app-mem-basic-decorate is unwrapping a message in the validateRequest stage which is absolutely prohibited in this stage.

[darranl]

Thu purpose of this test is verifying that a CDI decorator can be applied to an existing authentication mechanism, the wrapping of the response message was to delay setting the error status as this committed the response - the same behaviour can be achieved using a HttpMessageContextWrapper instead.

[arjantijms]

Yes, I agree. The purpose is about verification that the CDI decorator is applied, as discussed during the Jakarta Security 3 cycle. As such, anything else is an implementation detail of the test and can be replaced by any other mechanism.

[arjantijms]

cc @keilw @ggam