diff --git a/src/test/java/de/kreth/invoice/business/security/DummyCatchAllController.java b/src/test/java/de/kreth/invoice/business/security/DummyCatchAllController.java
new file mode 100644
index 0000000..99c35db
--- /dev/null
+++ b/src/test/java/de/kreth/invoice/business/security/DummyCatchAllController.java
@@ -0,0 +1,17 @@
+package de.kreth.invoice.business.security;
+
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.ResponseBody;
+
+@Controller
+@RequestMapping
+public class DummyCatchAllController {
+
+	@GetMapping(path = "/**")
+	@ResponseBody
+	public String catchAll() {
+		return "DummyCatchallController#catchAll";
+	}
+}
diff --git a/src/test/java/de/kreth/invoice/business/security/SecurityConfigurationTest.java b/src/test/java/de/kreth/invoice/business/security/SecurityConfigurationTest.java
new file mode 100644
index 0000000..61fa577
--- /dev/null
+++ b/src/test/java/de/kreth/invoice/business/security/SecurityConfigurationTest.java
@@ -0,0 +1,43 @@
+package de.kreth.invoice.business.security;
+
+import static org.springframework.security.test.web.servlet.setup.SecurityMockMvcConfigurers.springSecurity;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
+
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.servlet.WebMvcTest;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.web.servlet.MockMvc;
+import org.springframework.test.web.servlet.setup.MockMvcBuilders;
+import org.springframework.web.context.WebApplicationContext;
+
+@WebMvcTest(controllers = DummyCatchAllController.class)
+class SecurityConfigurationTest {
+
+	private MockMvc mockMvc;
+
+	@Autowired
+	private WebApplicationContext webApplicationContext;
+
+	@BeforeEach
+	void setup() {
+		this.mockMvc = MockMvcBuilders
+				.webAppContextSetup(this.webApplicationContext)
+				.apply(springSecurity())
+				.build();
+	}
+
+	@Test
+	@WithMockUser(username = "user", roles = { "USER" })
+	void asLoggedInUser_ICantAccess() throws Exception {
+		mockMvc.perform(get("/")).andExpect(status().isForbidden());
+	}
+
+	@Test
+	@WithMockUser(username = "admin", roles = { "INVOICE_USER" })
+	void asInvoiceUser_ICanAccess() throws Exception {
+		mockMvc.perform(get("/")).andExpect(status().isOk());
+	}
+}
diff --git a/src/test/java/de/kreth/invoice/business/security/ViewSecurityTest.java b/src/test/java/de/kreth/invoice/business/security/ViewSecurityTest.java
new file mode 100644
index 0000000..74e41fa
--- /dev/null
+++ b/src/test/java/de/kreth/invoice/business/security/ViewSecurityTest.java
@@ -0,0 +1,43 @@
+package de.kreth.invoice.business.security;
+
+import static org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.mockOpaqueToken;
+
+import org.junit.jupiter.api.Disabled;
+import org.junit.jupiter.api.Test;
+import org.keycloak.adapters.springsecurity.account.KeycloakRole;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.autoconfigure.web.reactive.AutoConfigureWebTestClient;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.test.web.reactive.server.WebTestClient;
+
+@SpringBootTest(webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@AutoConfigureWebTestClient
+//@ActiveProfiles("test")
+@Disabled
+class ViewSecurityTest {
+
+    @Autowired
+    private WebTestClient client;
+
+    @Test
+    void givenUnauthenticated_whenCallService_thenIsUnauthorized() {
+	this.client.get().uri("/")
+		.exchange().expectStatus().isUnauthorized();
+    }
+
+    @Test
+    void givenAuthenticatedMissingRole_whenCallServiceWithSecured_thenForbidden() {
+
+	this.client.mutateWith(mockOpaqueToken()).get().uri("/")
+		.exchange().expectStatus().isForbidden();
+    }
+
+    @Test
+    void givenAuthenticated_whenCallServiceWithSecured_thenOk() {
+
+	KeycloakRole role = new KeycloakRole("INVOICE_USER");
+	this.client.mutateWith(mockOpaqueToken().authorities(role))
+		.get().uri("/")
+		.exchange().expectStatus().isOk();
+    }
+}