.aliases

@@ -93,6 +93,8 @@ alias gw-spotless='./gradlew spotlessApply -x pitest -x test -x :processResource
 alias gw-test='. .aliases; ./gradlew test'
 alias gw-check='. .aliases; gw test check -x pitest'
 
+alias cas-curl='bin/cas-curl'
+
 # etc/docker-compose.yml limits CPUs+MEM and includes a PostgreSQL config for analysing slow queries
 alias gw-importOfficeData-in-docker-compose='
         docker-compose -f etc/docker-compose.yml down &&

README.md

@@ -68,28 +68,36 @@ If you have at least Docker and the Java JDK installed in appropriate versions a
     
     # if the container has not been built yet, run this:
     pg-sql-run          # downloads + runs PostgreSQL in a Docker container on localhost:5432
+
     # if the container has been built already and you want to keep the data, run this:
     pg-sql-start
 
-    gw bootRun      # compiles and runs the application on localhost:8080
+Next, compile and run the application without CAS-authentication on `localhost:8080`:
+
+    export HSADMINNG_CAS_SERVER=
+    gw bootRun
+
+For using the REST-API with CAS-authentication, see `bin/cas-curl`.   
+
+Now we can access the REST API, e.g. using curl:
 
     # the following command should reply with "pong":
-    curl -f http://localhost:8080/api/ping
+    curl -f -s http://localhost:8080/api/ping
 
     # the following command should return a JSON array with just all customers:
-    curl -f\
+    curl -f -s\
         -H 'current-subject: superuser-alex@hostsharing.net' \
         http://localhost:8080/api/test/customers \
     | jq # just if `jq` is installed, to prettyprint the output
 
     # the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
-    curl -f\
+    curl -f -s\
         -H 'current-subject: superuser-alex@hostsharing.net' -H 'assumed-roles: rbactest.customer#yyy:ADMIN' \
         http://localhost:8080/api/test/packages \
     | jq
 
     # add a new customer
-    curl -f\
+    curl -f -s\
         -H 'current-subject: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
         -d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
         -X POST http://localhost:8080/api/test/customers \
@@ -807,6 +815,29 @@ postgres-autodoc
 The output will list the generated files.
 
 
+### How to Add (Real) Admin Users
+
+```sql
+DO $$
+DECLARE
+    -- replace with your admin account names
+    admin_users TEXT[] := ARRAY['admin-1', 'admin-2', 'admin-3'];
+    admin TEXT;
+BEGIN
+    -- run as superuser
+    call base.defineContext('adding real admin users', null, null, null);
+    
+    -- for all new admin accounts
+    FOREACH admin IN ARRAY admin_users LOOP
+        call rbac.grantRoleToSubjectUnchecked(
+                rbac.findRoleId(rbac.global_ADMIN()), -- granted by role
+                rbac.findRoleId(rbac.global_ADMIN()), -- role to grant
+                rbac.create_subject(admin)); -- creates the new admin account
+        END LOOP;
+END $$;
+```
+
+
 ## Further Documentation
 
 - the `doc` directory contains architecture concepts and a glossary

bin/cas-curl

@@ -0,0 +1,165 @@
+#!/bin/bash
+
+if [ "$#" -eq 0 ] || [ "$1" == "help" ] || [ "$1" == "--help" ] || [ "$1" == "-h" ]; then
+  cat <<EOF
+  curl-wrapper utilizing CAS-authentication for hsadmin-ng
+  usage: $0 [--trace] <<command>> [parameters]
+
+  commands:
+EOF
+  grep '") ''# ' $0
+  exit
+fi
+
+if [ "$1" == "--trace" ]; then
+  function trace() {
+    echo "$*" >&2
+  }
+  function doCurl() {
+    set -x
+    curl --fail-with-body --header "Authorization: $HSADMINNG_CAS_TICKET" "$@"
+    set +x
+  }
+  shift
+else
+  function trace() {
+    : # noop
+  }
+  function doCurl() {
+    curl --fail-with-body --header "Authorization: $HSADMINNG_CAS_TICKET" "$@"
+  }
+fi
+
+if [ -z "$HSADMINNG_CAS_LOGIN" ] || [ -z "$HSADMINNG_CAS_VALIDATE" ] || \
+   [ -z "$HSADMINNG_CAS_SERVICE_ID" ]; then
+  cat >&2 <<EOF
+  ERROR: environment incomplete
+
+  please set the following environment variables:
+  export HSADMINNG_CAS_LOGIN=https://login.hostsharing.net/cas/v1/tickets
+  export HSADMINNG_CAS_VALIDATE=https://login.hostsharing.net/cas/proxyValidate
+  export HSADMINNG_CAS_USERNAME=<<optionally, your username, or leave empty after '='>>
+  export HSADMINNG_CAS_PASSWORD=<<optionally, your password, or leave empty after '='>>
+  export HSADMINNG_CAS_SERVICE_ID=https://hsadminng.hostsharing.net:443/
+EOF
+  exit 1
+fi
+
+function casLogout() {
+  rm -f ~/.cas-login-tgt
+}
+
+function casLogin() {
+  # ticket granting ticket exists and not expired?
+  if find ~/.cas-login-tgt -type f -size +0c -mmin -60 2>/dev/null | grep -q .; then
+    return
+  fi
+
+  if [ -z "$HSADMINNG_CAS_USERNAME" ]; then
+    read -e -p "Username: " HSADMINNG_CAS_USERNAME
+  fi
+
+  if [ -z "$HSADMINNG_CAS_PASSWORD" ]; then
+    read -s -e -p "Password: " HSADMINNG_CAS_PASSWORD
+  fi
+
+  # Do NOT use doCurl here! We do neither want to print the password nor pass a CAS service ticket.
+  trace "+ curl --fail-with-body -s -i -X POST \
+        -H 'Content-Type: application/x-www-form-urlencoded' \
+        -d \"username=$HSADMINNG_CAS_USERNAME&password=<<PASSWORD OMITTED>>\" \
+        $HSADMINNG_CAS_LOGIN -o ~/.cas-login-tgt.response -D -"
+  HSADMINNG_CAS_TGT=`curl --fail-with-body -s -i -X POST \
+        -H 'Content-Type: application/x-www-form-urlencoded' \
+        -d "username=$HSADMINNG_CAS_USERNAME&password=$HSADMINNG_CAS_PASSWORD" \
+        $HSADMINNG_CAS_LOGIN -o ~/.cas-login-tgt.response -D - \
+        | grep -i "^Location: " |  sed -e 's/^Location: //' -e 's/\\r//'`
+  if [ -z "$HSADMINNG_CAS_TGT" ]; then
+    echo "ERROR: could not get ticket granting ticket" >&2
+    cat ~/.cas-login-tgt.response >&2
+  fi
+  echo "$HSADMINNG_CAS_TGT" >~/.cas-login-tgt
+  trace "$HSADMINNG_CAS_TGT"
+}
+
+function casTicket() {
+  HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt)
+  if [[ -z "$HSADMINNG_CAS_TGT" ]]; then
+    echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2
+    exit 1
+  fi
+  trace "CAS-TGT: $HSADMINNG_CAS_TGT"
+
+  trace "fetching CAS service ticket"
+  trace "curl -s -d \"service=$HSADMINNG_CAS_SERVICE_ID\" $HSADMINNG_CAS_TGT"
+  HSADMINNG_CAS_TICKET=$(curl -s -d "service=$HSADMINNG_CAS_SERVICE_ID" $HSADMINNG_CAS_TGT)
+  if [[ -z "$HSADMINNG_CAS_TICKET" ]]; then
+    echo "ERROR: cannot get CAS service ticket" >&2
+    exit 1
+  fi
+
+  echo $HSADMINNG_CAS_TICKET
+}
+
+function casValidate() {
+  HSADMINNG_CAS_TICKET=`casTicket`
+
+  trace "validating CAS-TICKET: $HSADMINNG_CAS_TICKET"
+  # Do NOT use doCurl here! We do not pass a CAS service ticket.
+  trace curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE_ID}
+  HSADMINNG_CAS_USER=`curl -i -s $HSADMINNG_CAS_VALIDATE?ticket=${HSADMINNG_CAS_TICKET}\&service=${HSADMINNG_CAS_SERVICE_ID} | grep -oPm1 "(?<=<cas:user>)[^<]+"`
+  if [ -z "$HSADMINNG_CAS_USER" ]; then
+    echo "validation failed" >&2
+    exit 1
+  fi
+  echo "CAS-User: $HSADMINNG_CAS_USER"
+}
+
+case "${1,,}" in
+  "login") # reads username+password and fetches ticket granting ticket (bypasses HSADMINNG_CAS_USERNAME+HSADMINNG_CAS_PASSWORD)
+    casLogout
+    export HSADMINNG_CAS_USERNAME=
+    export HSADMINNG_CAS_PASSWORD=
+    casLogin
+    ;;
+  "logout") # logout, deleting ticket granting ticket
+    casLogout
+    ;;
+  "validate") # validates ticket granting ticket and prints currently logged in user
+    casValidate
+    ;;
+  "get") # HTTP GET, add URL as parameter
+    shift
+    casLogin
+    HSADMINNG_CAS_TICKET=`casTicket`
+    doCurl "$*"
+    ;;
+  "post") # HTTP POST, add curl options to specify the request body and the URL as last parameter
+    shift
+    casLogin
+    HSADMINNG_CAS_TICKET=`casTicket`
+    doCurl --header "Content-Type: application/json" -X POST "$@"
+    ;;
+  "patch") # HTTP PATCH, add curl options to specify the request body and the URL as last parameter
+    shift
+    casLogin
+    HSADMINNG_CAS_TICKET=`casTicket`
+    doCurl --header "Content-Type: application/json" -X POST "$*"
+    ;;
+  "delete") # HTTP DELETE, add curl options to specify the request body and the URL as last parameter
+    shift
+    casLogin
+    HSADMINNG_CAS_TICKET=`casTicket`
+    curl -X POST "$@"
+    ;;
+  *)
+    cat >&2 <<EOF
+    unknown command: '$1'
+    valid commands: help, login, logout, validate, get, post, patch, delete
+EOF
+    exit 1
+    ;;
+esac
+
+
+
+

build.gradle

@@ -93,6 +93,7 @@ dependencies {
     testImplementation 'org.hamcrest:hamcrest-core:3.0'
     testImplementation 'org.pitest:pitest-junit5-plugin:1.2.1'
     testImplementation 'org.junit.jupiter:junit-jupiter-api'
+    testImplementation 'org.wiremock:wiremock-standalone:3.10.0'
 }
 
 dependencyManagement {

src/main/java/net/hostsharing/hsadminng/config/AuthenticatedHttpServletRequestWrapper.java

@@ -0,0 +1,54 @@
+package net.hostsharing.hsadminng.config;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletRequestWrapper;
+import java.util.*;
+
+public class AuthenticatedHttpServletRequestWrapper extends HttpServletRequestWrapper {
+
+    private final Map<String, String> customHeaders = new HashMap<>();
+
+    public AuthenticatedHttpServletRequestWrapper(HttpServletRequest request) {
+        super(request);
+    }
+
+    public void addHeader(final String name, final String value) {
+        customHeaders.put(name, value);
+    }
+
+    @Override
+    public String getHeader(final String name) {
+        // Check custom headers first
+        final var customHeaderValue = customHeaders.get(name);
+        if (customHeaderValue != null) {
+            return customHeaderValue;
+        }
+        // Fall back to the original headers
+        return super.getHeader(name);
+    }
+
+    @Override
+    public Enumeration<String> getHeaderNames() {
+        // Combine original headers and custom headers
+        final var headerNames = new HashSet<>(customHeaders.keySet());
+        final var originalHeaderNames = super.getHeaderNames();
+        while (originalHeaderNames.hasMoreElements()) {
+            headerNames.add(originalHeaderNames.nextElement());
+        }
+        return Collections.enumeration(headerNames);
+    }
+
+    @Override
+    public Enumeration<String> getHeaders(final String name) {
+        // Combine original headers and custom header
+        final var values = new HashSet<String>();
+        if (customHeaders.containsKey(name)) {
+            values.add(customHeaders.get(name));
+        }
+        final var originalValues = super.getHeaders(name);
+        while (originalValues.hasMoreElements()) {
+            values.add(originalValues.nextElement());
+        }
+        return Collections.enumeration(values);
+    }
+}

src/main/java/net/hostsharing/hsadminng/config/AuthenticationFilter.java

@@ -0,0 +1,39 @@
+package net.hostsharing.hsadminng.config;
+
+import jakarta.servlet.Filter;
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletRequest;
+import jakarta.servlet.ServletResponse;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+import lombok.SneakyThrows;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AuthenticationFilter implements Filter {
+
+    @Autowired
+    private Authenticator authenticator;
+
+    @Override
+    @SneakyThrows
+    public void doFilter(final ServletRequest request, final ServletResponse response, final FilterChain chain) {
+        final var httpRequest = (HttpServletRequest) request;
+        final var httpResponse = (HttpServletResponse) response;
+
+        try {
+            final var currentSubject = authenticator.authenticate(httpRequest);
+
+            final var authenticatedRequest = new AuthenticatedHttpServletRequestWrapper(httpRequest);
+            authenticatedRequest.addHeader("current-subject", currentSubject);
+
+            chain.doFilter(authenticatedRequest, response);
+        } catch (final BadCredentialsException exc) {
+            // TODO.impl: should not be necessary if ResponseStatusException worked
+            httpResponse.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        }
+    }
+}

src/main/java/net/hostsharing/hsadminng/config/Authenticator.java

@@ -0,0 +1,8 @@
+package net.hostsharing.hsadminng.config;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+public interface Authenticator {
+
+    String authenticate(final HttpServletRequest httpRequest);
+}

src/main/java/net/hostsharing/hsadminng/config/CasAuthenticator.java

@@ -0,0 +1,71 @@
+package net.hostsharing.hsadminng.config;
+
+import io.micrometer.core.annotation.Timed;
+import lombok.SneakyThrows;
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.web.client.RestTemplate;
+import org.xml.sax.SAXException;
+
+import jakarta.servlet.http.HttpServletRequest;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
+import java.io.IOException;
+
+public class CasAuthenticator implements Authenticator {
+
+    @Value("${hsadminng.cas.server}")
+    private String casServerUrl;
+
+    @Value("${hsadminng.cas.service}")
+    private String serviceUrl;
+
+    private final RestTemplate restTemplate = new RestTemplate();
+
+    @SneakyThrows
+    @Timed("app.cas.authenticate")
+    public String authenticate(final HttpServletRequest httpRequest) {
+        final var userName = StringUtils.isBlank(casServerUrl)
+                ? bypassCurrentSubject(httpRequest)
+                : casValidation(httpRequest);
+        final var authentication = new UsernamePasswordAuthenticationToken(userName, null, null);
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+        return authentication.getName();
+    }
+
+    private static String bypassCurrentSubject(final HttpServletRequest httpRequest) {
+        final var userName = httpRequest.getHeader("current-subject");
+        System.err.println("CasAuthenticator.bypassCurrentSubject: " + userName);
+        return userName;
+    }
+
+    private String casValidation(final HttpServletRequest httpRequest)
+            throws SAXException, IOException, ParserConfigurationException {
+
+        System.err.println("CasAuthenticator.casValidation using CAS-server: " + casServerUrl);
+
+        final var ticket = httpRequest.getHeader("Authorization");
+        final var url = casServerUrl + "/p3/serviceValidate" +
+                "?service=" + serviceUrl +
+                "&ticket=" + ticket;
+
+        final var response = restTemplate.getForObject(url, String.class);
+
+        final var doc = DocumentBuilderFactory.newInstance().newDocumentBuilder()
+                .parse(new java.io.ByteArrayInputStream(response.getBytes()));
+        if (doc.getElementsByTagName("cas:authenticationSuccess").getLength() == 0) {
+            // TODO.impl: for unknown reasons, this results in a 403 FORBIDDEN
+            // throw new ResponseStatusException(HttpStatus.UNAUTHORIZED, "CAS service ticket could not be validated");
+            System.err.println("CAS service ticket could not be validated");
+            System.err.println("CAS-validation-URL: " + url);
+            System.err.println(response);
+            throw new BadCredentialsException("CAS service ticket could not be validated");
+        }
+        final var userName = doc.getElementsByTagName("cas:user").item(0).getTextContent();
+        System.err.println("CAS-user: " + userName);
+        return userName;
+    }
+}

src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java

@@ -5,6 +5,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
 
 @Configuration
@@ -22,6 +23,14 @@ public class WebSecurityConfig {
                         .requestMatchers("/actuator/**").permitAll()
                         .anyRequest().authenticated()
                 )
+                .csrf(AbstractHttpConfigurer::disable)
                 .build();
     }
+
+    @Bean
+    @Profile("!test")
+    public Authenticator casServiceTicketValidator() {
+        return new CasAuthenticator();
+    }
+
 }

src/main/java/net/hostsharing/hsadminng/ping/PingController.java

@@ -1,16 +1,22 @@
 package net.hostsharing.hsadminng.ping;
 
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 
+import jakarta.validation.constraints.NotNull;
+
 @Controller
 public class PingController {
 
     @ResponseBody
     @RequestMapping(value = "/api/ping", method = RequestMethod.GET)
-    public String ping() {
+    public String ping(
-        return "pong\n";
+            @RequestHeader(name = "current-subject") @NotNull String currentSubject,
+            @RequestHeader(name = "assumed-roles", required = false) String assumedRoles
+    ) {
+        return "pong " + currentSubject + "\n";
     }
 }

src/main/resources/application.yml

@@ -36,6 +36,9 @@ liquibase:
 hsadminng:
     postgres:
         leakproof:
+    cas:
+        server: https://login.hostsharing.net/cas # use empty string to bypass CAS-validation and directly use current-subject
+        service: https://hsadminng.hostsharing.net:443 # TODO.conf: deployment target + matching CAS service ID
 
 metrics:
     distribution:

src/test/java/net/hostsharing/hsadminng/config/CasAuthenticationFilterIntegrationTest.java

@@ -0,0 +1,88 @@
+package net.hostsharing.hsadminng.config;
+
+import com.github.tomakehurst.wiremock.WireMockServer;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpMethod;
+import org.springframework.http.HttpStatus;
+import org.springframework.test.context.ActiveProfiles;
+import org.springframework.test.context.TestPropertySource;
+
+import static net.hostsharing.hsadminng.config.HttpHeadersBuilder.headers;
+import static org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric;
+import static org.assertj.core.api.Assertions.assertThat;
+import static com.github.tomakehurst.wiremock.client.WireMock.*;
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@TestPropertySource(properties = "server.port=0")
+@ActiveProfiles("wiremock") // IMPORTANT: To test prod config, do not use test profile!
+class CasAuthenticationFilterIntegrationTest {
+
+    @Value("${local.server.port}")
+    private int serverPort;
+
+    @Value("${hsadminng.cas.service}")
+    private String serviceUrl;
+
+    @Autowired
+    private TestRestTemplate restTemplate;
+
+    @Autowired
+    private WireMockServer wireMockServer;
+
+    @Test
+    public void shouldAcceptRequest() {
+        // given
+        final var username = "test-user-" + randomAlphanumeric(4);
+        wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=" + serviceUrl + "&ticket=valid"))
+                .willReturn(aResponse()
+                        .withStatus(200)
+                        .withBody("""
+                                <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
+                                    <cas:authenticationSuccess>
+                                        <cas:user>%{username}</cas:user>
+                                    </cas:authenticationSuccess>
+                                </cas:serviceResponse>
+                                """.replace("%{username}", username)
+                        )));
+
+        // when
+        final var result = restTemplate.exchange(
+                "http://localhost:" + this.serverPort + "/api/ping",
+                HttpMethod.GET,
+                new HttpEntity<>(null, headers("Authorization", "valid")),
+                String.class
+        );
+
+        // then
+        assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
+        assertThat(result.getBody()).isEqualTo("pong " + username + "\n");
+    }
+
+    @Test
+    public void shouldRejectRequest() {
+        // given
+        wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=" + serviceUrl + "&ticket=invalid"))
+                .willReturn(aResponse()
+                        .withStatus(200)
+                        .withBody("""
+                                <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
+                                    <cas:authenticationFailure code="INVALID_REQUEST"></cas:authenticationFailure>
+                                </cas:serviceResponse>
+                                """)));
+
+        // when
+        final var result = restTemplate.exchange(
+                "http://localhost:" + this.serverPort + "/api/ping",
+                HttpMethod.GET,
+                new HttpEntity<>(null, headers("Authorization", "invalid")),
+                String.class
+        );
+
+        // then
+        assertThat(result.getStatusCode()).isEqualTo(HttpStatus.UNAUTHORIZED);
+    }
+}

src/test/java/net/hostsharing/hsadminng/config/CasAuthenticatorUnitTest.java

@@ -0,0 +1,28 @@
+package net.hostsharing.hsadminng.config;
+
+import org.junit.jupiter.api.Test;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+import static org.assertj.core.api.Assertions.assertThat;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.mock;
+
+class CasAuthenticatorUnitTest {
+
+    final CasAuthenticator casAuthenticator = new CasAuthenticator();
+
+    @Test
+    void bypassesAuthenticationIfNoCasServerIsConfigured() {
+
+        // given
+        final var request = mock(HttpServletRequest.class);
+        given(request.getHeader("current-subject")).willReturn("given-user");
+
+        // when
+        final var userName = casAuthenticator.authenticate(request);
+
+        // then
+        assertThat(userName).isEqualTo("given-user");
+    }
+}

src/test/java/net/hostsharing/hsadminng/config/CustomActuatorEndpointAcceptanceTest.java

@@ -2,13 +2,12 @@ package net.hostsharing.hsadminng.config;
 
 import io.restassured.RestAssured;
 import net.hostsharing.hsadminng.HsadminNgApplication;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.server.LocalManagementPort;
 import org.springframework.test.context.ActiveProfiles;
 
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 
 @SpringBootTest(
         webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,

src/test/java/net/hostsharing/hsadminng/config/DisableSecurityConfig.java

@@ -1,7 +1,8 @@
-package net.hostsharing.hsadminng.test;
+package net.hostsharing.hsadminng.config;
 
 import org.springframework.boot.test.context.TestConfiguration;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
 import org.springframework.security.web.SecurityFilterChain;
@@ -10,10 +11,17 @@ import org.springframework.security.web.SecurityFilterChain;
 public class DisableSecurityConfig {
 
     @Bean
+    @Profile("test")
     public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
         http
                 .authorizeHttpRequests(auth -> auth.anyRequest().permitAll())
                 .csrf(AbstractHttpConfigurer::disable);
         return http.build();
     }
+
+    @Bean
+    @Profile("test")
+    public Authenticator fakeAuthenticator() {
+        return new FakeAuthenticator();
+    }
 }

src/test/java/net/hostsharing/hsadminng/config/FakeAuthenticator.java

@@ -0,0 +1,14 @@
+package net.hostsharing.hsadminng.config;
+
+import lombok.SneakyThrows;
+
+import jakarta.servlet.http.HttpServletRequest;
+
+public class FakeAuthenticator implements Authenticator {
+
+    @Override
+    @SneakyThrows
+    public String authenticate(final HttpServletRequest httpRequest) {
+        return httpRequest.getHeader("current-subject");
+    }
+}

src/test/java/net/hostsharing/hsadminng/config/HttpHeadersBuilder.java

@@ -0,0 +1,12 @@
+package net.hostsharing.hsadminng.config;
+
+import org.springframework.http.HttpHeaders;
+
+public class HttpHeadersBuilder {
+
+    public static HttpHeaders headers(final String key, final String value) {
+        final var headers = new HttpHeaders();
+        headers.set(key, value);
+        return headers;
+    }
+}

src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java

@@ -2,20 +2,28 @@ package net.hostsharing.hsadminng.config;
 
 import java.util.Map;
 
+import com.github.tomakehurst.wiremock.WireMockServer;
 import org.junit.jupiter.api.Test;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.client.TestRestTemplate;
+import org.springframework.http.HttpEntity;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.TestPropertySource;
 
+import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
+import static com.github.tomakehurst.wiremock.client.WireMock.get;
+import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
 import static org.assertj.core.api.Assertions.assertThat;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 @TestPropertySource(properties = {"management.port=0", "server.port=0"})
-// IMPORTANT: To test prod config, do not use test profile!
+@ActiveProfiles("wiremock") // IMPORTANT: To test prod config, do not use test profile!
 class WebSecurityConfigIntegrationTest {
 
     @Value("${local.server.port}")
@@ -24,15 +32,44 @@ class WebSecurityConfigIntegrationTest {
     @Value("${local.management.port}")
     private int managementPort;
 
+    @Value("${hsadminng.cas.service}")
+    private String serviceUrl;
+
     @Autowired
     private TestRestTemplate restTemplate;
 
+    @Autowired
+    private WireMockServer wireMockServer;
+
     @Test
     public void shouldSupportPingEndpoint() {
-        final var result = this.restTemplate.getForEntity(
+        // given
-                "http://localhost:" + this.serverPort + "/api/ping", String.class);
+        wireMockServer.stubFor(get(urlEqualTo("/cas/p3/serviceValidate?service=" + serviceUrl + "&ticket=test-user"))
+                .willReturn(aResponse()
+                        .withStatus(200)
+                        .withBody("""
+                                <cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
+                                    <cas:authenticationSuccess>
+                                        <cas:user>test-user</cas:user>
+                                    </cas:authenticationSuccess>
+                                </cas:serviceResponse>
+                                """)));
+
+
+        // fake Authorization header
+        final var headers = new HttpHeaders();
+        headers.set("Authorization", "test-user");
+
+        // http request
+        final var result = restTemplate.exchange(
+                "http://localhost:" + this.serverPort + "/api/ping",
+                HttpMethod.GET,
+                new HttpEntity<>(null, headers),
+                String.class
+        );
+
         assertThat(result.getStatusCode()).isEqualTo(HttpStatus.OK);
-        assertThat(result.getBody()).startsWith("pong");
+        assertThat(result.getBody()).startsWith("pong test-user");
     }
 
     @Test

src/test/java/net/hostsharing/hsadminng/config/WireMockConfig.java

@@ -0,0 +1,21 @@
+package net.hostsharing.hsadminng.config;
+
+import com.github.tomakehurst.wiremock.WireMockServer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
+
+@Configuration
+@Profile("wiremock")
+public class WireMockConfig {
+
+    private static final WireMockServer wireMockServer = new WireMockServer(8088);
+
+    @Bean
+    public WireMockServer wireMockServer() {
+        if (!wireMockServer.isRunning()) {
+            wireMockServer.start();
+        }
+        return wireMockServer;
+    }
+}

src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java

@@ -12,7 +12,7 @@ import net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetRealRepository;
 import net.hostsharing.hsadminng.hs.hosting.asset.validators.Dns;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.jetbrains.annotations.NotNull;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.ClassOrderer;
@@ -38,7 +38,7 @@ import static java.util.Optional.ofNullable;
 import static net.hostsharing.hsadminng.hs.booking.item.HsBookingItemType.MANAGED_WEBSPACE;
 import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER;
 import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.UNIX_USER;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.matchesRegex;
 

src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java

@@ -6,7 +6,7 @@ import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealEntity;
 import net.hostsharing.hsadminng.hs.booking.project.HsBookingProjectRealRepository;
 import net.hostsharing.hsadminng.mapper.StrictMapper;
 import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
@@ -18,6 +18,7 @@ import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@@ -29,7 +30,7 @@ import java.time.LocalDate;
 import java.util.Map;
 import java.util.UUID;
 
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.hamcrest.Matchers.matchesRegex;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.mock;
@@ -41,6 +42,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @WebMvcTest(HsBookingItemController.class)
 @Import({StrictMapper.class, JsonObjectMapperConfiguration.class, DisableSecurityConfig.class})
 @RunWith(SpringRunner.class)
+@ActiveProfiles("test")
 class HsBookingItemControllerRestTest {
 
     @Autowired

src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java

@@ -6,7 +6,7 @@ import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.hs.booking.debitor.HsBookingDebitorRepository;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -19,7 +19,7 @@ import jakarta.persistence.EntityManager;
 import jakarta.persistence.PersistenceContext;
 import java.util.UUID;
 
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.matchesRegex;
 

src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java

@@ -14,7 +14,7 @@ import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealEntity;
 import net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealRepository;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.ClassOrderer;
 import org.junit.jupiter.api.Nested;
@@ -37,8 +37,8 @@ import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.EMAI
 import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_SERVER;
 import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.MANAGED_WEBSPACE;
 import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetType.UNIX_USER;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.strictlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.strictlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.matchesRegex;
 

src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java

@@ -11,7 +11,7 @@ import net.hostsharing.hsadminng.hs.booking.item.HsBookingItemRealRepository;
 import net.hostsharing.hsadminng.mapper.Array;
 import net.hostsharing.hsadminng.mapper.StandardMapper;
 import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -24,6 +24,7 @@ import org.springframework.boot.test.mock.mockito.MockBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Import;
 import org.springframework.http.MediaType;
+import org.springframework.test.context.ActiveProfiles;
 import org.springframework.test.context.junit4.SpringRunner;
 import org.springframework.test.web.servlet.MockMvc;
 import org.springframework.test.web.servlet.request.MockMvcRequestBuilders;
@@ -43,7 +44,7 @@ import static net.hostsharing.hsadminng.hs.booking.item.TestHsBookingItem.MANAGE
 import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetTestEntities.MANAGED_SERVER_HOSTING_ASSET_REAL_TEST_ENTITY;
 import static net.hostsharing.hsadminng.hs.hosting.asset.HsHostingAssetTestEntities.MANAGED_WEBSPACE_HOSTING_ASSET_REAL_TEST_ENTITY;
 import static net.hostsharing.hsadminng.hs.office.contact.HsOfficeContactRealTestEntity.TEST_REAL_CONTACT;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.Mockito.doNothing;
@@ -55,6 +56,7 @@ import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.
 @WebMvcTest(HsHostingAssetController.class)
 @Import({ StandardMapper.class, JsonObjectMapperConfiguration.class, DisableSecurityConfig.class })
 @RunWith(SpringRunner.class)
+@ActiveProfiles("test")
 public class HsHostingAssetControllerRestTest {
 
     @Autowired

src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetPropsControllerAcceptanceTest.java

@@ -3,13 +3,13 @@ package net.hostsharing.hsadminng.hs.hosting.asset;
 import io.restassured.RestAssured;
 import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.Test;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.web.server.LocalServerPort;
 import org.springframework.test.context.ActiveProfiles;
 
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 
 @SpringBootTest(
         webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT,

src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java

@@ -6,7 +6,7 @@ import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.json.JSONException;
 import org.junit.jupiter.api.*;
@@ -21,7 +21,7 @@ import jakarta.persistence.PersistenceContext;
 import java.util.UUID;
 
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.startsWith;

src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java

@@ -2,7 +2,7 @@ package net.hostsharing.hsadminng.hs.office.bankaccount;
 
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.mapper.StandardMapper;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.EnumSource;
 import org.springframework.beans.factory.annotation.Autowired;

src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java

@@ -6,7 +6,7 @@ import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.json.JSONException;
 import org.junit.jupiter.api.AfterEach;
@@ -27,7 +27,7 @@ import java.util.concurrent.ThreadLocalRandom;
 
 import static java.util.Map.entry;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.hasEntry;
 import static org.hamcrest.Matchers.is;

src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java

@@ -7,7 +7,7 @@ import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
@@ -26,7 +26,7 @@ import java.util.UUID;
 
 import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.DEPOSIT;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.startsWith;

src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java

@@ -8,7 +8,7 @@ import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
 import net.hostsharing.hsadminng.mapper.StrictMapper;
 import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
 import net.hostsharing.hsadminng.rbac.test.JsonBuilder;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import net.hostsharing.hsadminng.test.TestUuidGenerator;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
@@ -38,7 +38,7 @@ import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsT
 import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.REVERSAL;
 import static net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransactionType.TRANSFER;
 import static net.hostsharing.hsadminng.rbac.test.JsonBuilder.jsonObject;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.assertj.core.api.Assumptions.assumeThat;
 import static org.hamcrest.Matchers.is;

src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java

@@ -7,7 +7,7 @@ import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipRepository;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
@@ -25,7 +25,7 @@ import java.time.LocalDate;
 import java.util.UUID;
 
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.startsWith;

src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java

@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.hs.office.coopshares;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.mapper.StandardMapper;
 import net.hostsharing.hsadminng.rbac.test.JsonBuilder;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.EnumSource;
 import org.springframework.beans.factory.annotation.Autowired;

src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java

@@ -12,7 +12,7 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealRepository;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
@@ -29,7 +29,7 @@ import java.util.UUID;
 
 import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.DEBITOR;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;

src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java

@@ -8,7 +8,7 @@ import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerRepository;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.json.JSONException;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Nested;
@@ -27,7 +27,7 @@ import java.util.UUID;
 import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.ACTIVE;
 import static net.hostsharing.hsadminng.hs.office.membership.HsOfficeMembershipStatus.CANCELLED;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.*;
 

src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java

@@ -5,7 +5,7 @@ import net.hostsharing.hsadminng.hs.office.coopassets.HsOfficeCoopAssetsTransact
 import net.hostsharing.hsadminng.hs.office.partner.HsOfficePartnerEntity;
 import net.hostsharing.hsadminng.mapper.StandardMapper;
 import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -24,7 +24,7 @@ import java.util.Optional;
 import java.util.UUID;
 
 import static io.hypersistence.utils.hibernate.type.range.Range.localDateRange;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.is;

src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java

@@ -13,7 +13,7 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealReposito
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.*;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
@@ -25,7 +25,7 @@ import java.util.UUID;
 
 import static net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationType.EX_PARTNER;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.*;
 

src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java

@@ -7,7 +7,7 @@ import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealEntity;
 import net.hostsharing.hsadminng.hs.office.relation.HsOfficeRelationRealRepository;
 import net.hostsharing.hsadminng.mapper.StandardMapper;
 import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;

src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java

@@ -6,7 +6,7 @@ import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Nested;
@@ -22,7 +22,7 @@ import jakarta.persistence.PersistenceContext;
 import java.util.UUID;
 
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.*;
 

src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java

@@ -9,7 +9,7 @@ import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.hs.office.generated.api.v1.model.HsOfficeRelationTypeResource;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -21,7 +21,7 @@ import org.springframework.transaction.annotation.Transactional;
 import java.util.UUID;
 
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.startsWith;

src/test/java/net/hostsharing/hsadminng/hs/office/scenarios/HsOfficeScenarioTests.java

@@ -39,7 +39,7 @@ import net.hostsharing.hsadminng.hs.scenarios.Produces;
 import net.hostsharing.hsadminng.hs.scenarios.Requires;
 import net.hostsharing.hsadminng.hs.scenarios.ScenarioTest;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import net.hostsharing.hsadminng.test.IgnoreOnFailureExtension;
 import org.junit.jupiter.api.ClassOrderer;
 import org.junit.jupiter.api.Disabled;

src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java

@@ -8,7 +8,7 @@ import net.hostsharing.hsadminng.hs.office.bankaccount.HsOfficeBankAccountReposi
 import net.hostsharing.hsadminng.hs.office.debitor.HsOfficeDebitorRepository;
 import net.hostsharing.hsadminng.rbac.test.ContextBasedTestWithCleanup;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;
@@ -26,7 +26,7 @@ import java.util.UUID;
 
 import static java.util.Optional.ofNullable;
 import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid;
-import static net.hostsharing.hsadminng.rbac.test.JsonMatcher.lenientlyEquals;
+import static net.hostsharing.hsadminng.test.JsonMatcher.lenientlyEquals;
 import static org.assertj.core.api.Assertions.assertThat;
 import static org.hamcrest.Matchers.*;
 

src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java

@@ -10,7 +10,7 @@ import net.hostsharing.hsadminng.rbac.role.RbacRoleRepository;
 import net.hostsharing.hsadminng.rbac.subject.RbacSubjectEntity;
 import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;

src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java

@@ -4,7 +4,7 @@ import io.restassured.RestAssured;
 import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.rbac.subject.RbacSubjectRepository;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;

src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java

@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.rbac.role;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.mapper.StandardMapper;
 import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.runner.RunWith;

src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java

@@ -5,7 +5,7 @@ import io.restassured.http.ContentType;
 import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;

src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerRestTest.java

@@ -3,7 +3,7 @@ package net.hostsharing.hsadminng.rbac.subject;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.mapper.StandardMapper;
 import net.hostsharing.hsadminng.persistence.EntityManagerWrapper;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.Test;
 import org.junit.runner.RunWith;
 import org.springframework.beans.factory.annotation.Autowired;

src/test/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerControllerAcceptanceTest.java

@@ -5,7 +5,7 @@ import io.restassured.http.ContentType;
 import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.rbac.test.JpaAttempt;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Nested;

src/test/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageControllerAcceptanceTest.java

@@ -4,7 +4,7 @@ import io.restassured.RestAssured;
 import io.restassured.http.ContentType;
 import net.hostsharing.hsadminng.HsadminNgApplication;
 import net.hostsharing.hsadminng.context.Context;
-import net.hostsharing.hsadminng.test.DisableSecurityConfig;
+import net.hostsharing.hsadminng.config.DisableSecurityConfig;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.jupiter.api.Nested;
 import org.junit.jupiter.api.Test;

src/test/java/net/hostsharing/hsadminng/test/JsonMatcher.java

@@ -1,4 +1,4 @@
-package net.hostsharing.hsadminng.rbac.test;
+package net.hostsharing.hsadminng.test;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;

src/test/resources/application.yml

@@ -51,3 +51,7 @@ testcontainers:
     network:
         mode: host
 
+hsadminng:
+    cas:
+        server: http://localhost:8088/cas # mocked via WireMock
+        service: http://localhost:8080/api # must match service used in WireMock mock response