Java

How to implement authentication for RESTFull WebService (Java)?

There is a RESTFull WebService written with Jersey. Everything works great, but you need to tighten the authorization. Looked/googled in the direction of tokens. I found several bicycles, they naturally do not have much confidence. I also don’t want to write my own bicycle, because the result is not predictable. From the standard, I found a mention of OAuth 1.0 with Jersey, for example here:
https://wikis.oracle.com/display/Jersey/OAuth
To be honest, I didn’t understand much. For example, questions arise:
Where is the token generated?
Where does the expiration date of the token sit (for example, the token is valid no more than an hour from the time of the last use / from the time of generation)?
Where is it written for which URLs this token is valid?
Where and how is it checked whether the token has been stolen / intercepted (for example, 2 requests were received with a difference of half a second, but from different IPs)?
Where is the token stored (for example, I restarted the server, the tokens should still be valid, i.e. somewhere persistently stored and automatically loaded if necessary)?
Where can I see whose token it is?
And yes, there are a lot of questions.
To my great surprise, I did not find anything worthwhile and intelligible. Maybe I didn't search well? Please provide a link to a good tutorial.
PS Sometimes Spring Security is mentioned and as a rule they immediately write that it is very bad friends with Jersey and adds only a bunch of hemorrhoids. Do you have experience with this combination (Spring Security and Jersey)?