Hi,
I've recently inherited a Spring based web services application that uses RESTeasy to expose its services.

It also has a database which is accessed via OpenJPA.
To make things even more complicated we use Spring Security to secure access to the services.

What's the best way to create functional tests for such an architecture?
I need to test things like "the user logs in", "the user invokes service X", "the user logs out", "the user attempts to invoke a service for which he does not have the necessary authorities" and so on.

I am looking at JWebUnit but I was wondering if I should use a more spring-like solution.

Also - what's the common accepted way to test web-apps?
You bring up a spring context without using a container?
Or do you instantiate a local container such as JeTTY and keep it up to execute all the tests?

Many thanks for your help!
Michele

p.s. apologies in advance in case I chose the wrong forum