From f79f7587a9c2943e6db4a450249b558dffa220ae Mon Sep 17 00:00:00 2001
From: holgerhagen <19706592+holgerhagen@users.noreply.github.com>
Date: Mon, 3 Aug 2020 16:11:22 +0200
Subject: [PATCH] TSK-1299: Added embedded LDAP to Wildfly example.

---
 ci/test.sh                                    |   2 +-
 pom.xml                                       |   7 +-
 .../security/SpringBootWebSecurityConfig.java | 180 ++++
 .../SpringBootWebSecurityConfig.java}         |   2 +-
 .../pom.xml                                   | 239 ++---
 .../wildfly/security/ElytronToJaasFilter.java |  65 +-
 .../wildfly/security/LogoutController.java    |  49 +
 .../security/WildflyWebSecurityConfig.java    | 161 +---
 .../src/main/resources/application.properties |  24 +-
 .../webapp/WEB-INF/classes/logging.properties |  49 -
 .../src/main/webapp/WEB-INF/jboss-web.xml     |   3 +-
 .../src/main/webapp/WEB-INF/web.xml           |  56 +-
 .../java/pro/taskana/TaskanaWildflyTest.java  | 108 ++-
 .../resources/application-postgres.properties |  46 +
 .../src/test/resources/application.properties |  31 +-
 .../src/test/resources/arquillian.xml         |  16 +
 .../src/test/resources/int-test-jboss-web.xml |   8 +
 .../test/resources/int-test-standalone.xml    | 849 ++++++++++++++++++
 .../src/test/resources/int-test-web.xml       |  41 +
 .../src/test/resources/module.xml             |  14 +
 .../src/test/resources/project-defaults.yml   |  19 -
 .../src/test/resources/taskana-test.ldif      | 258 ++++++
 22 files changed, 1798 insertions(+), 429 deletions(-)
 create mode 100644 rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java
 rename rest/taskana-rest-spring-example-common/src/{main/java/pro/taskana/rest/security/WebSecurityConfig.java => test/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java} (98%)
 create mode 100644 rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/LogoutController.java
 delete mode 100644 rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/classes/logging.properties
 create mode 100644 rest/taskana-rest-spring-example-wildfly/src/test/resources/application-postgres.properties
 create mode 100644 rest/taskana-rest-spring-example-wildfly/src/test/resources/arquillian.xml
 create mode 100644 rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-jboss-web.xml
 create mode 100644 rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-standalone.xml
 create mode 100644 rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-web.xml
 create mode 100644 rest/taskana-rest-spring-example-wildfly/src/test/resources/module.xml
 delete mode 100644 rest/taskana-rest-spring-example-wildfly/src/test/resources/project-defaults.yml
 create mode 100644 rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana-test.ldif

diff --git a/ci/test.sh b/ci/test.sh
index 2b1d03513..af8871c00 100755
--- a/ci/test.sh
+++ b/ci/test.sh
@@ -57,7 +57,7 @@ function main() {
     ### TEST ###
     mvn -q verify -B -f $REL/.. -Dmaven.javadoc.skip -Dcheckstyle.skip -pl :taskana-core
     # Same as above (H2) we can not use the fancy '-f' maven option
-    (cd $REL/.. && mvn -q verify -B -pl :taskana-rest-spring-example-wildfly -P postgres -Dmaven.javadoc.skip -Dcheckstyle.skip)
+    (cd $REL/.. && mvn -q verify -B -pl :taskana-rest-spring-example-wildfly -Ddb.type=postgres -Dmaven.javadoc.skip -Dcheckstyle.skip)
     ;;
   HISTORY)
     set -x
diff --git a/pom.xml b/pom.xml
index a136e63a8..bf3fe43f1 100644
--- a/pom.xml
+++ b/pom.xml
@@ -38,7 +38,8 @@
         <version.maven.resources>3.1.0</version.maven.resources>
         <version.maven.surefire>3.0.0-M5</version.maven.surefire>
         <version.maven.asciidoctor>1.6.0</version.maven.asciidoctor>
-        <version.maven.wildfly>2.0.2.Final</version.maven.wildfly>
+        <version.maven.clean>3.1.0</version.maven.clean>
+        <version.maven.dependency>3.1.2</version.maven.dependency>
 
         <!-- release dependencies -->
         <version.maven.gpg>1.6</version.maven.gpg>
@@ -50,14 +51,14 @@
         <version.spring.mybatis>2.0.5</version.spring.mybatis>
 
         <!-- wildfly dependencies -->
-        <version.wildfly>11.0.0.Final</version.wildfly>
+        <version.wildfly>13.0.0.Final</version.wildfly>
 
         <!-- java ee dependencies -->
         <version.resteasy>4.5.6.Final</version.resteasy>
         <version.thorntail>2.7.0.Final</version.thorntail>
-        <version.wildfly.security>1.12.1.Final</version.wildfly.security>
         <version.javaee-api>8.0.1</version.javaee-api>
         <version.arquillian>1.5.0.Final</version.arquillian>
+        <version.arquillian.managed.wildfly>2.2.0.Final</version.arquillian.managed.wildfly>
 
         <!-- test dependencies -->
         <version.archunit>0.14.1</version.archunit>
diff --git a/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java b/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java
new file mode 100644
index 000000000..28595e59d
--- /dev/null
+++ b/rest/taskana-rest-spring-example-boot/src/main/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java
@@ -0,0 +1,180 @@
+package pro.taskana.rest.security;
+
+import java.util.List;
+import java.util.Map;
+import java.util.function.Function;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
+import org.springframework.security.core.authority.mapping.SimpleAuthorityMapper;
+import org.springframework.security.ldap.DefaultSpringSecurityContextSource;
+import org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator;
+import org.springframework.security.ldap.userdetails.LdapAuthoritiesPopulator;
+import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+/** Default basic configuration for taskana web example. */
+@Configuration
+@EnableWebSecurity
+public class SpringBootWebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+  @Value("${taskana.ldap.serverUrl:ldap://localhost:10389}")
+  private String ldapServerUrl;
+
+  @Value("${taskana.ldap.baseDn:OU=Test,O=TASKANA}")
+  private String ldapBaseDn;
+
+  @Value("${taskana.ldap.groupSearchBase:cn=groups}")
+  private String ldapGroupSearchBase;
+
+  @Value("${taskana.ldap.userDnPatterns:uid={0},cn=users}")
+  private String ldapUserDnPatterns;
+
+  @Value("${taskana.ldap.groupSearchFilter:uniqueMember={0}}")
+  private String ldapGroupSearchFilter;
+
+  @Value("${devMode:false}")
+  private boolean devMode;
+
+  @Bean
+  public WebMvcConfigurer corsConfigurer() {
+    return new CorsWebMvcConfigurer();
+  }
+
+  @Bean
+  public FilterRegistrationBean<CorsFilter> corsFilter() {
+    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    CorsConfiguration config = new CorsConfiguration();
+    config.setAllowCredentials(true);
+    config.addAllowedOrigin("*");
+    config.addAllowedHeader("*");
+    config.addAllowedMethod("*");
+    source.registerCorsConfiguration("/**", config);
+    FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
+    bean.setOrder(0);
+    return bean;
+  }
+
+  @Bean
+  public DefaultSpringSecurityContextSource defaultSpringSecurityContextSource() {
+    return new DefaultSpringSecurityContextSource(ldapServerUrl + "/" + ldapBaseDn);
+  }
+
+  @Bean
+  public LdapAuthoritiesPopulator authoritiesPopulator() {
+    Function<Map<String, List<String>>, GrantedAuthority> authorityMapper =
+        record -> {
+          String role = record.get("spring.security.ldap.dn").get(0);
+          return new SimpleGrantedAuthority(role);
+        };
+
+    DefaultLdapAuthoritiesPopulator populator =
+        new DefaultLdapAuthoritiesPopulator(
+            defaultSpringSecurityContextSource(), ldapGroupSearchBase);
+    populator.setGroupSearchFilter(ldapGroupSearchFilter);
+    populator.setSearchSubtree(true);
+    populator.setRolePrefix("");
+    populator.setAuthorityMapper(authorityMapper);
+    return populator;
+  }
+
+  @Bean
+  public GrantedAuthoritiesMapper grantedAuthoritiesMapper() {
+    SimpleAuthorityMapper grantedAuthoritiesMapper = new SimpleAuthorityMapper();
+    grantedAuthoritiesMapper.setPrefix("");
+    return grantedAuthoritiesMapper;
+  }
+
+  @Override
+  public void configure(AuthenticationManagerBuilder auth) throws Exception {
+    auth.ldapAuthentication()
+        .userDnPatterns(ldapUserDnPatterns)
+        .groupSearchBase(ldapGroupSearchBase)
+        .ldapAuthoritiesPopulator(authoritiesPopulator())
+        .authoritiesMapper(grantedAuthoritiesMapper())
+        .contextSource()
+        .url(ldapServerUrl + "/" + ldapBaseDn)
+        .and()
+        .passwordCompare()
+        .passwordAttribute("userPassword");
+  }
+
+  @Override
+  protected void configure(HttpSecurity http) throws Exception {
+
+    http.authorizeRequests()
+        .antMatchers("/css/**", "/img/**")
+        .permitAll()
+        .and()
+        .csrf()
+        .disable()
+        .httpBasic()
+        .and()
+        .authorizeRequests()
+        .antMatchers(HttpMethod.GET, "/docs/**")
+        .permitAll()
+        .and()
+        .addFilter(jaasApiIntegrationFilter())
+        .addFilterAfter(new SpringSecurityToJaasFilter(), JaasApiIntegrationFilter.class);
+
+    if (devMode) {
+      http.headers()
+          .frameOptions()
+          .sameOrigin()
+          .and()
+          .authorizeRequests()
+          .antMatchers("/h2-console/**")
+          .permitAll();
+    } else {
+      addLoginPageConfiguration(http);
+    }
+  }
+
+  protected void addLoginPageConfiguration(HttpSecurity http) throws Exception {
+    http.authorizeRequests()
+        .anyRequest()
+        .fullyAuthenticated()
+        .and()
+        .formLogin()
+        .loginPage("/login")
+        .failureUrl("/login?error")
+        .defaultSuccessUrl("/")
+        .permitAll()
+        .and()
+        .logout()
+        .invalidateHttpSession(true)
+        .clearAuthentication(true)
+        .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
+        .logoutSuccessUrl("/login?logout")
+        .deleteCookies("JSESSIONID")
+        .permitAll();
+  }
+
+  protected JaasApiIntegrationFilter jaasApiIntegrationFilter() {
+    JaasApiIntegrationFilter filter = new JaasApiIntegrationFilter();
+    filter.setCreateEmptySubject(true);
+    return filter;
+  }
+
+  private static class CorsWebMvcConfigurer implements WebMvcConfigurer {
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+      registry.addMapping("/**").allowedOrigins("*");
+    }
+  }
+}
diff --git a/rest/taskana-rest-spring-example-common/src/main/java/pro/taskana/rest/security/WebSecurityConfig.java b/rest/taskana-rest-spring-example-common/src/test/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java
similarity index 98%
rename from rest/taskana-rest-spring-example-common/src/main/java/pro/taskana/rest/security/WebSecurityConfig.java
rename to rest/taskana-rest-spring-example-common/src/test/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java
index 8f0c2357f..b29461951 100644
--- a/rest/taskana-rest-spring-example-common/src/main/java/pro/taskana/rest/security/WebSecurityConfig.java
+++ b/rest/taskana-rest-spring-example-common/src/test/java/pro/taskana/rest/security/SpringBootWebSecurityConfig.java
@@ -30,7 +30,7 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 /** Default basic configuration for taskana web example. */
 @Configuration
 @EnableWebSecurity
-public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+public class SpringBootWebSecurityConfig extends WebSecurityConfigurerAdapter {
 
   @Value("${taskana.ldap.serverUrl:ldap://localhost:10389}")
   private String ldapServerUrl;
diff --git a/rest/taskana-rest-spring-example-wildfly/pom.xml b/rest/taskana-rest-spring-example-wildfly/pom.xml
index 2db793430..f3c65e3fd 100644
--- a/rest/taskana-rest-spring-example-wildfly/pom.xml
+++ b/rest/taskana-rest-spring-example-wildfly/pom.xml
@@ -15,24 +15,14 @@
         <relativePath>../pom.xml</relativePath>
     </parent>
 
-    <properties>
-        <skipIntegrationTests>true</skipIntegrationTests>
-        <!-- Default H2 DB configuration -->
-        <connection-url>jdbc:h2:mem:taskana;IGNORECASE=TRUE;LOCK_MODE=0</connection-url>
-        <driver-class>org.h2.Driver</driver-class>
-        <driver-name>h2</driver-name>
-        <user-name>sa</user-name>
-        <password>sa</password>
-    </properties>
-
     <dependencyManagement>
         <dependencies>
             <dependency>
-                <groupId>io.thorntail</groupId>
-                <artifactId>bom</artifactId>
-                <version>${version.thorntail}</version>
+                <groupId>org.wildfly.bom</groupId>
+                <artifactId>wildfly-javaee7</artifactId>
                 <scope>import</scope>
                 <type>pom</type>
+                <version>${version.wildfly}</version>
             </dependency>
             <dependency>
                 <groupId>org.jboss.arquillian</groupId>
@@ -70,10 +60,6 @@
             <scope>provided</scope>
         </dependency>
         <!-- https://mvnrepository.com/artifact/org.postgresql/postgresql -->
-        <dependency>
-            <groupId>org.postgresql</groupId>
-            <artifactId>postgresql</artifactId>
-        </dependency>
         <!-- https://mvnrepository.com/artifact/com.h2database/h2 -->
         <dependency>
             <groupId>com.h2database</groupId>
@@ -83,7 +69,7 @@
         <dependency>
             <groupId>org.wildfly.security</groupId>
             <artifactId>wildfly-elytron</artifactId>
-            <version>${version.wildfly.security}</version>
+            <scope>provided</scope>
         </dependency>
 
         <!-- test dependencies -->
@@ -95,14 +81,24 @@
         <dependency>
             <groupId>org.jboss.resteasy</groupId>
             <artifactId>resteasy-client</artifactId>
-            <version>${version.resteasy}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-test</artifactId>
             <scope>test</scope>
         </dependency>
         <!-- Brought in via WildFly Swarm bom -->
         <dependency>
-            <groupId>io.thorntail</groupId>
-            <artifactId>arquillian</artifactId>
-            <scope>test</scope>
+            <groupId>org.wildfly.arquillian</groupId>
+            <artifactId>wildfly-arquillian-container-managed</artifactId>
+            <version>${version.arquillian.managed.wildfly}</version>
+            <scope>provided</scope>
         </dependency>
         <!-- Brought in via Arquillian BOM, see dependencyManagement section 
             above -->
@@ -111,6 +107,11 @@
             <artifactId>arquillian-junit-container</artifactId>
             <scope>test</scope>
         </dependency>
+        <dependency>
+            <groupId>org.jboss.arquillian.protocol</groupId>
+            <artifactId>arquillian-protocol-servlet</artifactId>
+            <scope>test</scope>
+        </dependency>
         <dependency>
             <groupId>org.jboss.shrinkwrap.resolver</groupId>
             <artifactId>shrinkwrap-resolver-impl-maven</artifactId>
@@ -121,160 +122,67 @@
             <artifactId>shrinkwrap-resolver-api-maven</artifactId>
             <scope>test</scope>
         </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-test</artifactId>
-            <scope>test</scope>
-        </dependency>
     </dependencies>
 
-    <profiles>
-        <profile>
-            <id>postgres</id>
-            <activation>
-                <activeByDefault>false</activeByDefault>
-            </activation>
-            <!-- Reading properties from file and use then as data source 
-                properties is a pending improvement of Jboss development team check out -> 
-                https://issues.jboss.org/browse/WFMP-70 That's why we are including postgres 
-                connection properties directly in this pom file. -->
-            <properties>
-                <driver-class>org.postgresql.Driver</driver-class>
-                <connection-url>jdbc:postgresql://localhost:50102/postgres</connection-url>
-                <driver-name>postgresqldriver</driver-name>
-                <user-name>postgres</user-name>
-                <password>postgres</password>
-                <activatedProperties>postgres</activatedProperties>
-                <skipIntegrationTests>false</skipIntegrationTests>
-            </properties>
-        </profile>
-    </profiles>
-
     <build>
-        <resources>
-            <resource>
-                <directory>src/main/resources</directory>
-                <filtering>true</filtering>
-            </resource>
-        </resources>
         <plugins>
             <plugin>
-                <groupId>org.wildfly.plugins</groupId>
-                <artifactId>wildfly-maven-plugin</artifactId>
-                <version>${version.maven.wildfly}</version>
+                <artifactId>maven-clean-plugin</artifactId>
+                <version>${version.maven.clean}</version>
                 <configuration>
-                    <version>${version.wildfly}</version>
-                    <add-user>
-                        <users>
-                            <user>
-                                <username>admin</username>
-                                <password>admin</password>
-                            </user>
-                            <user>
-                                <username>admin</username>
-                                <password>admin</password>
-                                <groups>
-                                    <group>testGroup</group>
-                                </groups>
-                                <applicationUser>true</applicationUser>
-                            </user>
-                        </users>
-                    </add-user>
+                    <excludeDefaultDirectories>true</excludeDefaultDirectories>
+                    <filesets>
+                        <fileset>
+                            <directory>target</directory>
+                            <excludes>
+                                <exclude>wildfly-${version.wildfly}</exclude>
+                                <exclude>wildfly-${version.wildfly}/**</exclude>
+                            </excludes>
+                            <followSymlinks>false</followSymlinks>
+                        </fileset>
+                    </filesets>
                 </configuration>
+            </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <version>${version.maven.dependency}</version>
                 <executions>
                     <execution>
-                        <id>run-wildfly</id>
-                        <phase>install</phase>
+                        <id>unpack-wildfly</id>
+                        <phase>process-test-classes</phase>
                         <goals>
-                            <goal>start</goal>
-                        </goals>
-                    </execution>
-                    <!-- Deploy the JDBC library in JBoss -->
-                    <execution>
-                        <id>deploy-driver</id>
-                        <phase>install</phase>
-                        <configuration>
-                            <groupId>org.postgresql</groupId>
-                            <artifactId>postgresql</artifactId>
-                            <name>postgresqldriver</name>
-                        </configuration>
-                        <goals>
-                            <goal>deploy-artifact</goal>
-                        </goals>
-                    </execution>
-                    <!-- Add a data source -->
-                    <execution>
-                        <id>add-datasource</id>
-                        <phase>install</phase>
-                        <configuration>
-                            <address>subsystem=datasources,data-source=java:/TaskanaDS</address>
-                            <resources>
-                                <resource>
-                                    <properties>
-                                        <jndi-name>java:/TaskanaDS</jndi-name>
-                                        <enabled>true</enabled>
-                                        <connection-url>${connection-url}</connection-url>
-                                        <driver-class>${driver-class}</driver-class>
-                                        <driver-name>${driver-name}</driver-name>
-                                        <user-name>${user-name}</user-name>
-                                        <password>${password}</password>
-                                    </properties>
-                                </resource>
-                            </resources>
-                        </configuration>
-                        <goals>
-                            <goal>add-resource</goal>
-                        </goals>
-                    </execution>
-                    <execution>
-                        <id>edit-undertow</id>
-                        <phase>install</phase>
-                        <goals>
-                            <goal>execute-commands</goal>
+                            <goal>unpack</goal>
                         </goals>
                         <configuration>
-                            <commands>
-                                <command>/subsystem=undertow:write-attribute(name=default-server,value=default-server)</command>
-                                <command>/subsystem=undertow:write-attribute(name=default-virtual-host,value=default-host)</command>
-                                <command>/subsystem=undertow:write-attribute(name=default-servlet-container,value=default)</command>
-                                <command>/subsystem=undertow:write-attribute(name=default-security-domain,value=ApplicationDomain)</command>
-                            </commands>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.wildfly</groupId>
+                                    <artifactId>wildfly-dist</artifactId>
+                                    <version>${version.wildfly}</version>
+                                    <type>zip</type>
+                                    <overWrite>false</overWrite>
+                                    <outputDirectory>${project.build.directory}</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
                         </configuration>
                     </execution>
                     <execution>
-                        <id>add-application-security-domain</id>
-                        <phase>install</phase>
+                        <id>copy-postgres-db-driver</id>
+                        <phase>process-test-classes</phase>
                         <goals>
-                            <goal>add-resource</goal>
+                            <goal>copy</goal>
                         </goals>
                         <configuration>
-                            <address>subsystem=undertow</address>
-                            <resources>
-                                <resource>
-                                    <address>application-security-domain=ApplicationDomain</address>
-                                    <properties>
-                                        <http-authentication-factory>application-http-authentication</http-authentication-factory>
-                                    </properties>
-                                </resource>
-                            </resources>
+                            <artifactItems>
+                                <artifactItem>
+                                    <groupId>org.postgresql</groupId>
+                                    <artifactId>postgresql</artifactId>
+                                    <outputDirectory>${project.build.directory}/wildfly-${version.wildfly}/modules/system/layers/base/org/postgresql/main</outputDirectory>
+                                </artifactItem>
+                            </artifactItems>
                         </configuration>
                     </execution>
-                    <!-- Deploy the application on install -->
-                    <execution>
-                        <id>wildfly-deploy</id>
-                        <phase>install</phase>
-                        <goals>
-                            <goal>deploy</goal>
-                        </goals>
-                    </execution>
-                    <!-- shutdown the application on install -->
-                    <execution>
-                        <id>wildfly-shutdown</id>
-                        <phase>install</phase>
-                        <goals>
-                            <goal>shutdown</goal>
-                        </goals>
-                    </execution>
                 </executions>
             </plugin>
             <plugin>
@@ -295,7 +203,6 @@
                             <goal>test</goal>
                         </goals>
                         <configuration>
-                            <skip>${skipIntegrationTests}</skip>
                             <includes>
                                 <include>**/*Test.java</include>
                             </includes>
@@ -308,6 +215,24 @@
                 <artifactId>maven-resources-plugin</artifactId>
                 <version>${version.maven.resources}</version>
                 <executions>
+                    <execution>
+                        <id>copy-module-xml</id>
+                        <phase>process-test-classes</phase>
+                        <goals>
+                            <goal>copy-resources</goal>
+                        </goals>
+                        <configuration>
+                            <outputDirectory>${project.build.directory}/wildfly-${version.wildfly}/modules/system/layers/base/org/postgresql/main</outputDirectory>
+                            <resources>
+                                <resource>
+                                    <directory>src/test/resources</directory>
+                                    <includes>
+                                        <include>module.xml</include>
+                                    </includes>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
                     <execution>
                         <id>copy-documentation-to-static-folder</id>
                         <phase>prepare-package</phase>
diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java b/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java
index 83b9cd404..098fbbc02 100644
--- a/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java
+++ b/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/ElytronToJaasFilter.java
@@ -7,8 +7,6 @@ import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.filter.GenericFilterBean;
 import org.wildfly.security.auth.server.SecurityDomain;
 import org.wildfly.security.auth.server.SecurityIdentity;
@@ -24,52 +22,45 @@ public class ElytronToJaasFilter extends GenericFilterBean {
       throws IOException, ServletException {
     SecurityIdentity securityIdentity = getSecurityIdentity();
     if (securityIdentity != null) {
-      Roles roles = securityIdentity.getRoles();
-      Subject subject = obtainSubject(request);
-      if (subject != null) {
-        if (subject.getPrincipals().size() == 0) {
-          subject.getPrincipals().add(securityIdentity.getPrincipal());
-        }
-        if (subject.getPrincipals(GroupPrincipal.class).size() == 0) {
-          roles.forEach(role -> subject.getPrincipals().add(new GroupPrincipal(role)));
-        }
-      }
+      applySecurityIdentityToSubject(securityIdentity);
     }
     chain.doFilter(request, response);
   }
 
-  /**
-   * Obtains the <code>Subject</code> to run as or <code>null</code> if no <code>Subject</code> is
-   * available.
-   *
-   * <p>The default implementation attempts to obtain the <code>Subject</code> from the <code>
-   * SecurityContext</code>'s <code>Authentication</code>. If it is of type <code>
-   * JaasAuthenticationToken</code> and is authenticated, the <code>Subject</code> is returned from
-   * it. Otherwise, <code>null</code> is returned.
-   *
-   * @param request the current <code>ServletRequest</code>
-   * @return the Subject to run as or <code>null</code> if no <code>Subject</code> is available.
-   */
-  protected Subject obtainSubject(ServletRequest request) {
-    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
-    if (logger.isDebugEnabled()) {
-      logger.debug("Attempting to obtainSubject using authentication : " + authentication);
-    }
-    if (authentication == null) {
-      return null;
-    }
-    if (!authentication.isAuthenticated()) {
-      return null;
+  private void applySecurityIdentityToSubject(SecurityIdentity securityIdentity) {
+    Roles roles = securityIdentity.getRoles();
+    Subject subject = obtainSubject();
+    if (subject != null) {
+      if (subject.getPrincipals().size() == 0) {
+        subject.getPrincipals().add(securityIdentity.getPrincipal());
+      }
+      if (subject.getPrincipals(GroupPrincipal.class).size() == 0) {
+        roles.forEach(role -> subject.getPrincipals().add(new GroupPrincipal(role)));
+      }
+      if (logger.isDebugEnabled()) {
+        logger.debug("Current JAAS subject after applying Elytron SecurityIdentity: " + subject);
+      }
     }
+  }
 
-    return Subject.getSubject(AccessController.getContext());
+  private Subject obtainSubject() {
+    Subject subject = Subject.getSubject(AccessController.getContext());
+    if (logger.isDebugEnabled()) {
+      logger.debug("Current JAAS subject: " + subject);
+    }
+    return subject;
   }
 
   private SecurityIdentity getSecurityIdentity() {
     SecurityDomain current = SecurityDomain.getCurrent();
+    SecurityIdentity identity = null;
     if (current != null) {
-      return current.getCurrentSecurityIdentity();
+      identity = current.getCurrentSecurityIdentity();
     }
-    return null;
+    if (logger.isDebugEnabled()) {
+      logger.debug("Current Elytron SecurityIdentity: " + identity);
+    }
+
+    return identity;
   }
 }
diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/LogoutController.java b/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/LogoutController.java
new file mode 100644
index 000000000..fa6905ebb
--- /dev/null
+++ b/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/LogoutController.java
@@ -0,0 +1,49 @@
+package pro.taskana.wildfly.security;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.servlet.view.RedirectView;
+
+/** The logout controller. */
+@Controller
+public class LogoutController {
+
+  private static final Logger LOGGER = LoggerFactory.getLogger(LogoutController.class);
+
+  @GetMapping(path = "/logout")
+  public RedirectView loginErrorGet(HttpServletRequest request) {
+    return logout(request);
+  }
+
+  @PostMapping(path = "/logout")
+  public RedirectView loginErrorPost(HttpServletRequest request) {
+    return logout(request);
+  }
+
+  public RedirectView logout(HttpServletRequest request) {
+
+    if (LOGGER.isDebugEnabled()) {
+      LOGGER.debug("Logging out...");
+    }
+
+    if (request.getSession(false) != null) {
+      request.getSession(false).invalidate(); // remove session.
+    }
+    if (request.getSession() != null) {
+      request.getSession().invalidate(); // remove session.
+    }
+
+    try {
+      request.logout();
+    } catch (ServletException e) {
+      LOGGER.warn("Exception caught while logging out: {}", e.getMessage());
+    }
+
+    return new RedirectView("/", true);
+  }
+}
diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/WildflyWebSecurityConfig.java b/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/WildflyWebSecurityConfig.java
index db33a796b..b0ed2b225 100644
--- a/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/WildflyWebSecurityConfig.java
+++ b/rest/taskana-rest-spring-example-wildfly/src/main/java/pro/taskana/wildfly/security/WildflyWebSecurityConfig.java
@@ -1,29 +1,17 @@
 package pro.taskana.wildfly.security;
 
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.List;
-import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.core.annotation.Order;
-import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.core.Authentication;
-import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.core.userdetails.AuthenticationUserDetailsService;
-import org.springframework.security.core.userdetails.UserDetails;
-import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider;
-import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
-import org.springframework.security.web.authentication.preauth.j2ee.J2eePreAuthenticatedProcessingFilter;
-import org.wildfly.security.auth.server.SecurityDomain;
-import org.wildfly.security.auth.server.SecurityIdentity;
-import org.wildfly.security.authz.Roles;
-
-import pro.taskana.rest.security.WebSecurityConfig;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.web.jaasapi.JaasApiIntegrationFilter;
+import org.springframework.web.cors.CorsConfiguration;
+import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
+import org.springframework.web.filter.CorsFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 /**
  * Default basic configuration for taskana web example running on Wildfly / JBoss with Elytron or
@@ -31,111 +19,46 @@ import pro.taskana.rest.security.WebSecurityConfig;
  */
 @Configuration
 @EnableWebSecurity
-@Order(1)
-public class WildflyWebSecurityConfig extends WebSecurityConfig {
-
-  @Value("${devMode:false}")
-  private boolean devMode;
+public class WildflyWebSecurityConfig extends WebSecurityConfigurerAdapter {
 
   @Bean
-  public J2eePreAuthenticatedProcessingFilter preAuthFilter() {
-    J2eePreAuthenticatedProcessingFilter filter = new J2eePreAuthenticatedProcessingFilter();
-    filter.setAuthenticationManager(preAuthManager());
+  public WebMvcConfigurer corsConfigurer() {
+    return new CorsWebMvcConfigurer();
+  }
+
+  @Bean
+  public FilterRegistrationBean<CorsFilter> corsFilter() {
+    final UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
+    CorsConfiguration config = new CorsConfiguration();
+    config.setAllowCredentials(true);
+    config.addAllowedOrigin("*");
+    config.addAllowedHeader("*");
+    config.addAllowedMethod("*");
+    source.registerCorsConfiguration("/**", config);
+    FilterRegistrationBean<CorsFilter> bean = new FilterRegistrationBean<>(new CorsFilter(source));
+    bean.setOrder(0);
+    return bean;
+  }
+
+  @Override
+  protected void configure(HttpSecurity http) throws Exception {
+    http.addFilter(jaasApiIntegrationFilter())
+        .addFilterAfter(new ElytronToJaasFilter(), JaasApiIntegrationFilter.class)
+        .csrf()
+        .disable();
+  }
+
+  protected JaasApiIntegrationFilter jaasApiIntegrationFilter() {
+    JaasApiIntegrationFilter filter = new JaasApiIntegrationFilter();
+    filter.setCreateEmptySubject(true);
     return filter;
   }
 
-  @Bean
-  public AuthenticationManager preAuthManager() {
-    return new AuthenticationManager() {
-
-      @Override
-      public Authentication authenticate(Authentication authentication)
-          throws AuthenticationException {
-        return preauthAuthProvider().authenticate(authentication);
-      }
-    };
-  }
-
-  @Bean
-  public PreAuthenticatedAuthenticationProvider preauthAuthProvider() {
-    PreAuthenticatedAuthenticationProvider preauthAuthProvider =
-        new PreAuthenticatedAuthenticationProvider();
-    preauthAuthProvider.setPreAuthenticatedUserDetailsService(authenticationUserDetailsService());
-    return preauthAuthProvider;
-  }
-
-  @Bean
-  public AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken>
-      authenticationUserDetailsService() {
-    return new PreAuthenticatedAuthenticationTokenAuthenticationUserDetailsService();
-  }
-
-  private static class PreAuthenticatedAuthenticationTokenAuthenticationUserDetailsService
-      implements AuthenticationUserDetailsService<PreAuthenticatedAuthenticationToken> {
+  private static class CorsWebMvcConfigurer implements WebMvcConfigurer {
 
     @Override
-    public UserDetails loadUserDetails(PreAuthenticatedAuthenticationToken token)
-        throws UsernameNotFoundException {
-      return new MyUserDetails(token);
-    }
-
-    private static class MyUserDetails implements UserDetails {
-
-      private static final long serialVersionUID = 1L;
-      private final PreAuthenticatedAuthenticationToken token;
-
-      public MyUserDetails(PreAuthenticatedAuthenticationToken token) {
-        this.token = token;
-      }
-
-      @Override
-      public Collection<? extends GrantedAuthority> getAuthorities() {
-        List<GrantedAuthority> authorities = new ArrayList<>();
-        SecurityIdentity securityIdentity = getSecurityIdentity();
-        if (securityIdentity != null) {
-          Roles roles = securityIdentity.getRoles();
-          roles.forEach(role -> authorities.add(new SimpleGrantedAuthority(role)));
-        }
-        return authorities;
-      }
-
-      @Override
-      public String getPassword() {
-        return (String) token.getCredentials();
-      }
-
-      @Override
-      public String getUsername() {
-        return token.getName();
-      }
-
-      @Override
-      public boolean isAccountNonExpired() {
-        return true;
-      }
-
-      @Override
-      public boolean isAccountNonLocked() {
-        return true;
-      }
-
-      @Override
-      public boolean isCredentialsNonExpired() {
-        return true;
-      }
-
-      @Override
-      public boolean isEnabled() {
-        return true;
-      }
-
-      private SecurityIdentity getSecurityIdentity() {
-        SecurityDomain current = SecurityDomain.getCurrent();
-        if (current != null) {
-          return current.getCurrentSecurityIdentity();
-        }
-        return null;
-      }
+    public void addCorsMappings(CorsRegistry registry) {
+      registry.addMapping("/**").allowedOrigins("*");
     }
   }
 }
diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/resources/application.properties b/rest/taskana-rest-spring-example-wildfly/src/main/resources/application.properties
index 70f050fbc..a3f4c6ad2 100644
--- a/rest/taskana-rest-spring-example-wildfly/src/main/resources/application.properties
+++ b/rest/taskana-rest-spring-example-wildfly/src/main/resources/application.properties
@@ -5,27 +5,29 @@ taskana.schemaName=TASKANA
 
 ####### properties to connect to LDAP
 taskana.ldap.serverUrl=ldap://localhost:10389
-taskana.ldap.bindDn=uid=admin,ou=system
+taskana.ldap.bindDn=uid=admin
 taskana.ldap.bindPassword=secret
-taskana.ldap.baseDn=o=TaskanaTest
-####### properties that control search for users and groups
-taskana.ldap.userSearchBase=ou=people
+taskana.ldap.baseDn=ou=Test,O=TASKANA
+taskana.ldap.userSearchBase=cn=users
 taskana.ldap.userSearchFilterName=objectclass
 taskana.ldap.userSearchFilterValue=person
 taskana.ldap.userFirstnameAttribute=givenName
 taskana.ldap.userLastnameAttribute=sn
 taskana.ldap.userIdAttribute=uid
-taskana.ldap.groupSearchBase=ou=groups
+taskana.ldap.groupSearchBase=
 taskana.ldap.groupSearchFilterName=objectclass
-taskana.ldap.groupSearchFilterValue=groupOfUniqueNames
+taskana.ldap.groupSearchFilterValue=groupofuniquenames
 taskana.ldap.groupNameAttribute=cn
 taskana.ldap.minSearchForLength=3
 taskana.ldap.maxNumberOfReturnedAccessIds=50
-taskana.ldap.groupsOfUser=memberUid
+taskana.ldap.groupsOfUser=uniquemember
+
 ####### JobScheduler cron expression that specifies when the JobSchedler runs
 taskana.jobscheduler.async.cron=0 * * * * *
+
 ####### cache static resources properties
 spring.resources.cache.cachecontrol.cache-private=true
+
 ####### for upload of big workbasket- or classification-files
 spring.servlet.multipart.max-file-size=10MB
 spring.servlet.multipart.max-request-size=10MB
@@ -38,3 +40,11 @@ server.tomcat.max-swallow-size=-1
 ####### tomcat is not detecting the x-forward headers from bluemix as a trustworthy proxy
 server.tomcat.remoteip.internal-proxies=.*
 server.forward-headers-strategy=native
+
+# Embedded Spring LDAP server
+spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
+spring.ldap.embedded.credential.username= uid=admin
+spring.ldap.embedded.credential.password= secret
+spring.ldap.embedded.ldif=classpath:taskana-example.ldif
+spring.ldap.embedded.port= 10389
+spring.ldap.embedded.validation.enabled=false
diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/classes/logging.properties b/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/classes/logging.properties
deleted file mode 100644
index fff4dd26a..000000000
--- a/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/classes/logging.properties
+++ /dev/null
@@ -1,49 +0,0 @@
-# Note this file has been generated and will be overwritten if a
-# logging subsystem has been defined in the XML configuration.
-
-
-# Additional loggers to configure (the root logger is always configured)
-loggers=sun.rmi,org.jboss.as.config,com.arjuna,org.springframework,pro.taskana
-
-logger.level=INFO
-logger.handlers=FILE,CONSOLE
-
-logger.org.springframework.level=INFO
-logger.org.springframework.useParentHandlers=true
-
-logger.pro.taskana.level=INFO
-logger.pro.taskana.useParentHandlers=true
-
-logger.sun.rmi.level=WARN
-logger.sun.rmi.useParentHandlers=true
-
-logger.org.jboss.as.config.level=WARN
-logger.org.jboss.as.config.useParentHandlers=true
-
-logger.com.arjuna.level=WARN
-logger.com.arjuna.useParentHandlers=true
-
-handler.CONSOLE=org.jboss.logmanager.handlers.ConsoleHandler
-handler.CONSOLE.formatter=COLOR-PATTERN
-handler.CONSOLE.properties=autoFlush,target,enabled
-handler.CONSOLE.autoFlush=true
-handler.CONSOLE.target=SYSTEM_OUT
-handler.CONSOLE.enabled=true
-
-handler.FILE=org.jboss.logmanager.handlers.PeriodicRotatingFileHandler
-handler.FILE.formatter=PATTERN
-handler.FILE.properties=append,autoFlush,enabled,suffix,fileName
-handler.FILE.constructorProperties=fileName,append
-handler.FILE.append=true
-handler.FILE.autoFlush=true
-handler.FILE.enabled=true
-handler.FILE.suffix=.yyyy-MM-dd
-handler.FILE.fileName=${project.buildDir}/taskana/rest/taskana-rest-spring-example-wildfly/target/wildfly-11.0.0.Final/standalone/log/server.log
-
-formatter.PATTERN=org.jboss.logmanager.formatters.PatternFormatter
-formatter.PATTERN.properties=pattern
-formatter.PATTERN.pattern=%d{yyyy-MM-dd HH\:mm\:ss,SSS} %-5p [%c] (%t) %s%e%n
-
-formatter.COLOR-PATTERN=org.jboss.logmanager.formatters.PatternFormatter
-formatter.COLOR-PATTERN.properties=pattern
-formatter.COLOR-PATTERN.pattern=%K{level}%d{HH\:mm\:ss,SSS} %-5p [%c] (%t) %s%e%n
diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/jboss-web.xml b/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/jboss-web.xml
index d4a965ce8..ada1b1905 100644
--- a/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/jboss-web.xml
+++ b/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/jboss-web.xml
@@ -4,4 +4,5 @@
 		   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 		   xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_7_2.xsd">
 	<context-root>/taskana</context-root>
-</jboss-web>
\ No newline at end of file
+    <security-domain>taskanaApplicationDomain</security-domain>
+</jboss-web>
diff --git a/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/web.xml b/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/web.xml
index a415719e8..ddef49be3 100644
--- a/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/web.xml
+++ b/rest/taskana-rest-spring-example-wildfly/src/main/webapp/WEB-INF/web.xml
@@ -1,15 +1,45 @@
-<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"
-		 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-		 xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
+<web-app version="3.1"
+    xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
   http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
 
-	<display-name>TaskanaRestWildflySpring</display-name>
-
-	<login-config>
-		<auth-method>FORM</auth-method>
-		<form-login-config>
-			<form-login-page>/login</form-login-page>
-			<form-error-page>/loginerror</form-error-page>
-		</form-login-config>
-	</login-config>
-</web-app>
\ No newline at end of file
+    <display-name>TaskanaRestWildflySpring</display-name>
+    <session-config>
+        <tracking-mode>COOKIE</tracking-mode>
+    </session-config>
+    <welcome-file-list>
+        <welcome-file>index.html</welcome-file>
+    </welcome-file-list>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>taskana-web</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Public</web-resource-name>
+            <url-pattern>/css/main.css</url-pattern>
+            <url-pattern>/css/bootstrap/4.1.3/bootstrap.min.css</url-pattern>
+            <url-pattern>/css/bootstrap/4.1.3/bootstrap.min.css.map</url-pattern>
+            <url-pattern>/img/logo.png</url-pattern>
+            <url-pattern>/logout</url-pattern>
+        </web-resource-collection>
+        <!-- No auth-constraint means everybody has access! -->
+    </security-constraint>
+    <security-role>
+        <role-name>*</role-name>
+    </security-role>
+    <login-config>
+        <auth-method>FORM</auth-method>
+        <realm-name>taskanaApplicationDomain</realm-name>
+        <form-login-config>
+            <form-login-page>/login</form-login-page>
+            <form-error-page>/login?error</form-error-page>
+        </form-login-config>
+    </login-config>
+</web-app>
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/java/pro/taskana/TaskanaWildflyTest.java b/rest/taskana-rest-spring-example-wildfly/src/test/java/pro/taskana/TaskanaWildflyTest.java
index 8b165f84f..a4f81b648 100644
--- a/rest/taskana-rest-spring-example-wildfly/src/test/java/pro/taskana/TaskanaWildflyTest.java
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/java/pro/taskana/TaskanaWildflyTest.java
@@ -1,10 +1,16 @@
 package pro.taskana;
 
+import static org.assertj.core.api.Assertions.assertThat;
 import static org.junit.Assert.assertEquals;
 
 import com.fasterxml.jackson.databind.DeserializationFeature;
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jdk8.Jdk8Module;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import com.fasterxml.jackson.module.paramnames.ParameterNamesModule;
 import java.io.File;
+import java.util.ArrayList;
 import java.util.Collections;
 import org.jboss.arquillian.container.test.api.Deployment;
 import org.jboss.arquillian.container.test.api.RunAsClient;
@@ -15,17 +21,22 @@ import org.jboss.shrinkwrap.api.spec.WebArchive;
 import org.jboss.shrinkwrap.resolver.api.maven.Maven;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.core.ParameterizedTypeReference;
+import org.springframework.hateoas.MediaTypes;
+import org.springframework.hateoas.mediatype.hal.Jackson2HalModule;
 import org.springframework.http.HttpEntity;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
-import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.web.client.RestTemplate;
 
+import pro.taskana.common.rest.models.AccessIdRepresentationModel;
 import pro.taskana.common.rest.models.TaskanaUserInfoRepresentationModel;
+import pro.taskana.task.rest.models.TaskRepresentationModel;
 
 /**
  * This test class is configured to run with postgres DB if you want to run it with h2 it is needed.
@@ -34,9 +45,22 @@ import pro.taskana.common.rest.models.TaskanaUserInfoRepresentationModel;
 @RunWith(Arquillian.class)
 public class TaskanaWildflyTest {
 
+  private static final Logger LOGGER = LoggerFactory.getLogger(TaskanaWildflyTest.class);
+
+  public static final String AUTHORIZATION_TEAMLEAD_1 = "Basic dGVhbWxlYWQtMTp0ZWFtbGVhZC0x";
+
   @Deployment(testable = false)
   public static Archive<?> createTestArchive() {
 
+    String applicationPropertyFile = "application.properties";
+    String dbType = System.getProperty("db.type");
+    if (dbType != null && !dbType.isEmpty()) {
+      applicationPropertyFile = "application-" + dbType + ".properties";
+    }
+
+    LOGGER.info(
+        "Running with db.type '{}' and using property file '{}'", dbType, applicationPropertyFile);
+
     File[] files =
         Maven.resolver()
             .loadPomFromFile("pom.xml")
@@ -48,35 +72,95 @@ public class TaskanaWildflyTest {
     return ShrinkWrap.create(WebArchive.class, "taskana.war")
         .addPackages(true, "pro.taskana")
         .addAsResource("taskana.properties")
-        .addAsResource("application.properties")
-        .addAsResource("project-defaults.yml")
+        .addAsResource(applicationPropertyFile, "application.properties")
+        .addAsResource("taskana-test.ldif")
+        .addAsWebInfResource("int-test-web.xml", "web.xml")
+        .addAsWebInfResource("int-test-jboss-web.xml", "jboss-web.xml")
         .addAsLibraries(files);
   }
 
   @Test
   @RunAsClient
-  public void shouldGetStatusOK() {
-
-    HttpHeaders headers = new HttpHeaders();
-    HttpEntity<String> request = new HttpEntity<>(headers);
+  public void should_ReturnUserInformationForAuthenticatedUser_IfRequested() {
+    HttpEntity<String> httpEntity = new HttpEntity<>(getHeadersTeamlead_1());
     ResponseEntity<TaskanaUserInfoRepresentationModel> response =
         getRestTemplate()
             .exchange(
-                "http://127.0.0.1:" + "8090" + "/api/v1/current-user-info",
+                "http://127.0.0.1:" + "8080" + "/taskana/api/v1/current-user-info",
                 HttpMethod.GET,
-                request,
+                httpEntity,
                 ParameterizedTypeReference.forType(TaskanaUserInfoRepresentationModel.class));
     assertEquals(HttpStatus.OK, response.getStatusCode());
+    TaskanaUserInfoRepresentationModel currentUser = response.getBody();
+    assertEquals("teamlead-1", currentUser.getUserId());
+    assertEquals(4, currentUser.getGroupIds().size());
+    assertEquals(3, currentUser.getRoles().size());
   }
 
-  private RestTemplate getRestTemplate() {
+  @Test
+  @RunAsClient
+  public void should_ReturnUserFromLdap_WhenWildcardSearchIsConducted() {
+    HttpEntity<String> httpEntity = new HttpEntity<>(getHeadersTeamlead_1());
+    ResponseEntity<AccessIdListResource> response =
+        getRestTemplate()
+            .exchange(
+                "http://127.0.0.1:8080/taskana/api/v1/access-ids?search-for=rig",
+                HttpMethod.GET,
+                httpEntity,
+                ParameterizedTypeReference.forType(AccessIdListResource.class));
+    assertEquals(HttpStatus.OK, response.getStatusCode());
+    AccessIdListResource accessIdList = response.getBody();
+    assertEquals(2, accessIdList.size());
+  }
+
+  @Test
+  @RunAsClient
+  public void should_ReturnTask_WhenRequested() {
+    HttpEntity<String> httpEntity = new HttpEntity<>(getHeadersTeamlead_1());
+    ResponseEntity<TaskRepresentationModel> response =
+        getRestTemplate()
+            .exchange(
+                "http://127.0.0.1:8080/taskana/api/v1/tasks/TKI:000000000000000000000000000000000001",
+                HttpMethod.GET,
+                httpEntity,
+                ParameterizedTypeReference.forType(TaskRepresentationModel.class));
+    assertEquals(HttpStatus.OK, response.getStatusCode());
+    assertThat(response.getBody()).isNotNull();
+  }
+
+  /**
+   * Return a REST template which is capable of dealing with responses in HAL format.
+   *
+   * @return RestTemplate
+   */
+  private static RestTemplate getRestTemplate() {
     ObjectMapper mapper = new ObjectMapper();
     mapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+    mapper.configure(SerializationFeature.FAIL_ON_EMPTY_BEANS, false);
+    mapper.registerModule(new Jackson2HalModule());
+    mapper
+        .registerModule(new ParameterNamesModule())
+        .registerModule(new Jdk8Module())
+        .registerModule(new JavaTimeModule());
 
     MappingJackson2HttpMessageConverter converter = new MappingJackson2HttpMessageConverter();
-    converter.setSupportedMediaTypes(MediaType.parseMediaTypes("application/json"));
+    converter.setSupportedMediaTypes(Collections.singletonList(MediaTypes.HAL_JSON));
     converter.setObjectMapper(mapper);
 
-    return new RestTemplate(Collections.singletonList(converter));
+    RestTemplate template = new RestTemplate();
+    // important to add first to ensure priority
+    template.getMessageConverters().add(0, converter);
+    return template;
+  }
+
+  private HttpHeaders getHeadersTeamlead_1() {
+    HttpHeaders headers = new HttpHeaders();
+    headers.add("Authorization", AUTHORIZATION_TEAMLEAD_1);
+    headers.add("Content-Type", "application/json");
+    return headers;
+  }
+
+  static class AccessIdListResource extends ArrayList<AccessIdRepresentationModel> {
+    private static final long serialVersionUID = 1L;
   }
 }
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/application-postgres.properties b/rest/taskana-rest-spring-example-wildfly/src/test/resources/application-postgres.properties
new file mode 100644
index 000000000..df080c351
--- /dev/null
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/application-postgres.properties
@@ -0,0 +1,46 @@
+logging.level.pro.taskana=DEBUG
+logging.level.org.springframework=DEBUG
+
+######## Taskana DB #######
+datasource.jndi=java:/TaskanaDS/PostgreSQL
+taskana.schemaName=taskana
+
+devMode=true
+
+####### properties to connect to LDAP
+taskana.ldap.serverUrl=ldap://localhost:10389
+taskana.ldap.bindDn=uid=admin
+taskana.ldap.bindPassword=secret
+taskana.ldap.baseDn=ou=Test,O=TASKANA
+taskana.ldap.userSearchBase=cn=users
+taskana.ldap.userSearchFilterName=objectclass
+taskana.ldap.userSearchFilterValue=person
+taskana.ldap.userFirstnameAttribute=givenName
+taskana.ldap.userLastnameAttribute=sn
+taskana.ldap.userIdAttribute=uid
+taskana.ldap.groupSearchBase=
+taskana.ldap.groupSearchFilterName=objectclass
+taskana.ldap.groupSearchFilterValue=groupOfUniqueNames
+taskana.ldap.groupNameAttribute=cn
+taskana.ldap.minSearchForLength=3
+taskana.ldap.maxNumberOfReturnedAccessIds=50
+taskana.ldap.groupsOfUser=uniquemember
+
+####### JobScheduler cron expression that specifies when the JobSchedler runs
+taskana.jobscheduler.async.cron=0 * * * * *
+
+####### cache static resources propertiesgit add --
+spring.resources.cache.cachecontrol.cache-private=true
+spring.main.allow-bean-definition-overriding=true
+
+####### tomcat is not detecting the x-forward headers from bluemix as a trustworthy proxy
+server.tomcat.remoteip.internal-proxies=.*
+server.forward-headers-strategy=native
+
+# Embedded Spring LDAP server
+spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
+spring.ldap.embedded.credential.username= uid=admin
+spring.ldap.embedded.credential.password= secret
+spring.ldap.embedded.ldif=classpath:taskana-test.ldif
+spring.ldap.embedded.port= 10389
+spring.ldap.embedded.validation.enabled=false
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/application.properties b/rest/taskana-rest-spring-example-wildfly/src/test/resources/application.properties
index b324dc0dc..3723cd88b 100644
--- a/rest/taskana-rest-spring-example-wildfly/src/test/resources/application.properties
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/application.properties
@@ -1,31 +1,34 @@
-logging.level.pro.taskana=INFO
-### logging.level.org.springframework=DEBUG
+logging.level.pro.taskana=DEBUG
+logging.level.org.springframework=DEBUG
+
 ######## Taskana DB #######
-datasource.jndi=java:jboss/datasources/TestDS
-taskana.schemaName=taskana
+datasource.jndi=java:/TaskanaDS/H2
+taskana.schemaName=TASKANA
 
 devMode=true
+
 ####### properties to connect to LDAP
 taskana.ldap.serverUrl=ldap://localhost:10389
-taskana.ldap.bindDn=uid=admin,ou=system
+taskana.ldap.bindDn=uid=admin
 taskana.ldap.bindPassword=secret
-taskana.ldap.baseDn=o=TaskanaTest
-####### properties that control search for users and groups
-taskana.ldap.userSearchBase=ou=people
+taskana.ldap.baseDn=ou=Test,O=TASKANA
+taskana.ldap.userSearchBase=cn=users
 taskana.ldap.userSearchFilterName=objectclass
 taskana.ldap.userSearchFilterValue=person
 taskana.ldap.userFirstnameAttribute=givenName
 taskana.ldap.userLastnameAttribute=sn
 taskana.ldap.userIdAttribute=uid
-taskana.ldap.groupSearchBase=ou=groups
+taskana.ldap.groupSearchBase=
 taskana.ldap.groupSearchFilterName=objectclass
 taskana.ldap.groupSearchFilterValue=groupOfUniqueNames
 taskana.ldap.groupNameAttribute=cn
 taskana.ldap.minSearchForLength=3
 taskana.ldap.maxNumberOfReturnedAccessIds=50
-taskana.ldap.groupsOfUser=memberUid
+taskana.ldap.groupsOfUser=uniquemember
+
 ####### JobScheduler cron expression that specifies when the JobSchedler runs
 taskana.jobscheduler.async.cron=0 * * * * *
+
 ####### cache static resources propertiesgit add --
 spring.resources.cache.cachecontrol.cache-private=true
 spring.main.allow-bean-definition-overriding=true
@@ -33,3 +36,11 @@ spring.main.allow-bean-definition-overriding=true
 ####### tomcat is not detecting the x-forward headers from bluemix as a trustworthy proxy
 server.tomcat.remoteip.internal-proxies=.*
 server.forward-headers-strategy=native
+
+# Embedded Spring LDAP server
+spring.ldap.embedded.base-dn= OU=Test,O=TASKANA
+spring.ldap.embedded.credential.username= uid=admin
+spring.ldap.embedded.credential.password= secret
+spring.ldap.embedded.ldif=classpath:taskana-test.ldif
+spring.ldap.embedded.port= 10389
+spring.ldap.embedded.validation.enabled=false
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/arquillian.xml b/rest/taskana-rest-spring-example-wildfly/src/test/resources/arquillian.xml
new file mode 100644
index 000000000..5ce724d17
--- /dev/null
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/arquillian.xml
@@ -0,0 +1,16 @@
+<arquillian xmlns="http://jboss.org/schema/arquillian"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://jboss.org/schema/arquillian
+        http://jboss.org/schema/arquillian/arquillian_1_0.xsd">
+    <defaultProtocol type="Servlet 3.0" />
+    <container qualifier="jboss" default="true">
+        <configuration>
+            <property name="jbossHome">target/wildfly-13.0.0.Final</property>
+            <property name="serverConfig">../../../../src/test/resources/int-test-standalone.xml</property>
+<!--             <property name="javaVmArguments">-Xmx512m -XX:MaxPermSize=128m
+                -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=y
+            </property> -->
+            <property name="javaVmArguments">-Djava.util.logging.manager=org.jboss.logmanager.LogManager</property>
+        </configuration>
+    </container>
+</arquillian>
\ No newline at end of file
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-jboss-web.xml b/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-jboss-web.xml
new file mode 100644
index 000000000..ada1b1905
--- /dev/null
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-jboss-web.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<jboss-web version="7.2"
+		   xmlns="http://www.jboss.com/xml/ns/javaee"
+		   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+		   xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee http://www.jboss.org/j2ee/schema/jboss-web_7_2.xsd">
+	<context-root>/taskana</context-root>
+    <security-domain>taskanaApplicationDomain</security-domain>
+</jboss-web>
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-standalone.xml b/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-standalone.xml
new file mode 100644
index 000000000..049ab7988
--- /dev/null
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-standalone.xml
@@ -0,0 +1,849 @@
+<?xml version='1.0' encoding='UTF-8'?>
+
+<server xmlns="urn:jboss:domain:7.0">
+    <extensions>
+        <extension module="org.jboss.as.clustering.infinispan" />
+        <extension module="org.jboss.as.connector" />
+        <extension module="org.jboss.as.deployment-scanner" />
+        <extension module="org.jboss.as.ee" />
+        <extension module="org.jboss.as.ejb3" />
+        <extension module="org.jboss.as.jaxrs" />
+        <extension module="org.jboss.as.jdr" />
+        <extension module="org.jboss.as.jmx" />
+        <extension module="org.jboss.as.jpa" />
+        <extension module="org.jboss.as.jsf" />
+        <extension module="org.jboss.as.logging" />
+        <extension module="org.jboss.as.mail" />
+        <extension module="org.jboss.as.naming" />
+        <extension module="org.jboss.as.pojo" />
+        <extension module="org.jboss.as.remoting" />
+        <extension module="org.jboss.as.sar" />
+        <extension module="org.jboss.as.security" />
+        <extension module="org.jboss.as.transactions" />
+        <extension module="org.jboss.as.webservices" />
+        <extension module="org.jboss.as.weld" />
+        <extension module="org.wildfly.extension.batch.jberet" />
+        <extension
+            module="org.wildfly.extension.bean-validation" />
+        <extension
+            module="org.wildfly.extension.core-management" />
+        <extension module="org.wildfly.extension.elytron" />
+        <extension module="org.wildfly.extension.io" />
+        <extension
+            module="org.wildfly.extension.request-controller" />
+        <extension
+            module="org.wildfly.extension.security.manager" />
+        <extension module="org.wildfly.extension.undertow" />
+    </extensions>
+    <management>
+        <security-realms>
+            <security-realm name="ManagementRealm">
+                <authentication>
+                    <local default-user="$local"
+                        skip-group-loading="true" />
+                    <properties path="mgmt-users.properties"
+                        relative-to="jboss.server.config.dir" />
+                </authentication>
+                <authorization map-groups-to-roles="false">
+                    <properties path="mgmt-groups.properties"
+                        relative-to="jboss.server.config.dir" />
+                </authorization>
+            </security-realm>
+            <security-realm name="ApplicationRealm">
+                <server-identities>
+                    <ssl>
+                        <keystore path="application.keystore"
+                            relative-to="jboss.server.config.dir"
+                            keystore-password="password" alias="server"
+                            key-password="password"
+                            generate-self-signed-certificate-host="localhost" />
+                    </ssl>
+                </server-identities>
+                <authentication>
+                    <local default-user="$local" allowed-users="*"
+                        skip-group-loading="true" />
+                    <properties
+                        path="application-users.properties"
+                        relative-to="jboss.server.config.dir" />
+                </authentication>
+                <authorization>
+                    <properties
+                        path="application-roles.properties"
+                        relative-to="jboss.server.config.dir" />
+                </authorization>
+            </security-realm>
+        </security-realms>
+        <audit-log>
+            <formatters>
+                <json-formatter name="json-formatter" />
+            </formatters>
+            <handlers>
+                <file-handler name="file"
+                    formatter="json-formatter" path="audit-log.log"
+                    relative-to="jboss.server.data.dir" />
+            </handlers>
+            <logger log-boot="true" log-read-only="false"
+                enabled="false">
+                <handlers>
+                    <handler name="file" />
+                </handlers>
+            </logger>
+        </audit-log>
+        <management-interfaces>
+            <http-interface
+                http-authentication-factory="management-http-authentication">
+                <http-upgrade enabled="true"
+                    sasl-authentication-factory="management-sasl-authentication" />
+                <socket-binding http="management-http" />
+            </http-interface>
+        </management-interfaces>
+        <access-control provider="simple">
+            <role-mapping>
+                <role name="SuperUser">
+                    <include>
+                        <user name="$local" />
+                    </include>
+                </role>
+            </role-mapping>
+        </access-control>
+    </management>
+    <profile>
+        <subsystem xmlns="urn:jboss:domain:logging:5.0">
+            <console-handler name="CONSOLE">
+                <level name="INFO" />
+                <formatter>
+                    <named-formatter
+                        name="COLOR-PATTERN" />
+                </formatter>
+            </console-handler>
+            <periodic-rotating-file-handler
+                name="FILE" autoflush="true">
+                <formatter>
+                    <named-formatter name="PATTERN" />
+                </formatter>
+                <file relative-to="jboss.server.log.dir"
+                    path="server.log" />
+                <suffix value=".yyyy-MM-dd" />
+                <append value="true" />
+            </periodic-rotating-file-handler>
+            <logger category="com.arjuna">
+                <level name="WARN" />
+            </logger>
+            <logger category="org.jboss.as.config">
+                <level name="ALL" />
+            </logger>
+            <logger category="sun.rmi">
+                <level name="WARN" />
+            </logger>
+            <logger category="pro.taskana"
+                use-parent-handlers="true">
+                <level name="DEBUG" />
+            </logger>
+            <logger category="org.springframework"
+                use-parent-handlers="true">
+                <level name="INFO" />
+            </logger>
+            <logger category="org.springframework.web"
+                use-parent-handlers="true">
+                <level name="DEBUG" />
+            </logger>
+            <logger category="org.slf4j"
+                use-parent-handlers="true">
+                <level name="DEBUG" />
+            </logger>
+            <logger category="org.springframework.security"
+                use-parent-handlers="true">
+                <level name="DEBUG" />
+            </logger>
+            <logger category="org.jboss.security"
+                use-parent-handlers="true">
+                <level name="ALL" />
+            </logger>
+            <logger category="org.jboss.as.security"
+                use-parent-handlers="true">
+                <level name="ALL" />
+            </logger>
+            <logger category="org.picketbox"
+                use-parent-handlers="true">
+                <level name="ALL" />
+            </logger>
+            <logger
+                category="org.jboss.as.domain.management.security"
+                use-parent-handlers="true">
+                <level name="ALL" />
+            </logger>
+            <logger category="org.wildfly.security"
+                use-parent-handlers="true">
+                <level name="ALL" />
+            </logger>
+            <logger category="org.wildfly.elytron"
+                use-parent-handlers="true">
+                <level name="ALL" />
+            </logger>
+            <logger category="org.apache.catalina"
+                use-parent-handlers="true">
+                <level name="ALL" />
+            </logger>
+            <logger category="org.wildfly.extension.undertow"
+                use-parent-handlers="true">
+                <level name="ALL" />
+            </logger>
+            <root-logger>
+                <level name="INFO" />
+                <handlers>
+                    <handler name="CONSOLE" />
+                    <handler name="FILE" />
+                </handlers>
+            </root-logger>
+            <formatter name="PATTERN">
+                <pattern-formatter
+                    pattern="%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
+            </formatter>
+            <formatter name="COLOR-PATTERN">
+                <pattern-formatter
+                    pattern="%K{level}%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%e%n" />
+            </formatter>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:batch-jberet:2.0">
+            <default-job-repository
+                name="in-memory" />
+            <default-thread-pool name="batch" />
+            <job-repository name="in-memory">
+                <in-memory />
+            </job-repository>
+            <thread-pool name="batch">
+                <max-threads count="10" />
+                <keepalive-time time="30" unit="seconds" />
+            </thread-pool>
+        </subsystem>
+        <subsystem
+            xmlns="urn:jboss:domain:bean-validation:1.0" />
+        <subsystem
+            xmlns="urn:jboss:domain:core-management:1.0" />
+        <subsystem xmlns="urn:jboss:domain:datasources:5.0">
+            <datasources>
+                <datasource
+                    jndi-name="java:jboss/datasources/ExampleDS"
+                    pool-name="ExampleDS" enabled="true"
+                    use-java-context="true">
+                    <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1;DB_CLOSE_ON_EXIT=FALSE
+                    </connection-url>
+                    <driver>h2</driver>
+                    <security>
+                        <user-name>sa</user-name>
+                        <password>sa</password>
+                    </security>
+                </datasource>
+                <datasource jta="true"
+                    jndi-name="java:/TaskanaDS/H2"
+                    pool-name="TASKANA Datasource" enabled="true"
+                    use-ccm="false">
+                    <connection-url>jdbc:h2:mem:test;DB_CLOSE_DELAY=-1
+                    </connection-url>
+                    <driver-class>org.h2.Driver</driver-class>
+                    <driver>h2</driver>
+                    <security>
+                        <user-name>sa</user-name>
+                        <password>sa</password>
+                    </security>
+                    <validation>
+                        <background-validation>false
+                        </background-validation>
+                    </validation>
+                </datasource>
+                <datasource jta="true"
+                    jndi-name="java:/TaskanaDS/PostgreSQL"
+                    pool-name="TASKANA PostgreSQL Datasource"
+                    enabled="true" use-ccm="false">
+                    <connection-url>jdbc:postgresql://localhost:50102/postgres
+                    </connection-url>
+                    <driver-class>org.postgresql.Driver</driver-class>
+                    <driver>postgresql</driver>
+                    <security>
+                        <user-name>postgres</user-name>
+                        <password>postgres</password>
+                    </security>
+                    <validation>
+                        <background-validation>false
+                        </background-validation>
+                    </validation>
+                </datasource>
+                <drivers>
+                    <driver name="h2" module="com.h2database.h2">
+                        <xa-datasource-class>org.h2.jdbcx.JdbcDataSource
+                        </xa-datasource-class>
+                    </driver>
+                    <driver name="postgresql"
+                        module="org.postgresql">
+                        <driver-class>org.postgresql.Driver
+                        </driver-class>
+                    </driver>
+                </drivers>
+            </datasources>
+        </subsystem>
+        <subsystem
+            xmlns="urn:jboss:domain:deployment-scanner:2.0">
+            <deployment-scanner path="deployments"
+                relative-to="jboss.server.base.dir" scan-interval="5000"
+                runtime-failure-causes-rollback="${jboss.deployment.scanner.rollback.on.failure:false}" />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:ee:4.0">
+            <spec-descriptor-property-replacement>false
+            </spec-descriptor-property-replacement>
+            <concurrent>
+                <context-services>
+                    <context-service name="default"
+                        jndi-name="java:jboss/ee/concurrency/context/default"
+                        use-transaction-setup-provider="true" />
+                </context-services>
+                <managed-thread-factories>
+                    <managed-thread-factory
+                        name="default"
+                        jndi-name="java:jboss/ee/concurrency/factory/default"
+                        context-service="default" />
+                </managed-thread-factories>
+                <managed-executor-services>
+                    <managed-executor-service
+                        name="default"
+                        jndi-name="java:jboss/ee/concurrency/executor/default"
+                        context-service="default"
+                        hung-task-threshold="60000"
+                        keepalive-time="5000" />
+                </managed-executor-services>
+                <managed-scheduled-executor-services>
+                    <managed-scheduled-executor-service
+                        name="default"
+                        jndi-name="java:jboss/ee/concurrency/scheduler/default"
+                        context-service="default"
+                        hung-task-threshold="60000"
+                        keepalive-time="3000" />
+                </managed-scheduled-executor-services>
+            </concurrent>
+            <default-bindings
+                context-service="java:jboss/ee/concurrency/context/default"
+                datasource="java:jboss/datasources/ExampleDS"
+                managed-executor-service="java:jboss/ee/concurrency/executor/default"
+                managed-scheduled-executor-service="java:jboss/ee/concurrency/scheduler/default"
+                managed-thread-factory="java:jboss/ee/concurrency/factory/default" />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:ejb3:5.0">
+            <session-bean>
+                <stateless>
+                    <bean-instance-pool-ref
+                        pool-name="slsb-strict-max-pool" />
+                </stateless>
+                <stateful default-access-timeout="5000"
+                    cache-ref="simple"
+                    passivation-disabled-cache-ref="simple" />
+                <singleton default-access-timeout="5000" />
+            </session-bean>
+            <pools>
+                <bean-instance-pools>
+                    <strict-max-pool
+                        name="slsb-strict-max-pool"
+                        derive-size="from-worker-pools"
+                        instance-acquisition-timeout="5"
+                        instance-acquisition-timeout-unit="MINUTES" />
+                    <strict-max-pool
+                        name="mdb-strict-max-pool"
+                        derive-size="from-cpu-count"
+                        instance-acquisition-timeout="5"
+                        instance-acquisition-timeout-unit="MINUTES" />
+                </bean-instance-pools>
+            </pools>
+            <caches>
+                <cache name="simple" />
+                <cache name="distributable"
+                    passivation-store-ref="infinispan"
+                    aliases="passivating clustered" />
+            </caches>
+            <passivation-stores>
+                <passivation-store name="infinispan"
+                    cache-container="ejb" max-size="10000" />
+            </passivation-stores>
+            <async thread-pool-name="default" />
+            <timer-service thread-pool-name="default"
+                default-data-store="default-file-store">
+                <data-stores>
+                    <file-data-store
+                        name="default-file-store"
+                        path="timer-service-data"
+                        relative-to="jboss.server.data.dir" />
+                </data-stores>
+            </timer-service>
+            <remote connector-ref="http-remoting-connector"
+                thread-pool-name="default">
+                <channel-creation-options>
+                    <option name="READ_TIMEOUT"
+                        value="${prop.remoting-connector.read.timeout:20}"
+                        type="xnio" />
+                    <option name="MAX_OUTBOUND_MESSAGES"
+                        value="1234" type="remoting" />
+                </channel-creation-options>
+            </remote>
+            <thread-pools>
+                <thread-pool name="default">
+                    <max-threads count="10" />
+                    <keepalive-time time="100"
+                        unit="milliseconds" />
+                </thread-pool>
+            </thread-pools>
+            <default-security-domain
+                value="other" />
+            <default-missing-method-permissions-deny-access
+                value="true" />
+            <log-system-exceptions value="true" />
+        </subsystem>
+        <subsystem xmlns="urn:wildfly:elytron:3.0"
+            final-providers="combined-providers"
+            disallowed-providers="OracleUcrypto">
+            <providers>
+                <aggregate-providers
+                    name="combined-providers">
+                    <providers name="elytron" />
+                    <providers name="openssl" />
+                </aggregate-providers>
+                <provider-loader name="elytron"
+                    module="org.wildfly.security.elytron" />
+                <provider-loader name="openssl"
+                    module="org.wildfly.openssl" />
+            </providers>
+            <audit-logging>
+                <file-audit-log name="local-audit"
+                    path="audit.log" relative-to="jboss.server.log.dir"
+                    format="JSON" />
+            </audit-logging>
+            <security-domains>
+                <security-domain
+                    name="ApplicationDomain"
+                    default-realm="ApplicationRealm"
+                    permission-mapper="default-permission-mapper">
+                    <realm name="ApplicationRealm"
+                        role-decoder="groups-to-roles" />
+                    <realm name="local" />
+                </security-domain>
+                <security-domain name="ManagementDomain"
+                    default-realm="ManagementRealm"
+                    permission-mapper="default-permission-mapper">
+                    <realm name="ManagementRealm"
+                        role-decoder="groups-to-roles" />
+                    <realm name="local"
+                        role-mapper="super-user-mapper" />
+                </security-domain>
+                <security-domain name="taskanaLdapSD"
+                    default-realm="taskanaLR"
+                    permission-mapper="default-permission-mapper">
+                    <realm name="taskanaLR"
+                        role-decoder="from-roles-attribute" />
+                </security-domain>
+            </security-domains>
+            <security-realms>
+                <identity-realm name="local"
+                    identity="$local" />
+                <properties-realm
+                    name="ApplicationRealm">
+                    <users-properties
+                        path="application-users.properties"
+                        relative-to="jboss.server.config.dir"
+                        digest-realm-name="ApplicationRealm" />
+                    <groups-properties
+                        path="application-roles.properties"
+                        relative-to="jboss.server.config.dir" />
+                </properties-realm>
+                <properties-realm
+                    name="ManagementRealm">
+                    <users-properties
+                        path="mgmt-users.properties"
+                        relative-to="jboss.server.config.dir"
+                        digest-realm-name="ManagementRealm" />
+                    <groups-properties
+                        path="mgmt-groups.properties"
+                        relative-to="jboss.server.config.dir" />
+                </properties-realm>
+                <ldap-realm name="taskanaLR"
+                    dir-context="taskanaDC">
+                    <identity-mapping
+                        rdn-identifier="uid"
+                        use-recursive-search="false"
+                        search-base-dn="cn=users,ou=Test,O=TASKANA">
+                        <attribute-mapping>
+                            <attribute to="Roles"
+                                filter="(&amp;(objectClass=groupofuniquenames)(uniquemember={1}))"
+                                filter-base-dn="ou=Test,O=TASKANA" />
+                        </attribute-mapping>
+                        <user-password-mapper
+                            from="userPassword" />
+                    </identity-mapping>
+                </ldap-realm>
+            </security-realms>
+            <mappers>
+                <simple-permission-mapper
+                    name="default-permission-mapper"
+                    mapping-mode="first">
+                    <permission-mapping>
+                        <principal name="anonymous" />
+                        <permission
+                            class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission"
+                            module="org.wildfly.extension.batch.jberet"
+                            target-name="*" />
+                        <permission
+                            class-name="org.wildfly.transaction.client.RemoteTransactionPermission"
+                            module="org.wildfly.transaction.client" />
+                        <permission
+                            class-name="org.jboss.ejb.client.RemoteEJBPermission"
+                            module="org.jboss.ejb-client" />
+                    </permission-mapping>
+                    <permission-mapping
+                        match-all="true">
+                        <permission
+                            class-name="org.wildfly.security.auth.permission.LoginPermission" />
+                        <permission
+                            class-name="org.wildfly.extension.batch.jberet.deployment.BatchPermission"
+                            module="org.wildfly.extension.batch.jberet"
+                            target-name="*" />
+                        <permission
+                            class-name="org.wildfly.transaction.client.RemoteTransactionPermission"
+                            module="org.wildfly.transaction.client" />
+                        <permission
+                            class-name="org.jboss.ejb.client.RemoteEJBPermission"
+                            module="org.jboss.ejb-client" />
+                    </permission-mapping>
+                </simple-permission-mapper>
+                <constant-realm-mapper
+                    name="local" realm-name="local" />
+                <simple-role-decoder
+                    name="groups-to-roles" attribute="groups" />
+                <simple-role-decoder
+                    name="from-roles-attribute" attribute="Roles" />
+                <constant-role-mapper
+                    name="super-user-mapper">
+                    <role name="SuperUser" />
+                </constant-role-mapper>
+                <constant-role-mapper
+                    name="user-mapper">
+                    <role name="user" />
+                </constant-role-mapper>
+            </mappers>
+            <http>
+                <http-authentication-factory
+                    name="management-http-authentication"
+                    security-domain="ManagementDomain"
+                    http-server-mechanism-factory="global">
+                    <mechanism-configuration>
+                        <mechanism mechanism-name="DIGEST">
+                            <mechanism-realm
+                                realm-name="ManagementRealm" />
+                        </mechanism>
+                    </mechanism-configuration>
+                </http-authentication-factory>
+                <http-authentication-factory
+                    name="taskana-ldap-http-auth"
+                    security-domain="taskanaLdapSD"
+                    http-server-mechanism-factory="global">
+                    <mechanism-configuration>
+                        <mechanism mechanism-name="BASIC">
+                            <mechanism-realm
+                                realm-name="taskanaApplicationDomain" />
+                        </mechanism>
+                    </mechanism-configuration>
+                </http-authentication-factory>
+                <provider-http-server-mechanism-factory
+                    name="global" />
+            </http>
+            <sasl>
+                <sasl-authentication-factory
+                    name="management-sasl-authentication"
+                    sasl-server-factory="configured"
+                    security-domain="ManagementDomain">
+                    <mechanism-configuration>
+                        <mechanism
+                            mechanism-name="JBOSS-LOCAL-USER"
+                            realm-mapper="local" />
+                        <mechanism mechanism-name="DIGEST-MD5">
+                            <mechanism-realm
+                                realm-name="ManagementRealm" />
+                        </mechanism>
+                    </mechanism-configuration>
+                </sasl-authentication-factory>
+                <sasl-authentication-factory
+                    name="application-sasl-authentication"
+                    sasl-server-factory="configured"
+                    security-domain="ApplicationDomain">
+                    <mechanism-configuration>
+                        <mechanism
+                            mechanism-name="JBOSS-LOCAL-USER"
+                            realm-mapper="local" />
+                        <mechanism mechanism-name="DIGEST-MD5">
+                            <mechanism-realm
+                                realm-name="ApplicationRealm" />
+                        </mechanism>
+                    </mechanism-configuration>
+                </sasl-authentication-factory>
+                <configurable-sasl-server-factory
+                    name="configured" sasl-server-factory="elytron">
+                    <properties>
+                        <property
+                            name="wildfly.sasl.local-user.default-user"
+                            value="$local" />
+                    </properties>
+                </configurable-sasl-server-factory>
+                <mechanism-provider-filtering-sasl-server-factory
+                    name="elytron" sasl-server-factory="global">
+                    <filters>
+                        <filter provider-name="WildFlyElytron" />
+                    </filters>
+                </mechanism-provider-filtering-sasl-server-factory>
+                <provider-sasl-server-factory
+                    name="global" />
+            </sasl>
+            <dir-contexts>
+                <dir-context name="taskanaDC"
+                    url="ldap://127.0.0.1:10389" principal="uid=admin">
+                    <credential-reference
+                        clear-text="secret" />
+                </dir-context>
+            </dir-contexts>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:infinispan:6.0">
+            <cache-container name="server"
+                default-cache="default"
+                module="org.wildfly.clustering.server">
+                <local-cache name="default">
+                    <transaction mode="BATCH" />
+                </local-cache>
+            </cache-container>
+            <cache-container name="web"
+                default-cache="passivation"
+                module="org.wildfly.clustering.web.infinispan">
+                <local-cache name="passivation">
+                    <locking isolation="REPEATABLE_READ" />
+                    <transaction mode="BATCH" />
+                    <file-store passivation="true"
+                        purge="false" />
+                </local-cache>
+            </cache-container>
+            <cache-container name="ejb" aliases="sfsb"
+                default-cache="passivation"
+                module="org.wildfly.clustering.ejb.infinispan">
+                <local-cache name="passivation">
+                    <locking isolation="REPEATABLE_READ" />
+                    <transaction mode="BATCH" />
+                    <file-store passivation="true"
+                        purge="false" />
+                </local-cache>
+            </cache-container>
+            <cache-container name="hibernate"
+                module="org.hibernate.infinispan">
+                <local-cache name="entity">
+                    <transaction mode="NON_XA" />
+                    <object-memory size="10000" />
+                    <expiration max-idle="100000" />
+                </local-cache>
+                <local-cache name="local-query">
+                    <object-memory size="10000" />
+                    <expiration max-idle="100000" />
+                </local-cache>
+                <local-cache name="timestamps" />
+            </cache-container>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:io:3.0">
+            <worker name="default" />
+            <buffer-pool name="default" />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jaxrs:1.0" />
+        <subsystem xmlns="urn:jboss:domain:jca:5.0">
+            <archive-validation enabled="true"
+                fail-on-error="true" fail-on-warn="false" />
+            <bean-validation enabled="true" />
+            <default-workmanager>
+                <short-running-threads>
+                    <core-threads count="50" />
+                    <queue-length count="50" />
+                    <max-threads count="50" />
+                    <keepalive-time time="10"
+                        unit="seconds" />
+                </short-running-threads>
+                <long-running-threads>
+                    <core-threads count="50" />
+                    <queue-length count="50" />
+                    <max-threads count="50" />
+                    <keepalive-time time="10"
+                        unit="seconds" />
+                </long-running-threads>
+            </default-workmanager>
+            <cached-connection-manager />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jdr:1.0" />
+        <subsystem xmlns="urn:jboss:domain:jmx:1.3">
+            <expose-resolved-model />
+            <expose-expression-model />
+            <remoting-connector />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jpa:1.1">
+            <jpa default-datasource=""
+                default-extended-persistence-inheritance="DEEP" />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:jsf:1.1" />
+        <subsystem xmlns="urn:jboss:domain:mail:3.0">
+            <mail-session name="default"
+                jndi-name="java:jboss/mail/Default">
+                <smtp-server
+                    outbound-socket-binding-ref="mail-smtp" />
+            </mail-session>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:naming:2.0">
+            <remote-naming />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:pojo:1.0" />
+        <subsystem xmlns="urn:jboss:domain:remoting:4.0">
+            <http-connector
+                name="http-remoting-connector" connector-ref="default"
+                security-realm="ApplicationRealm" />
+        </subsystem>
+        <subsystem
+            xmlns="urn:jboss:domain:request-controller:1.0" />
+        <subsystem
+            xmlns="urn:jboss:domain:resource-adapters:5.0" />
+        <subsystem xmlns="urn:jboss:domain:sar:1.0" />
+        <subsystem xmlns="urn:jboss:domain:security:2.0">
+            <security-domains>
+                <security-domain name="other"
+                    cache-type="default">
+                    <authentication>
+                        <login-module code="Remoting"
+                            flag="optional">
+                            <module-option
+                                name="password-stacking"
+                                value="useFirstPass" />
+                        </login-module>
+                        <login-module code="RealmDirect"
+                            flag="required">
+                            <module-option
+                                name="password-stacking"
+                                value="useFirstPass" />
+                        </login-module>
+                    </authentication>
+                </security-domain>
+                <security-domain name="jboss-web-policy"
+                    cache-type="default">
+                    <authorization>
+                        <policy-module code="Delegating"
+                            flag="required" />
+                    </authorization>
+                </security-domain>
+            </security-domains>
+        </subsystem>
+        <subsystem
+            xmlns="urn:jboss:domain:security-manager:1.0">
+            <deployment-permissions>
+                <maximum-set>
+                    <permission
+                        class="java.security.AllPermission" />
+                </maximum-set>
+            </deployment-permissions>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:transactions:4.0">
+            <core-environment>
+                <process-id>
+                    <uuid />
+                </process-id>
+            </core-environment>
+            <recovery-environment
+                socket-binding="txn-recovery-environment"
+                status-socket-binding="txn-status-manager" />
+            <object-store path="tx-object-store"
+                relative-to="jboss.server.data.dir" />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:undertow:6.0">
+            <buffer-cache name="default" />
+            <server name="default-server">
+                <http-listener name="default"
+                    socket-binding="http" redirect-socket="https"
+                    enable-http2="true" />
+                <https-listener name="https"
+                    socket-binding="https"
+                    security-realm="ApplicationRealm"
+                    enable-http2="true" />
+                <host name="default-host" alias="localhost">
+                    <location name="/"
+                        handler="welcome-content" />
+                    <filter-ref name="server-header" />
+                    <filter-ref name="x-powered-by-header" />
+                    <http-invoker
+                        security-realm="ApplicationRealm" />
+                </host>
+            </server>
+            <servlet-container name="default">
+                <jsp-config />
+                <websockets />
+            </servlet-container>
+            <handlers>
+                <file name="welcome-content"
+                    path="${jboss.home.dir}/welcome-content" />
+            </handlers>
+            <filters>
+                <response-header name="server-header"
+                    header-name="Server" header-value="WildFly/11" />
+                <response-header
+                    name="x-powered-by-header"
+                    header-name="X-Powered-By" header-value="Undertow/1" />
+            </filters>
+            <application-security-domains>
+                <application-security-domain
+                    name="taskanaApplicationDomain"
+                    http-authentication-factory="taskana-ldap-http-auth" />
+            </application-security-domains>
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:webservices:2.0">
+            <wsdl-host>${jboss.bind.address:127.0.0.1}</wsdl-host>
+            <endpoint-config
+                name="Standard-Endpoint-Config" />
+            <endpoint-config
+                name="Recording-Endpoint-Config">
+                <pre-handler-chain
+                    name="recording-handlers"
+                    protocol-bindings="##SOAP11_HTTP ##SOAP11_HTTP_MTOM ##SOAP12_HTTP ##SOAP12_HTTP_MTOM">
+                    <handler name="RecordingHandler"
+                        class="org.jboss.ws.common.invocation.RecordingServerHandler" />
+                </pre-handler-chain>
+            </endpoint-config>
+            <client-config name="Standard-Client-Config" />
+        </subsystem>
+        <subsystem xmlns="urn:jboss:domain:weld:4.0" />
+    </profile>
+    <interfaces>
+        <interface name="management">
+            <inet-address
+                value="${jboss.bind.address.management:127.0.0.1}" />
+        </interface>
+        <interface name="public">
+            <inet-address
+                value="${jboss.bind.address:127.0.0.1}" />
+        </interface>
+    </interfaces>
+    <socket-binding-group name="standard-sockets"
+        default-interface="public"
+        port-offset="${jboss.socket.binding.port-offset:0}">
+        <socket-binding name="management-http"
+            interface="management"
+            port="${jboss.management.http.port:9990}" />
+        <socket-binding name="management-https"
+            interface="management"
+            port="${jboss.management.https.port:9993}" />
+        <socket-binding name="ajp"
+            port="${jboss.ajp.port:8009}" />
+        <socket-binding name="http"
+            port="${jboss.http.port:8080}" />
+        <socket-binding name="https"
+            port="${jboss.https.port:8443}" />
+        <socket-binding name="txn-recovery-environment"
+            port="4712" />
+        <socket-binding name="txn-status-manager"
+            port="4713" />
+        <outbound-socket-binding
+            name="mail-smtp">
+            <remote-destination host="localhost"
+                port="25" />
+        </outbound-socket-binding>
+    </socket-binding-group>
+</server>
\ No newline at end of file
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-web.xml b/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-web.xml
new file mode 100644
index 000000000..23f569d4d
--- /dev/null
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/int-test-web.xml
@@ -0,0 +1,41 @@
+<web-app version="3.1"
+    xmlns="http://xmlns.jcp.org/xml/ns/javaee"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee
+  http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd">
+
+    <display-name>TaskanaRestWildflySpring</display-name>
+    <session-config>
+        <tracking-mode>COOKIE</tracking-mode>
+    </session-config>
+    <welcome-file-list>
+        <welcome-file>index.html</welcome-file>
+    </welcome-file-list>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>taskana-web</web-resource-name>
+            <url-pattern>/*</url-pattern>
+        </web-resource-collection>
+        <auth-constraint>
+            <role-name>*</role-name>
+        </auth-constraint>
+    </security-constraint>
+    <security-constraint>
+        <web-resource-collection>
+            <web-resource-name>Public</web-resource-name>
+            <url-pattern>/css/main.css</url-pattern>
+            <url-pattern>/css/bootstrap/4.1.3/bootstrap.min.css</url-pattern>
+            <url-pattern>/css/bootstrap/4.1.3/bootstrap.min.css.map</url-pattern>
+            <url-pattern>/img/logo.png</url-pattern>
+            <url-pattern>/logout</url-pattern>
+        </web-resource-collection>
+        <!-- No auth-constraint means everybody has access! -->
+    </security-constraint>
+    <security-role>
+        <role-name>*</role-name>
+    </security-role>
+    <login-config>
+        <auth-method>BASIC</auth-method>
+        <realm-name>taskanaApplicationDomain</realm-name>
+    </login-config>
+</web-app>
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/module.xml b/rest/taskana-rest-spring-example-wildfly/src/test/resources/module.xml
new file mode 100644
index 000000000..42d3a28d7
--- /dev/null
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/module.xml
@@ -0,0 +1,14 @@
+<?xml version='1.0' encoding='UTF-8'?>
+
+<module xmlns="urn:jboss:module:1.1" name="org.postgresql">
+
+    <resources>
+    <!--the name of your driver -->
+        <resource-root path="postgresql-42.2.14.jar"/>
+    </resources>
+
+    <dependencies>
+        <module name="javax.api"/>
+        <module name="javax.transaction.api"/>
+    </dependencies>
+</module>
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/project-defaults.yml b/rest/taskana-rest-spring-example-wildfly/src/test/resources/project-defaults.yml
deleted file mode 100644
index 511c208c5..000000000
--- a/rest/taskana-rest-spring-example-wildfly/src/test/resources/project-defaults.yml
+++ /dev/null
@@ -1,19 +0,0 @@
-swarm:
-  port:
-    offset: 10
-  datasources:
-    data-sources:
-      TestDS:
-        driver-name: postgresql
-        connection-url: jdbc:postgresql://localhost:50102/postgres
-        user-name: postgres
-        password: postgres
-    jdbc-drivers:
-      mypostgres:
-        driver-class-name: org.postgresql.Driver
-        xa-datasource-name: org.postgresql.xa.PGXADataSource
-        driver-module-name: org.postgresql
-      myh2:
-        driver-class-name: org.h2.Driver
-        xa-datasource-name: org.h2.jdbcx.JdbcDataSource
-        driver-module-name: com.h2database.h2
diff --git a/rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana-test.ldif b/rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana-test.ldif
new file mode 100644
index 000000000..a4196c95c
--- /dev/null
+++ b/rest/taskana-rest-spring-example-wildfly/src/test/resources/taskana-test.ldif
@@ -0,0 +1,258 @@
+######################
+# Base Structure
+######################
+dn: OU=Test,O=TASKANA
+ou: Organisationseinheit
+objectclass: top
+objectclass: organizationalUnit
+
+dn: cn=groups,OU=Test,O=TASKANA
+cn: groups
+objectclass: top
+objectclass: container
+
+dn: cn=users,OU=Test,O=TASKANA
+cn: users
+objectclass: top
+objectclass: container
+
+dn: cn=organisation,OU=Test,O=TASKANA
+cn: organisation
+objectclass: top
+objectclass: container
+
+
+########################
+# Users General
+########################
+dn: uid=monitor,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Monitor
+description: desc
+uid: monitor
+sn: Monitor
+ou: Organisationseinheit/Organisationseinheit IT
+cn: monitor monitor
+userPassword: monitor
+
+dn: uid=taskadmin,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Task
+description: desc
+uid: taskadmin
+sn: Admin
+ou: Organisationseinheit/Organisationseinheit IT
+cn: Task admin
+userPassword: taskadmin
+
+dn: uid=admin,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Admin
+description: desc
+uid: admin
+sn: Admin
+ou: Organisationseinheit/Organisationseinheit IT
+cn: Admin Admin
+userPassword: admin
+
+dn: uid=businessadmin,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Business
+description: desc
+uid: businessadmin
+sn: Admin
+ou: Organisationseinheit/Organisationseinheit IT
+cn: Business Admin
+userPassword: businessadmin
+
+########################
+# Users KSC 1
+########################
+dn: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Titus
+description: desc
+uid: teamlead-1
+sn: Toll
+ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
+cn: Titus Toll
+userPassword: teamlead-1
+
+dn: uid=user-1-1,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Max
+description: desc
+uid: user-1-1
+sn: Mustermann
+ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
+cn: Max Mustermann
+userPassword: user-1-1
+
+dn: uid=user-1-2,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Elena
+description: desc
+uid: user-1-2
+sn: Eifrig
+ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 1
+cn: Elena Eifrig
+userPassword: user-1-2
+
+########################
+# Users KSC 2
+########################
+dn: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Frauke
+description: desc
+uid: teamlead-2
+sn: Faul
+ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
+cn: Frauke Faul
+userPassword: teamlead-2
+
+dn: uid=user-2-1,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Simone
+description: desc
+uid: user-2-1
+sn: Müller
+ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
+cn: Simone Müller
+userPassword: user-2-1
+
+dn: uid=user-2-2,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Tim
+description: desc
+uid: user-2-2
+sn:: U2NobMOkZnJpZw==
+ou: Organisationseinheit/Organisationseinheit KSC/Organisationseinheit KSC 2
+cn:: VGltIFNjaGzDpGZyaWc=
+userPassword: user-2-1
+
+########################
+# Users Domäne B
+########################
+dn: uid=user-b-1,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Bernd
+description: desc
+uid: user-b-1
+sn: Bern
+ou: Organisationseinheit/Organisationseinheit B
+cn: Bernd Bern
+userPassword: user-b-1
+
+dn: uid=user-b-2,cn=users,OU=Test,O=TASKANA
+objectclass: inetorgperson
+objectclass: organizationalperson
+objectclass: person
+objectclass: top
+givenName: Brunhilde
+description: desc
+uid: user-b-2
+sn: Bio
+ou: Organisationseinheit/Organisationseinheit B
+cn: Brunhilde Bio
+userPassword: user-b-2
+
+
+########################
+# Groups
+########################
+dn: cn=ksc-users,cn=groups,OU=Test,O=TASKANA
+uniquemember: uid=user-1-1,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=user-2-1,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=user-2-2,cn=users,OU=Test,O=TASKANA
+cn: ksc-users
+objectclass: groupofuniquenames
+objectclass: top
+
+dn: cn=ksc-teamleads,cn=groups,OU=Test,O=TASKANA
+uniquemember: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
+cn: ksc-teamleads
+objectclass: groupofuniquenames
+objectclass: top
+
+dn: cn=business-admins,cn=groups,OU=Test,O=TASKANA
+uniquemember: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=businessadmin,cn=users,OU=Test,O=TASKANA
+cn: business-admins
+objectclass: groupofuniquenames
+objectclass: top
+
+dn: cn=monitor-users,cn=groups,OU=Test,O=TASKANA
+uniquemember: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
+cn: monitor-users
+objectclass: groupofuniquenames
+objectclass: top
+
+######################
+# Organizational Units
+######################
+dn: cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
+cn: Organisationseinheit KSC
+uniquemember: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
+uniquemember: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
+objectclass: groupofuniquenames
+objectclass: top
+
+dn: cn=Organisationseinheit KSC 1,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
+uniquemember: uid=teamlead-1,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=user-1-1,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=user-1-2,cn=users,OU=Test,O=TASKANA
+cn: Organisationseinheit KSC 1
+objectclass: groupofuniquenames
+objectclass: top
+
+dn: cn=Organisationseinheit KSC 2,cn=Organisationseinheit KSC,cn=organisation,OU=Test,O=TASKANA
+uniquemember: uid=teamlead-2,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=user-2-1,cn=users,OU=Test,O=TASKANA
+uniquemember: uid=user-2-2,cn=users,OU=Test,O=TASKANA
+cn: Organisationseinheit KSC 2
+objectclass: groupofuniquenames
+objectclass: top
+
+dn: cn=Organisationseinheit B,cn=organisation,OU=Test,O=TASKANA
+cn: Organisationseinheit B
+objectclass: groupofuniquenames
+objectclass: top
+