@UNix3
It’s probably because you don’t have authentication policy on http-test.istio-system.svc.cluster.local so that the JWT token is not authenticated on the http-test service.
Could you add http-test to the target of the gateway-jwt-policy policy and try again?
Note, the ClusterRbacConfig, ServiceRole and ServiceRoleBinding are deprecated in favor of the new AuthorizationPolicy in 1.4: https://istio.io/blog/2019/v1beta1-authorization-policy/