Problem
The two-security-chain design (SDK API-key auth vs. Admin JWT auth) and the role-based PermissionService are flagged in CLAUDE.md as sensitive areas requiring extra care, but have zero test coverage:
security/JwtAuthenticationFilter (Admin chain, order=2)
security/ApiKeyAuthenticationFilter (SDK chain, order=1)
security/JwtTokenProvider
security/CustomUserDetailsService
service/impl/PermissionService — the OWNER / ADMIN / VIEWER role checks that gate every mutating operation
A regression in filter chain ordering, JWT validation, or a role-check bypass would currently fail silently — nothing in the suite would catch it.
Proposed changes
Why this matters
This is banking-adjacent infrastructure gating multi-tenant access control. CLAUDE.md already calls this out as the highest-risk area in the codebase — it should be the first place tests land.
Problem
The two-security-chain design (SDK API-key auth vs. Admin JWT auth) and the role-based
PermissionServiceare flagged in CLAUDE.md as sensitive areas requiring extra care, but have zero test coverage:security/JwtAuthenticationFilter(Admin chain, order=2)security/ApiKeyAuthenticationFilter(SDK chain, order=1)security/JwtTokenProvidersecurity/CustomUserDetailsServiceservice/impl/PermissionService— the OWNER / ADMIN / VIEWER role checks that gate every mutating operationA regression in filter chain ordering, JWT validation, or a role-check bypass would currently fail silently — nothing in the suite would catch it.
Proposed changes
JwtTokenProvider(valid/expired/malformed/tampered tokens)PermissionServicecovering each role (OWNER/ADMIN/VIEWER) against each mutating action it guards@WebMvcTest/MockMvc integration tests verifying:X-Environment-KeyApiKeyGenerator(format, length, uniqueness across generations)Why this matters
This is banking-adjacent infrastructure gating multi-tenant access control. CLAUDE.md already calls this out as the highest-risk area in the codebase — it should be the first place tests land.