test(04-02): adapt all ITs for JWT auth and add 4 security integration tests

- Replace TestSecurityConfig permit-all with real SecurityConfig active in tests - Create TestSecurityHelper for JWT-authenticated test requests - Update 15 existing ITs to use JWT Bearer auth and bootstrap token headers - Add SecurityFilterIT: protected/public endpoint access control (6 tests) - Add BootstrapTokenIT: registration requires valid bootstrap token (4 tests) - Add RegistrationSecurityIT: registration returns tokens + public key (3 tests) - Add JwtRefreshIT: refresh flow with valid/invalid/mismatched tokens (5 tests) - Add /error to SecurityConfig permitAll for proper error page forwarding - Exclude register and refresh paths from ProtocolVersionInterceptor - All 91 tests pass (18 new security + 73 existing) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 20:38:28 +01:00
parent 45f0241079
commit 539b85f307
22 changed files with 783 additions and 243 deletions
--- a/cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java
+++ b/cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java
@@ -0,0 +1,68 @@
+package com.cameleer3.server.app;
+
+import com.cameleer3.server.core.agent.AgentRegistryService;
+import com.cameleer3.server.core.security.JwtService;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.stereotype.Component;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * Test utility for creating JWT-authenticated requests in integration tests.
+ * <p>
+ * Registers a test agent and issues a JWT access token that can be used
+ * to authenticate against protected endpoints.
+ */
+@Component
+public class TestSecurityHelper {
+
+    private final JwtService jwtService;
+    private final AgentRegistryService agentRegistryService;
+
+    public TestSecurityHelper(JwtService jwtService, AgentRegistryService agentRegistryService) {
+        this.jwtService = jwtService;
+        this.agentRegistryService = agentRegistryService;
+    }
+
+    /**
+     * Registers a test agent and returns a valid JWT access token for it.
+     */
+    public String registerTestAgent(String agentId) {
+        agentRegistryService.register(agentId, "test", "test-group", "1.0", List.of(), Map.of());
+        return jwtService.createAccessToken(agentId, "test-group");
+    }
+
+    /**
+     * Returns HttpHeaders with JWT Bearer authorization, protocol version, and JSON content type.
+     */
+    public HttpHeaders authHeaders(String jwt) {
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("Authorization", "Bearer " + jwt);
+        headers.set("X-Cameleer-Protocol-Version", "1");
+        headers.setContentType(MediaType.APPLICATION_JSON);
+        return headers;
+    }
+
+    /**
+     * Returns HttpHeaders with JWT Bearer authorization and protocol version (no content type).
+     */
+    public HttpHeaders authHeadersNoBody(String jwt) {
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("Authorization", "Bearer " + jwt);
+        headers.set("X-Cameleer-Protocol-Version", "1");
+        return headers;
+    }
+
+    /**
+     * Returns HttpHeaders with bootstrap token authorization, protocol version, and JSON content type.
+     */
+    public HttpHeaders bootstrapHeaders() {
+        HttpHeaders headers = new HttpHeaders();
+        headers.set("Authorization", "Bearer test-bootstrap-token");
+        headers.set("X-Cameleer-Protocol-Version", "1");
+        headers.setContentType(MediaType.APPLICATION_JSON);
+        return headers;
+    }
+}