We should add an integration test which verifies authentication & authorization for the EAP kit/subsystem.

At the very least, this should validate the default modeshape-security domain.