Integration test module (it/) simulates a zero-code consumer of plate-auth-starter:
- TestConsumerApplication: minimal @SpringBootApplication
- AuthBootstrapIT: verifies all required beans are present + PermissiveOrgValidator default
- ExchangeFlowIT: full exchange flow (valid envelope → tokens, tampered sig → 401, replay → 401)
- PlateAuthFlywayMigrationIT: V1-V6 migration test (CI-only, requires Docker/Testcontainers)
Also adds:
- SecurityConfig: extracted from auto-config to separate @Configuration for proper bean ordering
- PlateAuthExceptionHandler: SecurityException → 401, IllegalArgument → 400
- PlateAuthFlywayConfig: @ConditionalOnProperty(plate.auth.flyway.enabled) for test flexibility
- @AutoConfigurationPackage for entity scanning from starter JAR
- @Order(-100) on SecurityFilterChain for priority over defaults
- CORS: allowedOriginPatterns(*) when no origins configured (dev-friendly)
All 5 tests green locally (2 Docker-dependent skipped without CI env).
Patrick Plate
9d314a49c6