From d23b899f002fb1821c246c8c098338a7eb8b4495 Mon Sep 17 00:00:00 2001
From: hsiegeln <37154749+hsiegeln@users.noreply.github.com>
Date: Mon, 16 Mar 2026 21:01:57 +0100
Subject: [PATCH] fix: prefix user tokens with 'user:' for
 JwtAuthenticationFilter routing

---
 .../java/com/cameleer3/server/app/TestSecurityHelper.java  | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java b/cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java
index 97df1b83..bafe8d0a 100644
--- a/cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java
+++ b/cameleer3-server-app/src/test/java/com/cameleer3/server/app/TestSecurityHelper.java
@@ -45,21 +45,22 @@ public class TestSecurityHelper {
      * Returns a valid JWT access token with OPERATOR role.
      */
     public String operatorToken() {
-        return jwtService.createAccessToken("test-operator", "user", List.of("OPERATOR"));
+        // Subject must start with "user:" for JwtAuthenticationFilter to treat it as a UI user token
+        return jwtService.createAccessToken("user:test-operator", "user", List.of("OPERATOR"));
     }
 
     /**
      * Returns a valid JWT access token with ADMIN role.
      */
     public String adminToken() {
-        return jwtService.createAccessToken("test-admin", "user", List.of("ADMIN"));
+        return jwtService.createAccessToken("user:test-admin", "user", List.of("ADMIN"));
     }
 
     /**
      * Returns a valid JWT access token with VIEWER role.
      */
     public String viewerToken() {
-        return jwtService.createAccessToken("test-viewer", "user", List.of("VIEWER"));
+        return jwtService.createAccessToken("user:test-viewer", "user", List.of("VIEWER"));
     }
 
     /**