539b85f307
- Replace TestSecurityConfig permit-all with real SecurityConfig active in tests - Create TestSecurityHelper for JWT-authenticated test requests - Update 15 existing ITs to use JWT Bearer auth and bootstrap token headers - Add SecurityFilterIT: protected/public endpoint access control (6 tests) - Add BootstrapTokenIT: registration requires valid bootstrap token (4 tests) - Add RegistrationSecurityIT: registration returns tokens + public key (3 tests) - Add JwtRefreshIT: refresh flow with valid/invalid/mismatched tokens (5 tests) - Add /error to SecurityConfig permitAll for proper error page forwarding - Exclude register and refresh paths from ProtocolVersionInterceptor - All 91 tests pass (18 new security + 73 existing) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>