auth: routes: customers: oauth2 stores: passthru recommendations: none
In this example the "customers" service gets an OAuth2 token relay, the "stores" service gets a passthrough (the authorization header is just passed downstream), and the "recommendations" service has its authorization header removed. The default behaviour is to do a token relay if there is a token available, and passthru otherwise.
See ProxyAuthenticationProperties for full details.