RACF authentification for Spring Boot REST services running on IBM WebSphere for z/OS (with CORS support)

Recently, we had the challenge of deploying a (simple) Spring Boot REST web service to an IBM WebSphere (Full Profile / WAS Classic) running on z/OS. Although only accessible in a local intranet, the web service should be protected against unauthorized use and only be available to certain RACF groups. Thus, it seemed obvious to…