remove current-subject from OpenAPI header specs, use Authorization instead (#164)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/164
Reviewed-by: Timotheus Pokorra <timotheus.pokorra@hostsharing.net>

README.md

@@ -91,17 +91,15 @@ Next, compile and run the application on `localhost:8080` and the management ser
     export HSADMINNG_CAS_SERVER=
 
     # this runs the application with test-data and all modules:
-    gw bootRun --args='--spring.profiles.active=dev,complete,test-data'
+    gw bootRun --args='--spring.profiles.active=dev,fakeCasAuthenticator,complete,test-data'
 
 The meaning of these profiles is:
 
 - **dev**: the PostgreSQL users are created via Liquibase
+- **fakeCasAuthenticator**: The username is simply taken from whatever is after "Bearer " in the "Authorization" header.
 - **complete**: all modules are started
 - **test-data**: some test data inserted 
 
-Running just `gw bootRun` would just run the *office* module, not insert any test-data and
-require the PostgreSQL users created in the database (see env-vars in `.aliases`).
-
 Now we can access the REST API, e.g. using curl:
 
     # the following command should reply with "pong":
@@ -109,19 +107,19 @@ Now we can access the REST API, e.g. using curl:
 
     # the following command should return a JSON array with just all customers:
     curl -f -s\
-        -H 'current-subject: superuser-alex@hostsharing.net' \
+        -H 'Authorization: Bearer superuser-alex@hostsharing.net' \
         http://localhost:8080/api/test/customers \
     | jq # just if `jq` is installed, to prettyprint the output
 
     # the following command should return a JSON array with just all packages visible for the admin of the customer yyy:
     curl -f -s\
-        -H 'current-subject: superuser-alex@hostsharing.net' -H 'assumed-roles: rbactest.customer#yyy:ADMIN' \
+        -H 'Authorization: Bearer superuser-alex@hostsharing.net' -H 'assumed-roles: rbactest.customer#yyy:ADMIN' \
         http://localhost:8080/api/test/packages \
     | jq
 
     # add a new customer
     curl -f -s\
-        -H 'current-subject: superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
+        -H 'Authorization: Bearer superuser-alex@hostsharing.net' -H "Content-Type: application/json" \
         -d '{ "prefix":"ttt", "reference":80001, "adminUserName":"admin@ttt.example.com" }' \
         -X POST http://localhost:8080/api/test/customers \
     | jq
@@ -137,6 +135,14 @@ For a locally running app without CAS-authentication (export HSADMINNG_CAS_SERVE
 authorize using the name of the subject (e.g. "superuser-alex@hostsharing.net" in case of test-data).
 Otherwise, use a valid CAS-ticket.
 
+If you want to run the application with real CAS-Authentication:
+
+    # set the CAS-SERVER-Root, also see `bin/cas-curl`.
+    export HSADMINNG_CAS_SERVER=https://login.hostsharing.net # or whatever your CAS-Server-URL you want to use
+
+    # run the application against the real CAS authenticator
+    gw bootRun --args='--spring.profiles.active=dev,realCasAuthenticator,complete,test-data'
+
 
 ### PostgreSQL Server
 
@@ -673,7 +679,7 @@ Add `' --debug-jvm` to the command line:
 
 
 ```sh
-gw bootRun --debug-jvm
+gw bootRun ... --debug-jvm
 ```
 
 At the very beginning, the application is going to wait for a debugger with a message like this:

bin/cas-curl

@@ -131,6 +131,15 @@ function casTicket() {
   echo $HSADMINNG_CAS_TICKET
 }
 
+function casTgt() {
+  HSADMINNG_CAS_TGT=$(<~/.cas-login-tgt)
+    if [[ -z "$HSADMINNG_CAS_TGT" ]]; then
+      echo "ERROR: cannot get CAS ticket granting ticket for $HSADMINNG_CAS_USERNAME" >&2
+      exit 1
+    fi
+    echo "CAS-TGT: $HSADMINNG_CAS_TGT"
+}
+
 function casValidate() {
   HSADMINNG_CAS_TICKET=`casTicket`
 
@@ -191,6 +200,9 @@ case "${1,,}" in
   "unassume") ## do not assume any particular role anymore, use the plain user as RBAC subject
     rm ~/.cas-curl-assume
     ;;
+  "tgt") ## prints the current ticket granting ticket
+    casTgt
+    ;;
   "validate") ## validates current ticket granting ticket and prints currently logged in user
     casValidate
     ;;

src/main/java/net/hostsharing/hsadminng/config/CasAuthenticationFilter.java

@@ -2,6 +2,8 @@ package net.hostsharing.hsadminng.config;
 
 import lombok.AllArgsConstructor;
 import lombok.SneakyThrows;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.OncePerRequestFilter;
 
 import jakarta.servlet.FilterChain;
@@ -24,7 +26,8 @@ public class CasAuthenticationFilter extends OncePerRequestFilter {
         if (request.getHeader("authorization") != null) {
             final var authenticatedRequest = new AuthenticatedHttpServletRequestWrapper(request);
             final var currentSubject = authenticator.authenticate(request);
-            authenticatedRequest.addHeader("current-subject", currentSubject);
+            final var authentication = new UsernamePasswordAuthenticationToken(currentSubject, null, null);
+            SecurityContextHolder.getContext().setAuthentication(authentication);
             filterChain.doFilter(authenticatedRequest, response);
         } else {
             filterChain.doFilter(request, response);

src/main/java/net/hostsharing/hsadminng/config/FakeCasAuthenticator.java

@@ -9,6 +9,6 @@ public class FakeCasAuthenticator implements CasAuthenticator {
     @Override
     @SneakyThrows
     public String authenticate(final HttpServletRequest httpRequest) {
-        return httpRequest.getHeader("current-subject");
+        return httpRequest.getHeader("Authorization").replaceAll("^Bearer ", "");
     }
 }

src/main/java/net/hostsharing/hsadminng/config/RealCasAuthenticator.java

@@ -2,11 +2,8 @@ package net.hostsharing.hsadminng.config;
 
 import io.micrometer.core.annotation.Timed;
 import lombok.SneakyThrows;
-import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.util.LinkedMultiValueMap;
 import org.springframework.web.client.RestTemplate;
 import org.w3c.dom.Document;
@@ -16,7 +13,6 @@ import jakarta.servlet.http.HttpServletRequest;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
 import java.io.IOException;
-import java.util.function.Supplier;
 
 public class RealCasAuthenticator implements CasAuthenticator {
 
@@ -31,23 +27,6 @@ public class RealCasAuthenticator implements CasAuthenticator {
     @SneakyThrows
     @Timed("app.cas.authenticate")
     public String authenticate(final HttpServletRequest httpRequest) {
-        final var userName = StringUtils.isBlank(casServerUrl)
-                ? bypassCurrentSubject(httpRequest)
-                : casAuthentication(httpRequest);
-        final var authentication = new UsernamePasswordAuthenticationToken(userName, null, null);
-        SecurityContextHolder.getContext().setAuthentication(authentication);
-        return authentication.getName();
-    }
-
-    private static String bypassCurrentSubject(final HttpServletRequest httpRequest) {
-        final var userName = httpRequest.getHeader("authorization").replaceAll("^Bearer ", "");
-        System.err.println("CasAuthenticator.bypassCurrentSubject: " + userName);
-        return userName;
-    }
-
-    private String casAuthentication(final HttpServletRequest httpRequest)
-            throws SAXException, IOException, ParserConfigurationException {
-
         final var ticket = httpRequest.getHeader("authorization").replaceAll("^Bearer ", "");
         final var serviceTicket = ticket.startsWith("TGT-")
                 ? fetchServiceTicket(ticket)
@@ -76,7 +55,7 @@ public class RealCasAuthenticator implements CasAuthenticator {
                 "?service=" + serviceUrl +
                 "&ticket=" + serviceTicket;
 
-        final var response = ((Supplier<String>) () -> restTemplate.getForObject(url, String.class)).get();
+        final var response = restTemplate.getForObject(url, String.class);
 
         return DocumentBuilderFactory.newInstance().newDocumentBuilder()
                 .parse(new java.io.ByteArrayInputStream(response.getBytes()));
@@ -93,8 +72,7 @@ public class RealCasAuthenticator implements CasAuthenticator {
         return verification.getElementsByTagName("cas:user").item(0).getTextContent();
     }
 
-    private String throwBadCredentialsException(final String message) {
+    private void throwBadCredentialsException(final String message) {
         throw new BadCredentialsException(message);
     }
-
 }

src/main/java/net/hostsharing/hsadminng/config/WebSecurityConfig.java

@@ -22,9 +22,6 @@ import jakarta.servlet.http.HttpServletResponse;
 @SecurityScheme(type = SecuritySchemeType.HTTP, name = "casTicket", scheme = "bearer", bearerFormat = "CAS ticket", description = "CAS ticket", in = SecuritySchemeIn.HEADER)
 public class WebSecurityConfig {
 
-    private static final String[] PERMITTED_PATHS = new String[] { "/swagger-ui/**", "/v3/api-docs/**", "/actuator/**" };
-    private static final String[] AUTHENTICATED_PATHS = new String[] { "/api/**" };
-
     @Lazy
     @Autowired
     private CasAuthenticationFilter authenticationFilter;
@@ -34,8 +31,13 @@ public class WebSecurityConfig {
     public SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exception {
         return http
                 .authorizeHttpRequests(authorize -> authorize
-                        .requestMatchers(PERMITTED_PATHS).permitAll()
+                        .requestMatchers(
-                        .requestMatchers(AUTHENTICATED_PATHS).authenticated()
+                                "/swagger-ui/**",
+                                "/v3/api-docs/**",
+                                "/actuator/**",
+                                "/api/hs/hosting/asset-types/**"
+                        ).permitAll()
+                        .requestMatchers("/api/**").authenticated()
                         .anyRequest().denyAll()
                 )
                 .addFilterBefore(authenticationFilter, AuthenticationFilter.class)
@@ -51,11 +53,17 @@ public class WebSecurityConfig {
     }
 
     @Bean
-    @Profile("!test")
+    @Profile("realCasAuthenticator")
-    public CasAuthenticator casServiceTicketValidator() {
+    public CasAuthenticator realCasServiceTicketValidator() {
         return new RealCasAuthenticator();
     }
 
+    @Bean
+    @Profile("fakeCasAuthenticator")
+    public CasAuthenticator fakeCasServiceTicketValidator() {
+        return new FakeCasAuthenticator();
+    }
+
     @Bean
     public CasAuthenticationFilter authenticationFilter(final CasAuthenticator authenticator) {
         return new CasAuthenticationFilter(authenticator);

src/main/java/net/hostsharing/hsadminng/context/Context.java

@@ -4,6 +4,7 @@ import lombok.AllArgsConstructor;
 import lombok.SneakyThrows;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.context.request.RequestContextHolder;
@@ -47,6 +48,12 @@ public class Context {
         define(toTask(request), toCurl(request), currentSubject, assumedRoles);
     }
 
+    @Transactional(propagation = MANDATORY)
+    public void assumeRoles(final String assumedRoles) {
+        final var currentSubject = SecurityContextHolder.getContext().getAuthentication().getName();
+        define(toTask(request), toCurl(request), currentSubject, assumedRoles);
+    }
+
     @Transactional(propagation = MANDATORY)
     public void define(
             final String currentTask,

src/main/java/net/hostsharing/hsadminng/context/HttpServletRequestWithCachedBody.java

@@ -21,12 +21,12 @@ public class HttpServletRequestWithCachedBody extends HttpServletRequestWrapper
     }
 
     @Override
-    public ServletInputStream getInputStream() throws IOException {
+    public ServletInputStream getInputStream() {
         return new HttpServletRequestBodyCache(this.cachedBody);
     }
 
     @Override
-    public BufferedReader getReader() throws IOException {
+    public BufferedReader getReader() {
         ByteArrayInputStream byteArrayInputStream = new ByteArrayInputStream(this.cachedBody);
         return new BufferedReader(new InputStreamReader(byteArrayInputStream));
     }

src/main/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemController.java

@@ -58,10 +58,9 @@ public class HsBookingItemController implements HsBookingItemsApi {
     @Transactional(readOnly = true)
     @Timed("app.bookingItems.api.getListOfBookingItemsByProjectUuid")
     public ResponseEntity<List<HsBookingItemResource>> getListOfBookingItemsByProjectUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID projectUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = bookingItemRepo.findAllByProjectUuid(projectUuid);
 
@@ -73,11 +72,10 @@ public class HsBookingItemController implements HsBookingItemsApi {
     @Transactional
     @Timed("app.bookingItems.api.postNewBookingItem")
     public ResponseEntity<HsBookingItemResource> postNewBookingItem(
-            final String currentSubject,
             final String assumedRoles,
             final HsBookingItemInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entityToSave = mapper.map(body, HsBookingItemRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
         final var saveProcessor = new BookingItemEntitySaveProcessor(em, entityToSave);
@@ -103,11 +101,10 @@ public class HsBookingItemController implements HsBookingItemsApi {
     @Transactional(readOnly = true)
     @Timed("app.bookingItems.api.getSingleBookingItemByUuid")
     public ResponseEntity<HsBookingItemResource> getSingleBookingItemByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID bookingItemUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = bookingItemRepo.findByUuid(bookingItemUuid);
         result.ifPresent(entity -> em.detach(entity)); // prevent further LAZY-loading
@@ -121,10 +118,9 @@ public class HsBookingItemController implements HsBookingItemsApi {
     @Transactional
     @Timed("app.bookingItems.api.deleteBookingIemByUuid")
     public ResponseEntity<Void> deleteBookingIemByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID bookingItemUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = bookingItemRepo.deleteByUuid(bookingItemUuid);
         return result == 0
@@ -136,12 +132,11 @@ public class HsBookingItemController implements HsBookingItemsApi {
     @Transactional
     @Timed("app.bookingItems.api.patchBookingItem")
     public ResponseEntity<HsBookingItemResource> patchBookingItem(
-            final String currentSubject,
             final String assumedRoles,
             final UUID bookingItemUuid,
             final HsBookingItemPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = bookingItemRepo.findByUuid(bookingItemUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectController.java

@@ -42,10 +42,9 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
     @Transactional(readOnly = true)
     @Timed("app.bookingProjects.api.getListOfBookingProjectsByDebitorUuid")
     public ResponseEntity<List<HsBookingProjectResource>> getListOfBookingProjectsByDebitorUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID debitorUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = bookingProjectRepo.findAllByDebitorUuid(debitorUuid);
 
@@ -57,11 +56,10 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
     @Transactional
     @Timed("app.bookingProjects.api.postNewBookingProject")
     public ResponseEntity<HsBookingProjectResource> postNewBookingProject(
-            final String currentSubject,
             final String assumedRoles,
             final HsBookingProjectInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entityToSave = mapper.map(body, HsBookingProjectRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
 
@@ -80,11 +78,10 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
     @Transactional(readOnly = true)
     @Timed("app.bookingProjects.api.getBookingProjectByUuid")
     public ResponseEntity<HsBookingProjectResource> getBookingProjectByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID bookingProjectUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = bookingProjectRepo.findByUuid(bookingProjectUuid);
         return result
@@ -97,10 +94,9 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
     @Transactional
     @Timed("app.bookingProjects.api.deleteBookingIemByUuid")
     public ResponseEntity<Void> deleteBookingIemByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID bookingProjectUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = bookingProjectRepo.deleteByUuid(bookingProjectUuid);
         return result == 0
@@ -112,12 +108,11 @@ public class HsBookingProjectController implements HsBookingProjectsApi {
     @Transactional
     @Timed("app.bookingProjects.api.patchBookingProject")
     public ResponseEntity<HsBookingProjectResource> patchBookingProject(
-            final String currentSubject,
             final String assumedRoles,
             final UUID bookingProjectUuid,
             final HsBookingProjectPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = bookingProjectRepo.findByUuid(bookingProjectUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetController.java

@@ -55,12 +55,11 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
     @Transactional(readOnly = true)
     @Timed("app.hosting.assets.api.getListOfHostingAssets")
     public ResponseEntity<List<HsHostingAssetResource>> getListOfHostingAssets(
-            final String currentSubject,
             final String assumedRoles,
             final UUID debitorUuid,
             final UUID parentAssetUuid,
             final HsHostingAssetTypeResource type) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = rbacAssetRepo.findAllByCriteria(debitorUuid, parentAssetUuid, HsHostingAssetType.of(type));
 
@@ -73,11 +72,10 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
     @Transactional
     @Timed("app.hosting.assets.api.postNewHostingAsset")
     public ResponseEntity<HsHostingAssetResource> postNewHostingAsset(
-            final String currentSubject,
             final String assumedRoles,
             final HsHostingAssetInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entity = mapper.map(body, HsHostingAssetRbacEntity.class, RESOURCE_TO_ENTITY_POSTMAPPER);
 
@@ -102,11 +100,10 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
     @Transactional(readOnly = true)
     @Timed("app.hosting.assets.api.getSingleHostingAssetByUuid")
     public ResponseEntity<HsHostingAssetResource> getSingleHostingAssetByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID assetUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = rbacAssetRepo.findByUuid(assetUuid);
         return result
@@ -119,10 +116,9 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
     @Transactional
     @Timed("app.hosting.assets.api.deleteHostingAssetByUuid")
     public ResponseEntity<Void> deleteHostingAssetByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID assetUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = rbacAssetRepo.deleteByUuid(assetUuid);
         return result == 0
@@ -134,12 +130,11 @@ public class HsHostingAssetController implements HsHostingAssetsApi {
     @Transactional
     @Timed("app.hosting.assets.api.patchHostingAsset")
     public ResponseEntity<HsHostingAssetResource> patchHostingAsset(
-            final String currentSubject,
             final String assumedRoles,
             final UUID assetUuid,
             final HsHostingAssetPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entity = rbacAssetRepo.findByUuid(assetUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountController.java

@@ -35,10 +35,9 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.bankAccounts.api.patchDebitor")
     public ResponseEntity<List<HsOfficeBankAccountResource>> getListOfBankAccounts(
-            final String currentSubject,
             final String assumedRoles,
             final String holder) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = bankAccountRepo.findByOptionalHolderLike(holder);
 
@@ -50,11 +49,10 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
     @Transactional
     @Timed("app.office.bankAccounts.api.postNewBankAccount")
     public ResponseEntity<HsOfficeBankAccountResource> postNewBankAccount(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficeBankAccountInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         IbanUtil.validate(body.getIban());
         BicUtil.validate(body.getBic());
@@ -77,11 +75,10 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.bankAccounts.api.getSingleBankAccountByUuid")
     public ResponseEntity<HsOfficeBankAccountResource> getSingleBankAccountByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID bankAccountUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = bankAccountRepo.findByUuid(bankAccountUuid);
         if (result.isEmpty()) {
@@ -94,10 +91,9 @@ public class HsOfficeBankAccountController implements HsOfficeBankAccountsApi {
     @Transactional
     @Timed("app.office.bankAccounts.api.deleteBankAccountByUuid")
     public ResponseEntity<Void> deleteBankAccountByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID BankAccountUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = bankAccountRepo.deleteByUuid(BankAccountUuid);
         if (result == 0) {

src/main/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactController.java

@@ -48,11 +48,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.contacts.api.getListOfContacts")
     public ResponseEntity<List<HsOfficeContactResource>> getListOfContacts(
-            final String currentSubject,
             final String assumedRoles,
             final String caption,
             final String emailAddress) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         validate("caption, emailAddress").atMaxOne(caption, emailAddress);
         final var entities = emailAddress != null
@@ -67,11 +66,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
     @Transactional
     @Timed("app.office.contacts.api.postNewContact")
     public ResponseEntity<HsOfficeContactResource> postNewContact(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficeContactInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entityToSave = mapper.map(body, HsOfficeContactRbacEntity.class);
 
@@ -90,11 +88,10 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.contacts.api.getSingleContactByUuid")
     public ResponseEntity<HsOfficeContactResource> getSingleContactByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID contactUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = contactRepo.findByUuid(contactUuid);
         if (result.isEmpty()) {
@@ -107,10 +104,9 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
     @Transactional
     @Timed("app.office.contacts.api.deleteContactByUuid")
     public ResponseEntity<Void> deleteContactByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID contactUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = contactRepo.deleteByUuid(contactUuid);
         if (result == 0) {
@@ -124,12 +120,11 @@ public class HsOfficeContactController implements HsOfficeContactsApi {
     @Transactional
     @Timed("app.office.contacts.api.patchContact")
     public ResponseEntity<HsOfficeContactResource> patchContact(
-            final String currentSubject,
             final String assumedRoles,
             final UUID contactUuid,
             final HsOfficeContactPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = contactRepo.findByUuid(contactUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionController.java

@@ -60,12 +60,11 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
     @Transactional(readOnly = true)
     @Timed("app.office.coopAssets.api.getListOfCoopAssets")
     public ResponseEntity<List<HsOfficeCoopAssetsTransactionResource>> getListOfCoopAssets(
-            final String currentSubject,
             final String assumedRoles,
             final UUID membershipUuid,
             final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate,
             final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = coopAssetsTransactionRepo.findCoopAssetsTransactionByOptionalMembershipUuidAndDateRange(
                 membershipUuid,
@@ -83,11 +82,10 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
     @Transactional
     @Timed("app.office.coopAssets.api.postNewCoopAssetTransaction")
     public ResponseEntity<HsOfficeCoopAssetsTransactionResource> postNewCoopAssetTransaction(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficeCoopAssetsTransactionInsertResource requestBody) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
         validate(requestBody);
 
         final var entityToSave = mapper.map(
@@ -109,9 +107,9 @@ public class HsOfficeCoopAssetsTransactionController implements HsOfficeCoopAsse
     @Transactional(readOnly = true)
     @Timed("app.office.coopAssets.api.getSingleCoopAssetTransactionByUuid")
     public ResponseEntity<HsOfficeCoopAssetsTransactionResource> getSingleCoopAssetTransactionByUuid(
-            final String currentSubject, final String assumedRoles, final UUID assetTransactionUuid) {
+            final String assumedRoles, final UUID assetTransactionUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = coopAssetsTransactionRepo.findByUuid(assetTransactionUuid);
         if (result.isEmpty()) {

src/main/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionController.java

@@ -47,12 +47,11 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
     @Transactional(readOnly = true)
     @Timed("app.office.coopShares.api.getListOfCoopShares")
     public ResponseEntity<List<HsOfficeCoopSharesTransactionResource>> getListOfCoopShares(
-            final String currentSubject,
             final String assumedRoles,
             final UUID membershipUuid,
             final @DateTimeFormat(iso = ISO.DATE) LocalDate fromValueDate,
             final @DateTimeFormat(iso = ISO.DATE) LocalDate toValueDate) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = coopSharesTransactionRepo.findCoopSharesTransactionByOptionalMembershipUuidAndDateRange(
                 membershipUuid,
@@ -70,11 +69,10 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
     @Transactional
     @Timed("app.office.coopShares.repo.postNewCoopSharesTransaction")
     public ResponseEntity<HsOfficeCoopSharesTransactionResource> postNewCoopSharesTransaction(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficeCoopSharesTransactionInsertResource requestBody) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
         validate(requestBody);
 
         final var entityToSave = mapper.map(
@@ -97,9 +95,9 @@ public class HsOfficeCoopSharesTransactionController implements HsOfficeCoopShar
     @Transactional(readOnly = true)
     @Timed("app.office.coopShares.repo.getSingleCoopShareTransactionByUuid")
     public ResponseEntity<HsOfficeCoopSharesTransactionResource> getSingleCoopShareTransactionByUuid(
-            final String currentSubject, final String assumedRoles, final UUID shareTransactionUuid) {
+            final String assumedRoles, final UUID shareTransactionUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = coopSharesTransactionRepo.findByUuid(shareTransactionUuid);
         if (result.isEmpty()) {

src/main/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorController.java

@@ -64,12 +64,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.debitors.api.getListOfDebitors")
     public ResponseEntity<List<HsOfficeDebitorResource>> getListOfDebitors(
-            final String currentSubject,
             final String assumedRoles,
             final String name,
             final UUID partnerUuid,
             final String partnerNumber) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = partnerNumber != null
                 ? debitorRepo.findDebitorsByPartnerNumber(cropTag("P-", partnerNumber))
@@ -85,11 +84,10 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
     @Transactional
     @Timed("app.office.debitors.api.postNewDebitor")
     public ResponseEntity<HsOfficeDebitorResource> postNewDebitor(
-            String currentSubject,
             String assumedRoles,
             HsOfficeDebitorInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         Validate.isTrue(
                 body.getDebitorRel() == null || body.getDebitorRelUuid() == null,
@@ -118,11 +116,10 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.debitors.api.getSingleDebitorByUuid")
     public ResponseEntity<HsOfficeDebitorResource> getSingleDebitorByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID debitorUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = debitorRepo.findByUuid(debitorUuid);
         if (result.isEmpty()) {
@@ -135,11 +132,10 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.debitors.api.getSingleDebitorByDebitorNumber")
     public ResponseEntity<HsOfficeDebitorResource> getSingleDebitorByDebitorNumber(
-            final String currentSubject,
             final String assumedRoles,
             final Integer debitorNumber) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = debitorRepo.findDebitorByDebitorNumber(debitorNumber);
         if (result.isEmpty()) {
@@ -152,10 +148,9 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
     @Transactional
     @Timed("app.office.debitors.api.deleteDebitorByUuid")
     public ResponseEntity<Void> deleteDebitorByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID debitorUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = debitorRepo.deleteByUuid(debitorUuid);
         if (result == 0) {
@@ -169,12 +164,11 @@ public class HsOfficeDebitorController implements HsOfficeDebitorsApi {
     @Transactional
     @Timed("app.office.debitors.api.patchDebitor")
     public ResponseEntity<HsOfficeDebitorResource> patchDebitor(
-            final String currentSubject,
             final String assumedRoles,
             final UUID debitorUuid,
             final HsOfficeDebitorPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = debitorRepo.findByUuid(debitorUuid).orElseThrow().reload(em);
 

src/main/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipController.java

@@ -44,11 +44,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.membership.api.getListOfMemberships")
     public ResponseEntity<List<HsOfficeMembershipResource>> getListOfMemberships(
-            final String currentSubject,
             final String assumedRoles,
             final UUID partnerUuid,
             final String partnerNumber) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         validate("partnerUuid, partnerNumber").atMaxOne(partnerUuid, partnerNumber);
 
@@ -69,11 +68,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
     @Transactional
     @Timed("app.office.membership.api.postNewMembership")
     public ResponseEntity<HsOfficeMembershipResource> postNewMembership(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficeMembershipInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entityToSave = mapper.map(body, HsOfficeMembershipEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER);
 
@@ -94,11 +92,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.membership.api.getSingleMembershipByUuid")
     public ResponseEntity<HsOfficeMembershipResource> getSingleMembershipByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID membershipUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = membershipRepo.findByUuid(membershipUuid);
         if (result.isEmpty()) {
@@ -113,11 +110,10 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.membership.api.getSingleMembershipByMembershipNumber")
     public ResponseEntity<HsOfficeMembershipResource> getSingleMembershipByMembershipNumber(
-            final String currentSubject,
             final String assumedRoles,
             final Integer membershipNumber) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = membershipRepo.findMembershipByMemberNumber(membershipNumber);
         if (result.isEmpty()) {
@@ -132,10 +128,9 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
     @Transactional
     @Timed("app.office.membership.api.deleteMembershipByUuid")
     public ResponseEntity<Void> deleteMembershipByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID membershipUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = membershipRepo.deleteByUuid(membershipUuid);
         if (result == 0) {
@@ -149,12 +144,11 @@ public class HsOfficeMembershipController implements HsOfficeMembershipsApi {
     @Transactional
     @Timed("app.office.membership.api.patchMembership")
     public ResponseEntity<HsOfficeMembershipResource> patchMembership(
-            final String currentSubject,
             final String assumedRoles,
             final UUID membershipUuid,
             final HsOfficeMembershipPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = membershipRepo.findByUuid(membershipUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerController.java

@@ -66,10 +66,9 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
     @Transactional(readOnly = true)
     @Timed("app.office.partners.api.getListOfPartners")
     public ResponseEntity<List<HsOfficePartnerResource>> getListOfPartners(
-            final String currentSubject,
             final String assumedRoles,
             final String name) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = rbacPartnerRepo.findPartnerByOptionalNameLike(name);
 
@@ -81,11 +80,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
     @Transactional
     @Timed("app.office.partners.api.postNewPartner")
     public ResponseEntity<HsOfficePartnerResource> postNewPartner(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficePartnerInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entityToSave = createPartnerEntity(body);
 
@@ -104,11 +102,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
     @Transactional(readOnly = true)
     @Timed("app.office.partners.api.getSinglePartnerByUuid")
     public ResponseEntity<HsOfficePartnerResource> getSinglePartnerByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID partnerUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = rbacPartnerRepo.findByUuid(partnerUuid);
         if (result.isEmpty()) {
@@ -122,11 +119,10 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
     @Transactional(readOnly = true)
     @Timed("app.office.partners.api.getSinglePartnerByPartnerNumber")
     public ResponseEntity<HsOfficePartnerResource> getSinglePartnerByPartnerNumber(
-            final String currentSubject,
             final String assumedRoles,
             final Integer partnerNumber) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = rbacPartnerRepo.findPartnerByPartnerNumber(partnerNumber);
         if (result.isEmpty()) {
@@ -140,10 +136,9 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
     @Transactional
     @Timed("app.office.partners.api.deletePartnerByUuid")
     public ResponseEntity<Void> deletePartnerByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID partnerUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var partnerToDelete = rbacPartnerRepo.findByUuid(partnerUuid);
         if (partnerToDelete.isEmpty()) {
@@ -161,12 +156,11 @@ public class HsOfficePartnerController implements HsOfficePartnersApi {
     @Transactional
     @Timed("app.office.partners.api.patchPartner")
     public ResponseEntity<HsOfficePartnerResource> patchPartner(
-            final String currentSubject,
             final String assumedRoles,
             final UUID partnerUuid,
             final HsOfficePartnerPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = rbacPartnerRepo.findByUuid(partnerUuid).orElseThrow();
         final var previousPartnerPerson = current.getPartnerRel().getHolder();

src/main/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonController.java

@@ -34,10 +34,9 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.persons.api.getListOfPersons")
     public ResponseEntity<List<HsOfficePersonResource>> getListOfPersons(
-            final String currentSubject,
             final String assumedRoles,
             final String name) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = personRepo.findPersonByOptionalNameLike(name);
 
@@ -49,11 +48,10 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
     @Transactional
     @Timed("app.office.persons.api.postNewPerson")
     public ResponseEntity<HsOfficePersonResource> postNewPerson(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficePersonInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entityToSave = mapper.map(body, HsOfficePersonRbacEntity.class);
 
@@ -72,11 +70,10 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.persons.api.getSinglePersonByUuid")
     public ResponseEntity<HsOfficePersonResource> getSinglePersonByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID personUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = personRepo.findByUuid(personUuid);
         if (result.isEmpty()) {
@@ -89,10 +86,9 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
     @Transactional
     @Timed("app.office.persons.api.deletePersonByUuid")
     public ResponseEntity<Void> deletePersonByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID personUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = personRepo.deleteByUuid(personUuid);
         if (result == 0) {
@@ -106,12 +102,11 @@ public class HsOfficePersonController implements HsOfficePersonsApi {
     @Transactional
     @Timed("app.office.persons.api.patchPerson")
     public ResponseEntity<HsOfficePersonResource> patchPerson(
-            final String currentSubject,
             final String assumedRoles,
             final UUID personUuid,
             final HsOfficePersonPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = personRepo.findByUuid(personUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationController.java

@@ -52,14 +52,13 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.relations.api.getListOfRelations")
     public ResponseEntity<List<HsOfficeRelationResource>> getListOfRelations(
-            final String currentSubject,
             final String assumedRoles,
             final UUID personUuid,
             final HsOfficeRelationTypeResource relationType,
             final String mark,
             final String personData,
             final String contactData) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final List<HsOfficeRelationRbacEntity> entities =
                 rbacRelationRepo.findRelationRelatedToPersonUuidRelationTypeMarkPersonAndContactData(
@@ -76,11 +75,10 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
     @Transactional
     @Timed("app.office.relations.api.postNewRelation")
     public ResponseEntity<HsOfficeRelationResource> postNewRelation(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficeRelationInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entityToSave = new HsOfficeRelationRbacEntity();
         entityToSave.setType(HsOfficeRelationType.valueOf(body.getType()));
@@ -128,11 +126,10 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
     @Transactional(readOnly = true)
     @Timed("app.office.relations.api.getSingleRelationByUuid")
     public ResponseEntity<HsOfficeRelationResource> getSingleRelationByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID relationUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = rbacRelationRepo.findByUuid(relationUuid);
         if (result.isEmpty()) {
@@ -145,10 +142,9 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
     @Transactional
     @Timed("apprelations.api..deleteRelationByUuid")
     public ResponseEntity<Void> deleteRelationByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID relationUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = rbacRelationRepo.deleteByUuid(relationUuid);
         if (result == 0) {
@@ -162,12 +158,11 @@ public class HsOfficeRelationController implements HsOfficeRelationsApi {
     @Transactional
     @Timed("app.office.relations.api.patchRelation")
     public ResponseEntity<HsOfficeRelationResource> patchRelation(
-            final String currentSubject,
             final String assumedRoles,
             final UUID relationUuid,
             final HsOfficeRelationContactPatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = rbacRelationRepo.findByUuid(relationUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateController.java

@@ -52,10 +52,9 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
     @Transactional(readOnly = true)
     @Timed("app.office.sepaMandates.api.getListOfSepaMandates")
     public ResponseEntity<List<HsOfficeSepaMandateResource>> getListOfSepaMandates(
-            final String currentSubject,
             final String assumedRoles,
             final String iban) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entities = sepaMandateRepo.findSepaMandateByOptionalIban(iban);
 
@@ -68,11 +67,10 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
     @Transactional
     @Timed("app.office.sepaMandates.api.postNewSepaMandate")
     public ResponseEntity<HsOfficeSepaMandateResource> postNewSepaMandate(
-            final String currentSubject,
             final String assumedRoles,
             final HsOfficeSepaMandateInsertResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var entityToSave = mapper.map(body, HsOfficeSepaMandateEntity.class, SEPA_MANDATE_RESOURCE_TO_ENTITY_POSTMAPPER);
 
@@ -92,11 +90,10 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
     @Transactional(readOnly = true)
     @Timed("app.office.sepaMandates.api.getSingleSepaMandateByUuid")
     public ResponseEntity<HsOfficeSepaMandateResource> getSingleSepaMandateByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID sepaMandateUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = sepaMandateRepo.findByUuid(sepaMandateUuid);
         if (result.isEmpty()) {
@@ -110,10 +107,9 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
     @Transactional
     @Timed("app.office.sepaMandates.api.deleteSepaMandateByUuid")
     public ResponseEntity<Void> deleteSepaMandateByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID sepaMandateUuid) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = sepaMandateRepo.deleteByUuid(sepaMandateUuid);
         if (result == 0) {
@@ -127,12 +123,11 @@ public class HsOfficeSepaMandateController implements HsOfficeSepaMandatesApi {
     @Transactional
     @Timed("app.office.sepaMandates.api.patchSepaMandate")
     public ResponseEntity<HsOfficeSepaMandateResource> patchSepaMandate(
-            final String currentSubject,
             final String assumedRoles,
             final UUID sepaMandateUuid,
             final HsOfficeSepaMandatePatchResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = sepaMandateRepo.findByUuid(sepaMandateUuid).orElseThrow();
 

src/main/java/net/hostsharing/hsadminng/ping/PingController.java

@@ -1,12 +1,12 @@
 package net.hostsharing.hsadminng.ping;
 
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestHeader;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.ResponseBody;
 
-import jakarta.validation.constraints.NotNull;
 
 @Controller
 public class PingController {
@@ -14,9 +14,8 @@ public class PingController {
     @ResponseBody
     @RequestMapping(value = "/api/ping", method = RequestMethod.GET)
     public String ping(
-            @RequestHeader(name = "current-subject") @NotNull String currentSubject,
             @RequestHeader(name = "assumed-roles", required = false) String assumedRoles
     ) {
-        return "pong " + currentSubject + "\n";
+        return "pong " + SecurityContextHolder.getContext().getAuthentication().getName() + "\n";
     }
 }

src/main/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantController.java

@@ -37,12 +37,11 @@ public class RbacGrantController implements RbacGrantsApi {
     @Transactional(readOnly = true)
     @Timed("app.rbac.grants.api.getListOfGrantsByUuid")
     public ResponseEntity<RbacGrantResource> getListOfGrantsByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID grantedRoleUuid,
             final UUID granteeSubjectUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var id = new RbacGrantId(granteeSubjectUuid, grantedRoleUuid);
         final var result = rbacGrantRepository.findById(id);
@@ -56,10 +55,9 @@ public class RbacGrantController implements RbacGrantsApi {
     @Transactional(readOnly = true)
     @Timed("app.rbac.grants.api.getListOfSubjectGrants")
     public ResponseEntity<List<RbacGrantResource>> getListOfSubjectGrants(
-            final String currentSubject,
             final String assumedRoles) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         return ResponseEntity.ok(mapper.mapList(rbacGrantRepository.findAll(), RbacGrantResource.class));
     }
@@ -68,11 +66,10 @@ public class RbacGrantController implements RbacGrantsApi {
     @Transactional
     @Timed("app.rbac.grants.api.postNewRoleGrantToSubject")
     public ResponseEntity<RbacGrantResource> postNewRoleGrantToSubject(
-            final String currentSubject,
             final String assumedRoles,
             final RbacGrantResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var granted = rbacGrantRepository.save(mapper.map(body, RbacGrantEntity.class));
         em.flush();
@@ -90,12 +87,11 @@ public class RbacGrantController implements RbacGrantsApi {
     @Transactional
     @Timed("app.rbac.grants.api.deleteRoleGrantFromSubject")
     public ResponseEntity<Void> deleteRoleGrantFromSubject(
-            final String currentSubject,
             final String assumedRoles,
             final UUID grantedRoleUuid,
             final UUID granteeSubjectUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         rbacGrantRepository.deleteByRbacGrantId(new RbacGrantId(granteeSubjectUuid, grantedRoleUuid));
 

src/main/java/net/hostsharing/hsadminng/rbac/role/RbacRoleController.java

@@ -30,10 +30,9 @@ public class RbacRoleController implements RbacRolesApi {
     @Transactional(readOnly = true)
     @Timed("app.rbac.roles.api.getListOfRoles")
     public ResponseEntity<List<RbacRoleResource>> getListOfRoles(
-            final String currentSubject,
             final String assumedRoles) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final List<RbacRoleEntity> result = rbacRoleRepository.findAll();
 

src/main/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectController.java

@@ -44,7 +44,7 @@ public class RbacSubjectController implements RbacSubjectsApi {
         rbacSubjectRepository.create(saved);
         final var uri =
                 MvcUriComponentsBuilder.fromController(getClass())
-                        .path("/api/rbac.yaml/users/{id}")
+                        .path("/api/rbac/subjects/{id}")
                         .buildAndExpand(saved.getUuid())
                         .toUri();
         return ResponseEntity.created(uri).body(mapper.map(saved, RbacSubjectResource.class));
@@ -54,11 +54,10 @@ public class RbacSubjectController implements RbacSubjectsApi {
     @Transactional
     @Timed("app.rbac.subjects.api.deleteSubjectByUuid")
     public ResponseEntity<Void> deleteSubjectByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID subjectUuid
     ) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         rbacSubjectRepository.deleteByUuid(subjectUuid);
 
@@ -69,11 +68,10 @@ public class RbacSubjectController implements RbacSubjectsApi {
     @Transactional(readOnly = true)
     @Timed("app.rbac.subjects.api.getSingleSubjectByUuid")
     public ResponseEntity<RbacSubjectResource> getSingleSubjectByUuid(
-            final String currentSubject,
             final String assumedRoles,
             final UUID subjectUuid) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = rbacSubjectRepository.findByUuid(subjectUuid);
         if (result == null) {
@@ -86,11 +84,10 @@ public class RbacSubjectController implements RbacSubjectsApi {
     @Transactional(readOnly = true)
     @Timed("app.rbac.subjects.api.getListOfSubjects")
     public ResponseEntity<List<RbacSubjectResource>> getListOfSubjects(
-            final String currentSubject,
             final String assumedRoles,
             final String userName
     ) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         return ResponseEntity.ok(mapper.mapList(rbacSubjectRepository.findByOptionalNameLike(userName), RbacSubjectResource.class));
     }
@@ -99,11 +96,10 @@ public class RbacSubjectController implements RbacSubjectsApi {
     @Transactional(readOnly = true)
     @Timed("app.rbac.subjects.api.getListOfSubjectPermissions")
     public ResponseEntity<List<RbacSubjectPermissionResource>> getListOfSubjectPermissions(
-            final String currentSubject,
             final String assumedRoles,
             final UUID subjectUuid
     ) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         return ResponseEntity.ok(mapper.mapList(
                 rbacSubjectRepository.findPermissionsOfUserByUuid(subjectUuid),

src/main/java/net/hostsharing/hsadminng/rbac/test/cust/TestCustomerController.java

@@ -34,11 +34,10 @@ public class TestCustomerController implements TestCustomersApi {
     @Override
     @Transactional(readOnly = true)
     public ResponseEntity<List<TestCustomerResource>> listCustomers(
-            String currentSubject,
             String assumedRoles,
             String prefix
     ) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = testCustomerRepository.findCustomerByOptionalPrefixLike(prefix);
 
@@ -48,11 +47,10 @@ public class TestCustomerController implements TestCustomersApi {
     @Override
     @Transactional
     public ResponseEntity<TestCustomerResource> addCustomer(
-            final String currentSubject,
             final String assumedRoles,
             final TestCustomerResource customer) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var saved = testCustomerRepository.save(mapper.map(customer, TestCustomerEntity.class));
         final var uri =

src/main/java/net/hostsharing/hsadminng/rbac/test/pac/TestPackageController.java

@@ -31,11 +31,10 @@ public class TestPackageController implements TestPackagesApi {
     @Override
     @Transactional(readOnly = true)
     public ResponseEntity<List<TestPackageResource>> listPackages(
-            String currentSubject,
             String assumedRoles,
             String name
     ) {
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var result = testPackageRepository.findAllByOptionalNameLike(name);
         return ResponseEntity.ok(mapper.mapList(result, TestPackageResource.class));
@@ -44,12 +43,11 @@ public class TestPackageController implements TestPackagesApi {
     @Override
     @Transactional
     public ResponseEntity<TestPackageResource> updatePackage(
-            final String currentSubject,
             final String assumedRoles,
             final UUID packageUuid,
             final TestPackageUpdateResource body) {
 
-        context.define(currentSubject, assumedRoles);
+        context.assumeRoles(assumedRoles);
 
         final var current = testPackageRepository.findByUuid(packageUuid);
         OptionalFromJson.of(body.getDescription()).ifPresent(current::setDescription);

src/main/resources/api-definition/auth.yaml

@@ -3,14 +3,6 @@ components:
 
     parameters:
 
-        currentSubject:
-            name: current-subject
-            in: header
-            required: false
-            schema:
-                type: string
-            description: Identifying name of the current subject (e.g. user).
-
         assumedRoles:
             name: assumed-roles
             in: header

src/main/resources/api-definition/hs-booking/auth.yaml

@@ -1,20 +0,0 @@
-
-components:
-
-    parameters:
-
-        currentSubject:
-            name: current-subject
-            in: header
-            required: true
-            schema:
-                type: string
-            description: Identifying name of the currently logged in subject.
-
-        assumedRoles:
-            name: assumed-roles
-            in: header
-            required: false
-            schema:
-                type: string
-            description: Semicolon-separated list of roles to assume. The current subject needs to have the right to assume these roles.

src/main/resources/api-definition/hs-booking/auth.yaml

@@ -0,0 +1 @@
+../auth.yaml

src/main/resources/api-definition/hs-booking/hs-booking-items-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single booking item its uuid, if visible for the current subject.'
     operationId: getSingleBookingItemByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: bookingItemUuid
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single booking item identified by its uuid, if permitted for the current subject.'
     operationId: patchBookingItem
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: bookingItemUuid
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single booking item identified by its uuid, if permitted for the current subject.'
     operationId: deleteBookingIemByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: bookingItemUuid
           in: path

src/main/resources/api-definition/hs-booking/hs-booking-items.yaml

@@ -5,7 +5,6 @@ get:
         - hs-booking-items
     operationId: getListOfBookingItemsByProjectUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: projectUuid
           in: query
@@ -34,7 +33,6 @@ post:
         - hs-booking-items
     operationId: postNewBookingItem
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         description: A JSON object describing the new booking item.

src/main/resources/api-definition/hs-booking/hs-booking-projects-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single booking project its uuid, if visible for the current subject.'
     operationId: getBookingProjectByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: bookingProjectUuid
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single booking project identified by its uuid, if permitted for the current subject.'
     operationId: patchBookingProject
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: bookingProjectUuid
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single booking project identified by its uuid, if permitted for the current subject.'
     operationId: deleteBookingIemByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: bookingProjectUuid
           in: path

src/main/resources/api-definition/hs-booking/hs-booking-projects.yaml

@@ -5,7 +5,6 @@ get:
         - hs-booking-projects
     operationId: getListOfBookingProjectsByDebitorUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: debitorUuid
           in: query
@@ -34,7 +33,6 @@ post:
         - hs-booking-projects
     operationId: postNewBookingProject
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         description: A JSON object describing the new booking project.

src/main/resources/api-definition/hs-hosting/auth.yaml

@@ -1,20 +0,0 @@
-
-components:
-
-    parameters:
-
-        currentSubject:
-            name: current-subject
-            in: header
-            required: true
-            schema:
-                type: string
-            description: Identifying name of the currently logged in subject.
-
-        assumedRoles:
-            name: assumed-roles
-            in: header
-            required: false
-            schema:
-                type: string
-            description: Semicolon-separated list of roles to assume. The current subject needs to have the right to assume these roles.

src/main/resources/api-definition/hs-hosting/auth.yaml

@@ -0,0 +1 @@
+../auth.yaml

src/main/resources/api-definition/hs-hosting/hs-hosting-assets-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single managed asset by its uuid, if visible for the current subject.'
     operationId: getSingleHostingAssetByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: assetUuid
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single hosting asset identified by its uuid, if permitted for the current subject.'
     operationId: patchHostingAsset
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: assetUuid
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single hosting asset identified by its uuid, if permitted for the current subject.'
     operationId: deleteHostingAssetByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: assetUuid
           in: path

src/main/resources/api-definition/hs-hosting/hs-hosting-assets.yaml

@@ -5,7 +5,6 @@ get:
         - hs-hosting-assets
     operationId: getListOfHostingAssets
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: projectUuid
           in: query
@@ -47,7 +46,6 @@ post:
         - hs-hosting-assets
     operationId: postNewHostingAsset
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         description: A JSON object describing the new hosting asset.

src/main/resources/api-definition/hs-office/hs-office-bankaccounts-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single bank account by its uuid, if visible for the current subject.'
     operationId: getSingleBankAccountByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: bankAccountUUID
           in: path
@@ -31,7 +30,6 @@ delete:
     description: 'Delete a single bank account by its uuid, if permitted for the current subject.'
     operationId: deleteBankAccountByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: bankAccountUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-bankaccounts.yaml

@@ -5,7 +5,6 @@ get:
         - hs-office-bank-accounts
     operationId: getListOfBankAccounts
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: holder
           in: query
@@ -33,7 +32,6 @@ post:
         - hs-office-bank-accounts
     operationId: postNewBankAccount
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         content:

src/main/resources/api-definition/hs-office/hs-office-contacts-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single business contact by its uuid, if visible for the current subject.'
     operationId: getSingleContactByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: contactUUID
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single contact by its uuid, if permitted for the current subject.'
     operationId: patchContact
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: contactUUID
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single business contact by its uuid, if permitted for the current subject.'
     operationId: deleteContactByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: contactUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-contacts.yaml

@@ -5,7 +5,6 @@ get:
         - hs-office-contacts
     operationId: getListOfContacts
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: caption
           in: query
@@ -40,7 +39,6 @@ post:
         - hs-office-contacts
     operationId: postNewContact
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         content:

src/main/resources/api-definition/hs-office/hs-office-coopassets-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single asset transaction by its uuid, if visible for the current subject.'
     operationId: getSingleCoopAssetTransactionByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: assetTransactionUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-coopassets.yaml

@@ -5,7 +5,6 @@ get:
     - hs-office-coopAssets
   operationId: getListOfCoopAssets
   parameters:
-    - $ref: 'auth.yaml#/components/parameters/currentSubject'
     - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     - name: membershipUuid
       in: query
@@ -48,7 +47,6 @@ post:
     - hs-office-coopAssets
   operationId: postNewCoopAssetTransaction
   parameters:
-    - $ref: 'auth.yaml#/components/parameters/currentSubject'
     - $ref: 'auth.yaml#/components/parameters/assumedRoles'
   requestBody:
     description: A JSON object describing the new cooperative assets transaction.

src/main/resources/api-definition/hs-office/hs-office-coopshares-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single share transaction by its uuid, if visible for the current subject.'
     operationId: getSingleCoopShareTransactionByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: shareTransactionUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-coopshares.yaml

@@ -5,7 +5,6 @@ get:
     - hs-office-coopShares
   operationId: getListOfCoopShares
   parameters:
-    - $ref: 'auth.yaml#/components/parameters/currentSubject'
     - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     - name: membershipUuid
       in: query
@@ -48,7 +47,6 @@ post:
     - hs-office-coopShares
   operationId: postNewCoopSharesTransaction
   parameters:
-    - $ref: 'auth.yaml#/components/parameters/currentSubject'
     - $ref: 'auth.yaml#/components/parameters/assumedRoles'
   requestBody:
     description: A JSON object describing the new cooperative shares transaction.

src/main/resources/api-definition/hs-office/hs-office-debitors-with-debitorNumber.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single debitor by its debitorNumber, if visible for the current subject.'
     operationId: getSingleDebitorByDebitorNumber
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: debitorNumber
           in: path

src/main/resources/api-definition/hs-office/hs-office-debitors-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single debitor by its uuid, if visible for the current subject.'
     operationId: getSingleDebitorByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: debitorUUID
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single debitor by its uuid, if permitted for the current subject.'
     operationId: patchDebitor
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: debitorUUID
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single debitor by its uuid, if permitted for the current subject.'
     operationId: deleteDebitorByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: debitorUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-debitors.yaml

@@ -5,7 +5,6 @@ get:
         - hs-office-debitors
     operationId: getListOfDebitors
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: name
           in: query
@@ -47,7 +46,6 @@ post:
         - hs-office-debitors
     operationId: postNewDebitor
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         content:

src/main/resources/api-definition/hs-office/hs-office-memberships-with-membershipNumber.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single membership by its membershipNumber, if visible for the current subject.'
     operationId: getSingleMembershipByMembershipNumber
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: membershipNumber
           in: path

src/main/resources/api-definition/hs-office/hs-office-memberships-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single membership by its uuid, if visible for the current subject.'
     operationId: getSingleMembershipByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: membershipUUID
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single membership by its uuid, if permitted for the current subject.'
     operationId: patchMembership
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: membershipUUID
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single membership by its uuid, if permitted for the current subject.'
     operationId: deleteMembershipByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: membershipUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-memberships.yaml

@@ -6,7 +6,6 @@ get:
         - hs-office-memberships
     operationId: getListOfMemberships
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: partnerUuid
           in: query
@@ -42,7 +41,6 @@ post:
         - hs-office-memberships
     operationId: postNewMembership
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         description: A JSON object describing the new membership.

src/main/resources/api-definition/hs-office/hs-office-partners-with-partnerNumber.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single business partner by its partner-number (prefixed with "P-"), if visible for the current subject.'
     operationId: getSinglePartnerByPartnerNumber
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: partnerNumber
           in: path

src/main/resources/api-definition/hs-office/hs-office-partners-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single business partner by its uuid, if visible for the current subject.'
     operationId: getSinglePartnerByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: partnerUUID
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single business partner by its uuid, if permitted for the current subject.'
     operationId: patchPartner
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: partnerUUID
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single business partner by its uuid, if permitted for the current subject.'
     operationId: deletePartnerByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: partnerUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-partners.yaml

@@ -5,7 +5,6 @@ get:
         - hs-office-partners
     operationId: getListOfPartners
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: name
           in: query
@@ -33,7 +32,6 @@ post:
         - hs-office-partners
     operationId: postNewPartner
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         content:

src/main/resources/api-definition/hs-office/hs-office-persons-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single business person by its uuid, if visible for the current subject.'
     operationId: getSinglePersonByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: personUUID
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single person by its uuid, if permitted for the current subject.'
     operationId: patchPerson
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: personUUID
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single business person by its uuid, if permitted for the current subject.'
     operationId: deletePersonByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: personUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-persons.yaml

@@ -5,7 +5,6 @@ get:
         - hs-office-persons
     operationId: getListOfPersons
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: name
           in: query
@@ -33,7 +32,6 @@ post:
         - hs-office-persons
     operationId: postNewPerson
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         content:

src/main/resources/api-definition/hs-office/hs-office-relations-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single person relation by its uuid, if visible for the current subject.'
     operationId: getSingleRelationByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: relationUUID
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single person relation by its uuid, if permitted for the current subject.'
     operationId: patchRelation
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: relationUUID
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single person relation by its uuid, if permitted for the current subject.'
     operationId: deleteRelationByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: relationUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-relations.yaml

@@ -7,7 +7,6 @@ get:
         - hs-office-relations
     operationId: getListOfRelations
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: personUuid
           in: query
@@ -60,7 +59,6 @@ post:
         - hs-office-relations
     operationId: postNewRelation
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         content:

src/main/resources/api-definition/hs-office/hs-office-sepamandates-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single SEPA Mandate by its uuid, if visible for the current subject.'
     operationId: getSingleSepaMandateByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: sepaMandateUUID
           in: path
@@ -32,7 +31,6 @@ patch:
     description: 'Updates a single SEPA Mandate by its uuid, if permitted for the current subject.'
     operationId: patchSepaMandate
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: sepaMandateUUID
             in: path
@@ -63,7 +61,6 @@ delete:
     description: 'Delete a single SEPA Mandate by its uuid, if permitted for the current subject.'
     operationId: deleteSepaMandateByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: sepaMandateUUID
           in: path

src/main/resources/api-definition/hs-office/hs-office-sepamandates.yaml

@@ -5,7 +5,6 @@ get:
         - hs-office-sepaMandates
     operationId: getListOfSepaMandates
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: iban
           in: query
@@ -33,7 +32,6 @@ post:
         - hs-office-sepaMandates
     operationId: postNewSepaMandate
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         description: A JSON object describing the new SEPA-Mandate.

src/main/resources/api-definition/rbac/rbac-grants-with-id.yaml

@@ -3,7 +3,6 @@ get:
     - rbac-grants
   operationId: getListOfGrantsByUuid
   parameters:
-    - $ref: 'auth.yaml#/components/parameters/currentSubject'
     - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     - name: grantedRoleUuid
       in: path
@@ -38,7 +37,6 @@ delete:
         - rbac-grants
     operationId: deleteRoleGrantFromSubject
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: grantedRoleUuid
           in: path

src/main/resources/api-definition/rbac/rbac-grants.yaml

@@ -3,7 +3,6 @@ get:
         - rbac-grants
     operationId: getListOfSubjectGrants
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     responses:
         "200":
@@ -20,7 +19,6 @@ post:
         - rbac-grants
     operationId: postNewRoleGrantToSubject
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         required: true

src/main/resources/api-definition/rbac/rbac-roles.yaml

@@ -3,7 +3,6 @@ get:
         - rbac-roles
     operationId: getListOfRoles
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     responses:
         "200":

src/main/resources/api-definition/rbac/rbac-subjects-with-id-permissions.yaml

@@ -4,7 +4,6 @@ get:
     description: 'List all visible permissions granted to the given subject; reduced '
     operationId: getListOfSubjectPermissions
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: subjectUuid
           in: path

src/main/resources/api-definition/rbac/rbac-subjects-with-uuid.yaml

@@ -4,7 +4,6 @@ get:
     description: 'Fetch a single subject by its id, if visible for the current subject.'
     operationId: getSingleSubjectByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: subjectUuid
           in: path
@@ -31,7 +30,6 @@ delete:
         - rbac-subjects
     operationId: deleteSubjectByUuid
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: subjectUuid
           in: path

src/main/resources/api-definition/rbac/rbac-subjects.yaml

@@ -4,7 +4,6 @@ get:
     description: List accessible RBAC subjects with optional filter by name.
     operationId: getListOfSubjects
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: name
           in: query

src/main/resources/api-definition/test/test-customers.yaml

@@ -6,7 +6,6 @@ get:
     operationId: listCustomers
 
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: prefix
           in: query
@@ -34,7 +33,6 @@ post:
         - testCustomers
     operationId: addCustomer
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
     requestBody:
         content:

src/main/resources/api-definition/test/test-packages-uuid.yaml

@@ -3,7 +3,6 @@ patch:
         - testPackages
     operationId: updatePackage
     parameters:
-        -   $ref: 'auth.yaml#/components/parameters/currentSubject'
         -   $ref: 'auth.yaml#/components/parameters/assumedRoles'
         -   name: packageUUID
             in: path

src/main/resources/api-definition/test/test-packages.yaml

@@ -3,7 +3,6 @@ get:
         - testPackages
     operationId: listPackages
     parameters:
-        - $ref: 'auth.yaml#/components/parameters/currentSubject'
         - $ref: 'auth.yaml#/components/parameters/assumedRoles'
         - name: name
           in: query

src/test/java/net/hostsharing/hsadminng/config/CasAuthenticationFilterIntegrationTest.java

@@ -20,7 +20,7 @@ import static com.github.tomakehurst.wiremock.client.WireMock.*;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 @TestPropertySource(properties = {"server.port=0", "hsadminng.cas.server=http://localhost:8088"})
-@ActiveProfiles("wiremock") // IMPORTANT: To test prod config, do not use test profile!
+@ActiveProfiles({"wiremock", "realCasAuthenticator"}) // IMPORTANT: To test prod config, do NOT use test profile!
 @Tag("generalIntegrationTest")
 class CasAuthenticationFilterIntegrationTest {
 

src/test/java/net/hostsharing/hsadminng/config/CasAuthenticatorUnitTest.java

@@ -1,29 +0,0 @@
-package net.hostsharing.hsadminng.config;
-
-import org.junit.jupiter.api.Test;
-
-import jakarta.servlet.http.HttpServletRequest;
-
-import static org.assertj.core.api.Assertions.assertThat;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.mock;
-
-class CasAuthenticatorUnitTest {
-
-    final RealCasAuthenticator casAuthenticator = new RealCasAuthenticator();
-
-    @Test
-    void bypassesAuthenticationIfNoCasServerIsConfigured() {
-
-        // given
-        final var request = mock(HttpServletRequest.class);
-        // bypassing the CAS-server HTTP-request fakes the user from the authorization header's fake CAS-ticket
-        given(request.getHeader("authorization")).willReturn("Bearer given-user");
-
-        // when
-        final var userName = casAuthenticator.authenticate(request);
-
-        // then
-        assertThat(userName).isEqualTo("given-user");
-    }
-}

src/test/java/net/hostsharing/hsadminng/config/WebSecurityConfigIntegrationTest.java

@@ -29,7 +29,7 @@ import static org.assertj.core.api.Assertions.assertThat;
 
 @SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 @TestPropertySource(properties = {"management.port=0", "server.port=0", "hsadminng.cas.server=http://localhost:8088"})
-@ActiveProfiles("wiremock") // IMPORTANT: To test prod config, do not use test profile!
+@ActiveProfiles({"wiremock", "realCasAuthenticator"}) // IMPORTANT: To test prod config, do NOT use test profile!
 @Tag("generalIntegrationTest")
 class WebSecurityConfigIntegrationTest {
 

src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerAcceptanceTest.java

@@ -87,7 +87,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/booking/items?projectUuid=" + givenProject.getUuid())
@@ -151,7 +151,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                             {
@@ -201,7 +201,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                     .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                                 {
@@ -271,7 +271,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                 {
@@ -361,7 +361,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                 {
@@ -454,7 +454,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid)
@@ -488,7 +488,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/booking/items/" + givenBookingItemUuid)
@@ -506,7 +506,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:ADMIN")
                     .port(port)
                 .when()
@@ -550,7 +550,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", "hs_booking.project#D-1000111-D-1000111defaultproject:AGENT")
                     .contentType(ContentType.JSON)
                     .body("""
@@ -606,7 +606,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())
@@ -625,7 +625,7 @@ class HsBookingItemControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/booking/items/" + givenBookingItem.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/booking/item/HsBookingItemControllerRestTest.java

@@ -104,7 +104,7 @@ class HsBookingItemControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .post("/api/hs/booking/items")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                             {
@@ -154,7 +154,7 @@ class HsBookingItemControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .post("/api/hs/booking/items")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                             {

src/test/java/net/hostsharing/hsadminng/hs/booking/project/HsBookingProjectControllerAcceptanceTest.java

@@ -62,7 +62,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/booking/projects?debitorUuid=" + givenDebitor.getUuid())
@@ -93,7 +93,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                             {
@@ -133,7 +133,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)
@@ -156,7 +156,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/booking/projects/" + givenBookingProjectUuid)
@@ -172,7 +172,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "person-TuckerJack@example.com")
+                    .header("Authorization", "Bearer person-TuckerJack@example.com")
                     .header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:AGENT")
                     .port(port)
                 .when()
@@ -198,7 +198,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                         {
@@ -237,7 +237,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid())
@@ -255,7 +255,7 @@ class HsBookingProjectControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/booking/projects/" + givenBookingProject.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerAcceptanceTest.java

@@ -90,7 +90,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/hosting/assets?projectUuid=" + givenProject.getUuid() + "&type=MANAGED_WEBSPACE")
@@ -118,7 +118,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .header("assumed-roles", "hs_hosting.asset#fir01:AGENT")
                         .port(port)
                     .when()
@@ -166,7 +166,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                             {
@@ -227,7 +227,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .header("assumed-roles", "hs_hosting.asset#vm1011:ADMIN")
                         .contentType(ContentType.JSON)
                         .body("""
@@ -281,7 +281,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                     .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                             {
@@ -327,7 +327,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                 {
@@ -382,7 +382,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                     {
@@ -421,7 +421,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
@@ -446,7 +446,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/hosting/assets/" + givenAssetUuid)
@@ -463,7 +463,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "person-TuckerJack@example.com")
+                    .header("Authorization", "Bearer person-TuckerJack@example.com")
                     .header("assumed-roles", "hs_booking.project#D-1000313-D-1000313defaultproject:AGENT")
                     .port(port)
                 .when()
@@ -508,7 +508,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                         {
@@ -581,7 +581,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         //.header("assumed-roles", "hs_hosting.asset#vm2001:ADMIN")
                         .contentType(ContentType.JSON)
                         .body("""
@@ -664,7 +664,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
                             .build());
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())
@@ -696,7 +696,7 @@ class HsHostingAssetControllerAcceptanceTest extends ContextBasedTestWithCleanup
                             .build());
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/hosting/assets/" + givenAsset.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/hosting/asset/HsHostingAssetControllerRestTest.java

@@ -593,7 +593,7 @@ public class HsHostingAssetControllerRestTest {
         // when
         final var result = mockMvc.perform(MockMvcRequestBuilders
                         .get("/api/hs/hosting/assets?type="+testCase.name())
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .accept(MediaType.APPLICATION_JSON))
 
                 // then
@@ -663,7 +663,7 @@ public class HsHostingAssetControllerRestTest {
         // when
         final var result = mockMvc.perform(MockMvcRequestBuilders
                         .patch("/api/hs/hosting/assets/" + givenDomainHttpSetupUuid)
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON)
                         .content("""
                         {

src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerAcceptanceTest.java

@@ -58,7 +58,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/bankaccounts")
@@ -124,7 +124,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                             {
@@ -163,7 +163,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -184,7 +184,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -200,7 +200,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "bankaccount-admin@firstbankaccount.example.com")
+                    .header("Authorization", "Bearer bankaccount-admin@firstbankaccount.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/bankaccounts/" + givenBankAccountUuid)
@@ -228,7 +228,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                        {
@@ -266,7 +266,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
@@ -283,7 +283,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-test-user@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())
@@ -304,7 +304,7 @@ class HsOfficeBankAccountControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/bankaccounts/" + givenBankAccount.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/office/bankaccount/HsOfficeBankAccountControllerRestTest.java

@@ -68,7 +68,7 @@ class HsOfficeBankAccountControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .post("/api/hs/office/bankaccounts")
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON)
                         .content("""
                                 {
@@ -115,7 +115,7 @@ class HsOfficeBankAccountControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .post("/api/hs/office/bankaccounts")
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON)
                         .content("""
                                 {

src/test/java/net/hostsharing/hsadminng/hs/office/contact/HsOfficeContactControllerAcceptanceTest.java

@@ -69,7 +69,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/contacts")
@@ -107,7 +107,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                {
@@ -156,7 +156,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -177,7 +177,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -192,7 +192,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "contact-admin@firstcontact.example.com")
+                    .header("Authorization", "Bearer contact-admin@firstcontact.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/contacts/" + givenContactUuid)
@@ -224,7 +224,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                        {
@@ -282,7 +282,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                        {
@@ -328,7 +328,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
@@ -348,7 +348,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-test-user@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())
@@ -369,7 +369,7 @@ class HsOfficeContactControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/contacts/" + givenContact.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerAcceptanceTest.java

@@ -67,7 +67,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopassetstransactions")
@@ -85,7 +85,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                     .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="+givenMembership.getUuid())
@@ -208,7 +208,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopassetstransactions?membershipUuid="
@@ -241,7 +241,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                {
@@ -298,7 +298,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                    {
@@ -354,7 +354,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                            {
@@ -394,7 +394,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
                     LocalDate.of(2010, 3, 15)).get(0).getUuid();
 
             RestAssured // @formatter:off
-                .given().header("current-subject", "superuser-alex@hostsharing.net")
+                .given().header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
@@ -417,7 +417,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
                     LocalDate.of(2010, 3, 15)).get(0).getUuid();
 
             RestAssured // @formatter:off
-                .given().header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                .given().header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)
@@ -435,7 +435,7 @@ class HsOfficeCoopAssetsTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "person-FirstGmbH@example.com")
+                    .header("Authorization", "Bearer person-FirstGmbH@example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopassetstransactions/" + givenCoopAssetTransactionUuid)

src/test/java/net/hostsharing/hsadminng/hs/office/coopassets/HsOfficeCoopAssetsTransactionControllerRestTest.java

@@ -657,7 +657,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .post("/api/hs/office/coopassetstransactions")
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON)
                         .content(testCase.givenRequestBody())
                         .accept(MediaType.APPLICATION_JSON))
@@ -832,7 +832,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .post("/api/hs/office/coopassetstransactions")
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON)
                         .content(testCase.givenRequestBody())
                         .accept(MediaType.APPLICATION_JSON))
@@ -851,7 +851,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .get("/api/hs/office/coopassetstransactions/" + SOME_REVERTED_TRANSFER_ASSET_TX_ENTITY.getUuid())
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON))
 
                 // then
@@ -867,7 +867,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .get("/api/hs/office/coopassetstransactions/" + UNAVAILABLE_UUID)
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON))
 
                 // then
@@ -893,7 +893,7 @@ class HsOfficeCoopAssetsTransactionControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .get("/api/hs/office/coopassetstransactions")
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON))
 
                 // then

src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerAcceptanceTest.java

@@ -75,7 +75,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopsharestransactions")
@@ -93,7 +93,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid())
@@ -157,7 +157,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopsharestransactions?membershipUuid=" + givenMembership.getUuid() + "&fromValueDate=2020-01-01&toValueDate=2021-12-31")
@@ -190,7 +190,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON).body("""
                        {
                            "membership.uuid": "%s",
@@ -249,7 +249,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                        {
@@ -305,7 +305,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                         {
@@ -345,7 +345,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)
@@ -367,7 +367,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                     .get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)
                 .then().log().body()
@@ -382,7 +382,7 @@ class HsOfficeCoopSharesTransactionControllerAcceptanceTest extends ContextBased
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "person-FirstGmbH@example.com")
+                    .header("Authorization", "Bearer person-FirstGmbH@example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/coopsharestransactions/" + givenCoopShareTransactionUuid)

src/test/java/net/hostsharing/hsadminng/hs/office/coopshares/HsOfficeCoopSharesTransactionControllerRestTest.java

@@ -121,7 +121,7 @@ class HsOfficeCoopSharesTransactionControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .post("/api/hs/office/coopsharestransactions")
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(MediaType.APPLICATION_JSON)
                         .content(testCase.givenRequestBody())
                         .accept(MediaType.APPLICATION_JSON))

src/test/java/net/hostsharing/hsadminng/hs/office/debitor/HsOfficeDebitorControllerAcceptanceTest.java

@@ -93,7 +93,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@@ -120,7 +120,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/debitors/D-1000212")
@@ -151,7 +151,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/debitors")
@@ -306,7 +306,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/debitors?partnerNumber=P-10002")
@@ -351,7 +351,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                {
@@ -396,7 +396,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                             {
@@ -447,7 +447,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                             {
@@ -482,7 +482,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                             {
@@ -513,7 +513,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -578,7 +578,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -593,7 +593,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "contact-admin@firstcontact.example.com")
+                    .header("Authorization", "Bearer contact-admin@firstcontact.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/debitors/" + givenDebitorUuid)
@@ -623,7 +623,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                                {
@@ -706,7 +706,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
             // @formatter:on
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", givenDebitor.getDebitorRel().getContact().roleId(ADMIN) )
                     .contentType(ContentType.JSON)
                     .body("""
@@ -735,7 +735,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@@ -754,7 +754,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "contact-admin@tenthcontact.example.com")
+                    .header("Authorization", "Bearer contact-admin@tenthcontact.example.com")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())
@@ -773,7 +773,7 @@ class HsOfficeDebitorControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/debitors/" + givenDebitor.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerAcceptanceTest.java

@@ -72,7 +72,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/memberships")
@@ -118,7 +118,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .queryParam("partnerUuid", partner.getUuid() )
@@ -146,7 +146,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .port(port)
                     .when()
                         .queryParam("partnerNumber", "P-10002" )
@@ -183,7 +183,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                {
@@ -226,7 +226,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@@ -252,7 +252,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/memberships/" + givenMembershipUuid)
@@ -267,7 +267,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-ThirdOHG:AGENT")
                     .port(port)
                 .when()
@@ -299,7 +299,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                            {
@@ -343,7 +343,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
             // when
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", givenPartnerAdmin)
                     .contentType(ContentType.JSON)
                     .body("""
@@ -378,7 +378,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())
@@ -396,7 +396,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", "hs_office.relation#HostsharingeG-with-PARTNER-FirstGmbH:AGENT")
                     .port(port)
                 .when()
@@ -415,7 +415,7 @@ class HsOfficeMembershipControllerAcceptanceTest extends ContextBasedTestWithCle
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/memberships/" + givenMembership.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/office/membership/HsOfficeMembershipControllerRestTest.java

@@ -95,7 +95,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .get("/api/hs/office/memberships?partnerNumber=P-12345")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                                        {
@@ -125,7 +125,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .get("/api/hs/office/memberships?partnerNumber=P-12345")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                                        {
@@ -158,7 +158,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .get("/api/hs/office/memberships/" + givenUuid)
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .accept(MediaType.APPLICATION_JSON))
 
                     // then
@@ -177,7 +177,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .get("/api/hs/office/memberships/" + UUID.randomUUID())
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .accept(MediaType.APPLICATION_JSON))
 
                     // then
@@ -195,7 +195,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .get("/api/hs/office/memberships/M-1234501")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .accept(MediaType.APPLICATION_JSON))
 
                     // then
@@ -214,7 +214,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .get("/api/hs/office/memberships/M-0000000")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .accept(MediaType.APPLICATION_JSON))
 
                     // then
@@ -232,7 +232,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .post("/api/hs/office/memberships")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                                        {
@@ -262,7 +262,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .post("/api/hs/office/memberships")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                                        {
@@ -290,7 +290,7 @@ public class HsOfficeMembershipControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .post("/api/hs/office/memberships")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                                        {

src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerAcceptanceTest.java

@@ -66,7 +66,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/partners")
@@ -100,7 +100,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                             {
@@ -159,7 +159,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                             {
@@ -197,7 +197,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                             {
@@ -242,7 +242,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -274,7 +274,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -289,7 +289,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "contact-admin@firstcontact.example.com")
+                    .header("Authorization", "Bearer contact-admin@firstcontact.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/partners/" + givenPartnerUuid)
@@ -320,7 +320,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                            {
@@ -389,7 +389,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                 {
@@ -429,7 +429,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                                {
@@ -477,7 +477,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@@ -497,7 +497,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "contact-admin@fourthcontact.example.com")
+                    .header("Authorization", "Bearer contact-admin@fourthcontact.example.com")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())
@@ -516,7 +516,7 @@ class HsOfficePartnerControllerAcceptanceTest extends ContextBasedTestWithCleanu
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/partners/" + givenPartner.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/office/partner/HsOfficePartnerControllerRestTest.java

@@ -99,7 +99,7 @@ class HsOfficePartnerControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .post("/api/hs/office/partners")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                                      {
@@ -132,7 +132,7 @@ class HsOfficePartnerControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .post("/api/hs/office/partners")
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .content("""
                                      {
@@ -174,7 +174,7 @@ class HsOfficePartnerControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                     .get("/api/hs/office/partners/P-12345")
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(MediaType.APPLICATION_JSON)
                     .accept(MediaType.APPLICATION_JSON))
 
@@ -191,7 +191,7 @@ class HsOfficePartnerControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                     .get("/api/hs/office/partners/P-12345")
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(MediaType.APPLICATION_JSON)
                     .accept(MediaType.APPLICATION_JSON))
 
@@ -219,7 +219,7 @@ class HsOfficePartnerControllerRestTest {
             // when
             mockMvc.perform(MockMvcRequestBuilders
                             .delete("/api/hs/office/partners/" + givenPartnerUuid)
-                            .header("current-subject", "superuser-alex@hostsharing.net")
+                            .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                             .contentType(MediaType.APPLICATION_JSON)
                             .accept(MediaType.APPLICATION_JSON))
 

src/test/java/net/hostsharing/hsadminng/hs/office/person/HsOfficePersonControllerAcceptanceTest.java

@@ -61,7 +61,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/persons")
@@ -81,7 +81,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                {
@@ -119,7 +119,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -142,7 +142,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -159,7 +159,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "person-ErbenBesslerMelBessler@example.com")
+                    .header("Authorization", "Bearer person-ErbenBesslerMelBessler@example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/persons/" + givenPersonUuid)
@@ -188,7 +188,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                        {
@@ -230,7 +230,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                         {
@@ -274,7 +274,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
@@ -293,7 +293,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-test-user@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-test-user@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())
@@ -313,7 +313,7 @@ class HsOfficePersonControllerAcceptanceTest extends ContextBasedTestWithCleanup
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/persons/" + givenPerson.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/office/relation/HsOfficeRelationControllerAcceptanceTest.java

@@ -68,7 +68,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/relations?personUuid=%s&relationType=%s"
@@ -126,7 +126,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                     .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                     .when()
                     .get("http://localhost/api/hs/office/relations?personUuid=%s"
@@ -183,7 +183,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .port(port)
                     .when()
                         .get("http://localhost/api/hs/office/relations?personData=firby&contactData=Contact-Admin@FirstContact.Example.COM")
@@ -235,7 +235,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                {
@@ -280,7 +280,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                             {
@@ -348,7 +348,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                                {
@@ -380,7 +380,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                                {
@@ -413,7 +413,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                            {
@@ -447,7 +447,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/relations/" + givenRelationUuid)
@@ -470,7 +470,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/relations/" + givenRelationUuid)
@@ -486,7 +486,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "contact-admin@firstcontact.example.com")
+                    .header("Authorization", "Bearer contact-admin@firstcontact.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -529,7 +529,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                            {
@@ -572,7 +572,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -591,7 +591,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "contact-admin@seventhcontact.example.com")
+                    .header("Authorization", "Bearer contact-admin@seventhcontact.example.com")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())
@@ -610,7 +610,7 @@ class HsOfficeRelationControllerAcceptanceTest extends ContextBasedTestWithClean
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/relations/" + givenRelation.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/office/sepamandate/HsOfficeSepaMandateControllerAcceptanceTest.java

@@ -66,7 +66,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/sepamandates")
@@ -107,7 +107,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .port(port)
                     .when()
                         .get("http://localhost/api/hs/office/sepamandates?iban=DE02120300000000202051")
@@ -145,7 +145,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             final var location = RestAssured // @formatter:off
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .contentType(ContentType.JSON)
                         .body("""
                                {
@@ -186,7 +186,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                                {
@@ -211,7 +211,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                                {
@@ -241,7 +241,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                                {
@@ -275,7 +275,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -305,7 +305,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -322,7 +322,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "bankaccount-admin@FirstGmbH.example.com")
+                    .header("Authorization", "Bearer bankaccount-admin@FirstGmbH.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/hs/office/sepamandates/" + givenSepaMandateUuid)
@@ -354,7 +354,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                            {
@@ -400,7 +400,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                            {
@@ -440,7 +440,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             final var location = RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .contentType(ContentType.JSON)
                     .body("""
                            {
@@ -474,7 +474,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
@@ -492,7 +492,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "bankaccount-admin@FirstGmbH.example.com")
+                    .header("Authorization", "Bearer bankaccount-admin@FirstGmbH.example.com")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())
@@ -510,7 +510,7 @@ class HsOfficeSepaMandateControllerAcceptanceTest extends ContextBasedTestWithCl
 
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "selfregistered-user-drew@hostsharing.org")
+                    .header("Authorization", "Bearer selfregistered-user-drew@hostsharing.org")
                     .port(port)
                 .when()
                     .delete("http://localhost/api/hs/office/sepamandates/" + givenSepaMandate.getUuid())

src/test/java/net/hostsharing/hsadminng/hs/scenarios/UseCase.java

@@ -159,7 +159,7 @@ public abstract class UseCase<T extends UseCase<?>> {
         final var request = HttpRequest.newBuilder()
                 .GET()
                 .uri(new URI("http://localhost:" + testSuite.port + uriPath))
-                .header("current-subject", ScenarioTest.RUN_AS_USER)
+                .header("Authorization", "Bearer " + ScenarioTest.RUN_AS_USER)
                 .timeout(seconds(10))
                 .build();
         final var response = client.send(request, BodyHandlers.ofString());
@@ -174,7 +174,7 @@ public abstract class UseCase<T extends UseCase<?>> {
                 .POST(BodyPublishers.ofString(requestBody))
                 .uri(new URI("http://localhost:" + testSuite.port + uriPath))
                 .header("Content-Type", "application/json")
-                .header("current-subject", ScenarioTest.RUN_AS_USER)
+                .header("Authorization", "Bearer " + ScenarioTest.RUN_AS_USER)
                 .timeout(seconds(10))
                 .build();
         final var response = client.send(request, BodyHandlers.ofString());
@@ -189,7 +189,7 @@ public abstract class UseCase<T extends UseCase<?>> {
                 .method(HttpMethod.PATCH.toString(), BodyPublishers.ofString(requestBody))
                 .uri(new URI("http://localhost:" + testSuite.port + uriPath))
                 .header("Content-Type", "application/json")
-                .header("current-subject", ScenarioTest.RUN_AS_USER)
+                .header("Authorization", "Bearer " + ScenarioTest.RUN_AS_USER)
                 .timeout(seconds(10))
                 .build();
         final var response = client.send(request, BodyHandlers.ofString());
@@ -203,7 +203,7 @@ public abstract class UseCase<T extends UseCase<?>> {
                 .DELETE()
                 .uri(new URI("http://localhost:" + testSuite.port + uriPath))
                 .header("Content-Type", "application/json")
-                .header("current-subject", ScenarioTest.RUN_AS_USER)
+                .header("Authorization", "Bearer " + ScenarioTest.RUN_AS_USER)
                 .timeout(seconds(10))
                 .build();
         final var response = client.send(request, BodyHandlers.ofString());

src/test/java/net/hostsharing/hsadminng/rbac/context/ContextIntegrationTests.java

@@ -9,6 +9,8 @@ import org.junit.jupiter.api.Tag;
 import org.junit.jupiter.api.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.autoconfigure.orm.jpa.DataJpaTest;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.test.context.bean.override.mockito.MockitoBean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.test.annotation.DirtiesContext;
@@ -66,6 +68,28 @@ class ContextIntegrationTests {
                 .containsExactly(context.fetchCurrentSubjectUuid());
     }
 
+    @Test
+    @Transactional
+    void assumeRoles() {
+        // given
+        final var authentication = new UsernamePasswordAuthenticationToken("superuser-fran@hostsharing.net", null, null);
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+
+        // when
+        context.assumeRoles("rbactest.package#yyy00:ADMIN");
+
+        // then
+        assertThat(context.fetchCurrentSubject()).
+                isEqualTo("superuser-fran@hostsharing.net");
+
+        assertThat(context.fetchCurrentSubjectUuid()).isNotNull();
+
+        assertThat(context.fetchAssumedRoles()).isEqualTo(Array.of("rbactest.package#yyy00:ADMIN"));
+
+        assertThat(context.fetchCurrentSubjectOrAssumedRolesUuids())
+                .containsExactly(context.fetchCurrentSubjectOrAssumedRolesUuids());
+    }
+
     @Test
     void defineWithoutCurrentSubjectButWithAssumedRoles() {
         // when

src/test/java/net/hostsharing/hsadminng/rbac/grant/RbacGrantControllerAcceptanceTest.java

@@ -66,7 +66,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
         void globalAdmin_withoutAssumedRole_canViewAllGrants() {
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/grants")
@@ -118,7 +118,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
         void globalAdmin_withAssumedPackageAdminRole_canViewPacketRelatedGrants() {
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", "rbactest.package#yyy00:ADMIN")
                     .port(port)
                 .when()
@@ -141,7 +141,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
         void packageAdmin_withoutAssumedRole_canViewPacketRelatedGrants() {
             RestAssured // @formatter:off
                 .given()
-                    .header("current-subject", "pac-admin-yyy00@yyy.example.com")
+                    .header("Authorization", "Bearer pac-admin-yyy00@yyy.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/grants")
@@ -387,7 +387,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
 
                 return RestAssured // @formatter:ff
                         .given()
-                        .header("current-subject", grantingSubject.currentSubject)
+                            .header("Authorization", "Bearer " + grantingSubject.currentSubject)
                             .header("assumed-roles", grantingSubject.assumedRole)
                             .contentType(ContentType.JSON)
                             .body("""
@@ -423,7 +423,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
 
                 return RestAssured // @formatter:ff
                         .given()
-                        .header("current-subject", currentSubject.currentSubject)
+                        .header("Authorization", "Bearer " + currentSubject.currentSubject)
                         .header("assumed-roles", currentSubject.assumedRole)
                         .contentType(ContentType.JSON)
                         .body("""
@@ -459,7 +459,7 @@ class RbacGrantControllerAcceptanceTest extends ContextBasedTest {
 
                 return RestAssured // @formatter:ff
                         .given()
-                        .header("current-subject", currentSubject.currentSubject)
+                        .header("Authorization", "Bearer " + currentSubject.currentSubject)
                         .header("assumed-roles", currentSubject.assumedRole)
                         .port(port)
                         .when()

src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerAcceptanceTest.java

@@ -40,7 +40,7 @@ class RbacRoleControllerAcceptanceTest {
         // @formatter:off
         RestAssured
             .given()
-                .header("current-subject", "superuser-alex@hostsharing.net")
+                .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                 .port(port)
             .when()
                 .get("http://localhost/api/rbac/roles")
@@ -65,7 +65,7 @@ class RbacRoleControllerAcceptanceTest {
         // @formatter:off
         RestAssured
             .given()
-                .header("current-subject", "superuser-alex@hostsharing.net")
+                .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                 .header("assumed-roles", "rbactest.package#yyy00:ADMIN")
                 .port(port)
             .when()
@@ -98,7 +98,7 @@ class RbacRoleControllerAcceptanceTest {
         // @formatter:off
         RestAssured
             .given()
-                .header("current-subject", "pac-admin-zzz00@zzz.example.com")
+                .header("Authorization", "Bearer pac-admin-zzz00@zzz.example.com")
                 .port(port)
             .when()
                 .get("http://localhost/api/rbac/roles")

src/test/java/net/hostsharing/hsadminng/rbac/role/RbacRoleControllerRestTest.java

@@ -69,7 +69,7 @@ class RbacRoleControllerRestTest {
         // when
         mockMvc.perform(MockMvcRequestBuilders
                         .get("/api/rbac/roles")
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .accept(MediaType.APPLICATION_JSON))
 
                 // then

src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerAcceptanceTest.java

@@ -86,7 +86,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@@ -104,7 +104,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", "rbactest.customer#yyy:ADMIN")
                     .port(port)
                 .when()
@@ -123,7 +123,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "customer-admin@yyy.example.com")
+                    .header("Authorization", "Bearer customer-admin@yyy.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@@ -141,7 +141,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "customer-admin@xxx.example.com")
+                    .header("Authorization", "Bearer customer-admin@xxx.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@@ -160,7 +160,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects")
@@ -185,7 +185,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects?name=pac-admin-zzz0")
@@ -205,7 +205,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", "rbactest.customer#yyy:ADMIN")
                     .port(port)
                 .when()
@@ -227,7 +227,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "customer-admin@yyy.example.com")
+                    .header("Authorization", "Bearer customer-admin@yyy.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects")
@@ -248,7 +248,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "pac-admin-xxx01@xxx.example.com")
+                    .header("Authorization", "Bearer pac-admin-xxx01@xxx.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects")
@@ -271,7 +271,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
@@ -300,7 +300,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "superuser-alex@hostsharing.net")
+                    .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                     .header("assumed-roles", "rbactest.customer#yyy:ADMIN")
                     .port(port)
                 .when()
@@ -330,7 +330,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "pac-admin-yyy00@yyy.example.com")
+                    .header("Authorization", "Bearer pac-admin-yyy00@yyy.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
@@ -359,7 +359,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             RestAssured
                 .given()
-                    .header("current-subject", "pac-admin-yyy00@yyy.example.com")
+                    .header("Authorization", "Bearer pac-admin-yyy00@yyy.example.com")
                     .port(port)
                 .when()
                     .get("http://localhost/api/rbac/subjects/" + givenUser.getUuid() + "/permissions")
@@ -383,7 +383,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             final var location = RestAssured
                     .given()
-                        .header("current-subject", givenUser.getName())
+                        .header("Authorization", "Bearer " + givenUser.getName())
                         .port(port)
                     .when()
                         .delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@@ -404,7 +404,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             final var location = RestAssured
                     .given()
-                        .header("current-subject", "customer-admin@xxx.example.com")
+                        .header("Authorization", "Bearer customer-admin@xxx.example.com")
                         .port(port)
                     .when()
                         .delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())
@@ -426,7 +426,7 @@ class RbacSubjectControllerAcceptanceTest {
             // @formatter:off
             final var location = RestAssured
                     .given()
-                        .header("current-subject", "superuser-alex@hostsharing.net")
+                        .header("Authorization", "Bearer superuser-alex@hostsharing.net")
                         .port(port)
                     .when()
                         .delete("http://localhost/api/rbac/subjects/" + givenUser.getUuid())

src/test/java/net/hostsharing/hsadminng/rbac/subject/RbacSubjectControllerRestTest.java

@@ -22,6 +22,7 @@ import static net.hostsharing.hsadminng.rbac.test.IsValidUuidMatcher.isUuidValid
 import static org.hamcrest.Matchers.is;
 import static org.mockito.ArgumentMatchers.argThat;
 import static org.mockito.Mockito.verify;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.header;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
@@ -62,6 +63,7 @@ class RbacSubjectControllerRestTest {
 
                 // then
                 .andExpect(status().isCreated())
+                .andExpect(header().string("Location", "http://localhost/api/rbac/subjects/" + givenUuid))
                 .andExpect(jsonPath("uuid", is(givenUuid.toString())));
 
         // then