We should create a system test that tries to access protected URLs with a JWT token. We should test the end points that support JWT authentication:
- AdminWeb /ejbca/adminweb/
- RA Web (/ejbca/ra)
- REST API
- Web Service
- Possibly other protocols that we add JWT Bearer token support to.
For generating the JWT token, we can re-use the code in WebAuthenticationProviderSessionUnitTest (note that there is also a system test, the JWT code is in the unit test).