diff --git a/dspace-server-webapp/pom.xml b/dspace-server-webapp/pom.xml
index c94bfaeed6ae..0a0b394d576a 100644
--- a/dspace-server-webapp/pom.xml
+++ b/dspace-server-webapp/pom.xml
@@ -2,7 +2,6 @@
     <modelVersion>4.0.0</modelVersion>
     <groupId>org.dspace</groupId>
     <artifactId>dspace-server-webapp</artifactId>
-    <packaging>war</packaging>
     <name>DSpace Server Webapp</name>
     <description>
         DSpace Server Webapp (Spring Boot)
@@ -25,23 +24,82 @@
 
         <!-- Default resource delimiter for Spring Boot, so it doesn't clash with Spring ${} placeholders-->
         <resource.delimiter>@</resource.delimiter>
-        <!-- Define our starting class for our Spring Boot Application -->
-        <start-class>org.dspace.app.rest.Application</start-class>
     </properties>
 
     <build>
         <plugins>
             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-war-plugin</artifactId>
-                <configuration>
-                    <attachClasses>true</attachClasses>
-                    <!-- Filter the web.xml (needed for IDE compatibility/debugging) -->
-                    <filteringDeploymentDescriptors>true</filteringDeploymentDescriptors>
-                </configuration>
+                <groupId>org.codehaus.mojo</groupId>
+                <artifactId>properties-maven-plugin</artifactId>
+                <version>1.1.0</version>
                 <executions>
                     <execution>
-                        <phase>prepare-package</phase>
+                        <phase>initialize</phase>
+                        <goals>
+                            <goal>read-project-properties</goal>
+                        </goals>
+                        <configuration>
+                            <files>
+                                <file>${root.basedir}/dspace/config/dspace.cfg</file>
+                                <file>${root.basedir}/dspace/config/local.cfg</file>
+                            </files>
+                            <quiet>true</quiet>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-resources-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>testEnvironment</id>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>testResources</goal>
+                        </goals>
+                        <configuration>
+                            <resources>
+                                <resource>
+                                    <directory>${basedir}/src/test/resources</directory>
+                                </resource>
+                            </resources>
+                        </configuration>
+                    </execution>
+                    <execution>
+                        <id>webappFiltering</id>
+                        <phase>process-resources</phase>
+                        <goals>
+                            <goal>resources</goal>
+                        </goals>
+                        <configuration>
+                            <resources>
+                                <resource>
+                                    <directory>${basedir}/src/main/resources</directory>
+                                    <includes>
+                                        <include>**/*application*.properties</include>
+                                        <include>**/*dspace*.properties</include>
+                                    </includes>
+                                    <filtering>true</filtering>
+                                </resource>
+                                <resource>
+                                    <directory>${basedir}/src/main/resources</directory>
+                                    <excludes>
+                                        <exclude>**/*application*.properties</exclude>
+                                        <exclude>**/*dspace*.properties</exclude>
+                                    </excludes>
+                                    <includes>
+                                        <include>**/*.properties</include>
+                                    </includes>
+                                </resource>
+                                <resource>
+                                    <directory>${basedir}/src/main/resources</directory>
+                                    <includes>
+                                        <include>**/static/**</include>
+                                        <include>**/spring/**</include>
+                                    </includes>
+                                </resource>
+                            </resources>
+                        </configuration>
                     </execution>
                 </executions>
             </plugin>
@@ -66,11 +124,11 @@
                         <exclude>**/src/test/resources/**</exclude>
                         <exclude>**/src/test/data/**</exclude>
                         <!--Skip license check of third party files included/customized from HAL Browser -->
-                        <exclude>src/main/webapp/index.html</exclude>
-                        <exclude>src/main/webapp/login.html</exclude>
-                        <exclude>src/main/webapp/styles.css</exclude>
-                        <exclude>src/main/webapp/js/hal/**</exclude>
-                        <exclude>src/main/webapp/js/vendor/**</exclude>
+                        <exclude>src/main/resources/static/index.html</exclude>
+                        <exclude>src/main/resources/static/login.html</exclude>
+                        <exclude>src/main/resources/static/styles.css</exclude>
+                        <exclude>src/main/resources/static/js/hal/**</exclude>
+                        <exclude>src/main/resources/static/js/vendor/**</exclude>
                     </excludes>
                 </configuration>
             </plugin>
@@ -321,12 +379,6 @@
                 </exclusion>
             </exclusions>
         </dependency>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-tomcat</artifactId>
-            <scope>provided</scope>
-            <version>${spring-boot.version}</version>
-        </dependency>
 
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -356,7 +408,7 @@
         <dependency>
             <groupId>com.flipkart.zjsonpatch</groupId>
             <artifactId>zjsonpatch</artifactId>
-            <version>0.4.6</version>
+            <version>0.4.14</version>
         </dependency>
 
         <!-- HAL Browser (via WebJars) : https://github.com/mikekelly/hal-browser -->
@@ -376,7 +428,7 @@
         <dependency>
             <groupId>org.webjars.bowergithub.jquery</groupId>
             <artifactId>jquery-dist</artifactId>
-            <version>3.6.0</version>
+            <version>3.7.0</version>
         </dependency>
         <!-- Pull in current version of Toastr (toastrjs.com) via WebJars
              Made available at: webjars/toastr/build/toastr.min.js -->
@@ -390,7 +442,7 @@
         <dependency>
             <groupId>org.webjars.bowergithub.medialize</groupId>
             <artifactId>uri.js</artifactId>
-            <version>1.19.10</version>
+            <version>1.19.11</version>
         </dependency>
         <!-- Pull in current version of Underscore.js (https://underscorejs.org/) via WebJars
              Made available at: webjars/underscore/underscore-min.js -->
@@ -562,12 +614,10 @@
         <dependency>
             <groupId>com.jayway.jsonpath</groupId>
             <artifactId>json-path</artifactId>
-            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>com.jayway.jsonpath</groupId>
             <artifactId>json-path-assert</artifactId>
-            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>junit</groupId>
@@ -615,7 +665,7 @@
         <dependency>
             <groupId>org.exparity</groupId>
             <artifactId>hamcrest-date</artifactId>
-            <version>2.0.7</version>
+            <version>2.0.8</version>
             <scope>test</scope>
         </dependency>
         <dependency>
diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/Application.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/WebApplication.java
similarity index 86%
rename from dspace-server-webapp/src/main/java/org/dspace/app/rest/Application.java
rename to dspace-server-webapp/src/main/java/org/dspace/app/rest/WebApplication.java
index b7903c558277..684cbbdc1d7a 100644
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/Application.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/WebApplication.java
@@ -18,8 +18,6 @@
 import org.dspace.app.rest.parameter.resolver.SearchFilterResolver;
 import org.dspace.app.rest.utils.ApplicationConfig;
 import org.dspace.app.rest.utils.DSpaceAPIRequestLoggingFilter;
-import org.dspace.app.rest.utils.DSpaceConfigurationInitializer;
-import org.dspace.app.rest.utils.DSpaceKernelInitializer;
 import org.dspace.app.sitemap.GenerateSitemaps;
 import org.dspace.app.solrdatabaseresync.SolrDatabaseResyncCli;
 import org.dspace.app.util.DSpaceContextListener;
@@ -28,11 +26,9 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-import org.springframework.boot.builder.SpringApplicationBuilder;
-import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
 import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
 import org.springframework.core.annotation.Order;
 import org.springframework.hateoas.server.LinkRelationProvider;
 import org.springframework.lang.NonNull;
@@ -48,24 +44,18 @@
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 /**
- * Define the Spring Boot Application settings itself. This class takes the place
- * of a web.xml file, and configures all Filters/Listeners as methods (see below).
- * <p>
- * NOTE: Requires a Servlet 3.0 container, e.g. Tomcat 7.0 or above.
- * <p>
- * NOTE: This extends SpringBootServletInitializer in order to allow us to build
- * a deployable WAR file with Spring Boot. See:
- * http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-create-a-deployable-war-file
+ * Main configuration for the dspace web module.
  *
  * @author Andrea Bollini (andrea.bollini at 4science.it)
  * @author Tim Donohue
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
  */
-@SpringBootApplication
 @EnableScheduling
 @EnableCaching
-public class Application extends SpringBootServletInitializer {
+@Configuration
+public class WebApplication {
 
-    private static final Logger log = LoggerFactory.getLogger(Application.class);
+    private static final Logger log = LoggerFactory.getLogger(WebApplication.class);
 
     @Autowired
     private ApplicationConfig configuration;
@@ -88,26 +78,6 @@ public void sendGoogleAnalyticsEvents() {
         googleAsyncEventListener.sendCollectedEvents();
     }
 
-    /**
-     * Override the default SpringBootServletInitializer.configure() method,
-     * passing it this Application class.
-     * <p>
-     * This is necessary to allow us to build a deployable WAR, rather than
-     * always relying on embedded Tomcat.
-     * <p>
-     * See: http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-create-a-deployable-war-file
-     *
-     * @param application
-     * @return
-     */
-    @Override
-    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
-        // Pass this Application class, and our initializers for DSpace Kernel and Configuration
-        // NOTE: Kernel must be initialized before Configuration
-        return application.sources(Application.class)
-                          .initializers(new DSpaceKernelInitializer(), new DSpaceConfigurationInitializer());
-    }
-
     /**
      * Register the "DSpaceContextListener" so that it is loaded
      * for this Application.
@@ -279,7 +249,7 @@ public void addResourceHandlers(ResourceHandlerRegistry registry) {
                 // Make all other Webjars available off the /webjars path
                 registry
                     .addResourceHandler("/webjars/**")
-                    .addResourceLocations("/webjars/");
+                    .addResourceLocations("/webjars/", "classpath:/META-INF/resources/webjars/");
             }
 
             @Override
diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/link/DSpaceResourceHalLinkFactory.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/link/DSpaceResourceHalLinkFactory.java
index c306691eb352..30404e030ab6 100644
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/link/DSpaceResourceHalLinkFactory.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/link/DSpaceResourceHalLinkFactory.java
@@ -21,6 +21,8 @@
 import org.dspace.app.rest.model.hateoas.DSpaceResource;
 import org.dspace.app.rest.utils.Utils;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.data.domain.Pageable;
 import org.springframework.hateoas.IanaLinkRelations;
 import org.springframework.hateoas.Link;
@@ -33,6 +35,7 @@
  * @author Tom Desair (tom dot desair at atmire dot com)
  */
 @Component
+@Order(Ordered.HIGHEST_PRECEDENCE)
 public class DSpaceResourceHalLinkFactory extends HalLinkFactory<DSpaceResource, RestResourceController> {
 
     @Autowired
diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/handler/ExternalSourceItemUriListHandler.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/handler/ExternalSourceItemUriListHandler.java
index d619100bf67a..201a7ba1633d 100644
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/handler/ExternalSourceItemUriListHandler.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/repository/handler/ExternalSourceItemUriListHandler.java
@@ -30,16 +30,19 @@
 @Component
 public class ExternalSourceItemUriListHandler extends ExternalSourceEntryItemUriListHandler<Item> {
 
+    private Pattern pattern = Pattern.compile("\\/api\\/core\\/items\\/(.*)");
+
     @Autowired
     private ItemService itemService;
 
     @Override
     @SuppressWarnings("rawtypes")
     public boolean supports(List<String> uriList, String method,Class clazz) {
-        if (clazz != Item.class) {
+        if (clazz != Item.class || uriList.size() != 1) {
             return false;
         }
-        return true;
+
+        return pattern.matcher(uriList.get(0)).find();
     }
 
     @Override
@@ -61,7 +64,6 @@ public boolean validate(Context context, HttpServletRequest request, List<String
     private Item getObjectFromUriList(Context context, List<String> uriList) {
         Item item = null;
         String url = uriList.get(0);
-        Pattern pattern = Pattern.compile("\\/api\\/core\\/items\\/(.*)");
         Matcher matcher = pattern.matcher(url);
         if (!matcher.find()) {
             throw new DSpaceBadRequestException("The uri: " + url + " doesn't resolve to an item");
diff --git a/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AdminRestPermissionEvaluatorPlugin.java b/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AdminRestPermissionEvaluatorPlugin.java
index 0d251f6400f7..338eed4a7340 100644
--- a/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AdminRestPermissionEvaluatorPlugin.java
+++ b/dspace-server-webapp/src/main/java/org/dspace/app/rest/security/AdminRestPermissionEvaluatorPlugin.java
@@ -20,6 +20,8 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Component;
 
@@ -29,6 +31,7 @@
  * the authenticated EPerson is allowed to perform the requested action.
  */
 @Component
+@Order(value = Ordered.HIGHEST_PRECEDENCE)
 public class AdminRestPermissionEvaluatorPlugin extends RestObjectPermissionEvaluatorPlugin {
 
     private static final Logger log = LoggerFactory.getLogger(RestObjectPermissionEvaluatorPlugin.class);
diff --git a/dspace-server-webapp/src/main/resources/application.properties b/dspace-server-webapp/src/main/resources/application.properties
index a10e0f98a00d..0c26d530b74c 100644
--- a/dspace-server-webapp/src/main/resources/application.properties
+++ b/dspace-server-webapp/src/main/resources/application.properties
@@ -37,6 +37,12 @@
 # NOTE: this configuration is filled out by Apache Ant during the DSpace install/update process. It does NOT
 # interact with or read its configuration from dspace.cfg.
 dspace.dir=${dspace.dir}
+
+########################
+# Servlet context path configuration for spring boot application running with embedded tomcat
+#
+server.servlet.context-path=/server
+
 ########################
 # Jackson serialization settings
 #
diff --git a/dspace-server-webapp/src/main/webapp/index.html b/dspace-server-webapp/src/main/resources/static/index.html
similarity index 100%
rename from dspace-server-webapp/src/main/webapp/index.html
rename to dspace-server-webapp/src/main/resources/static/index.html
diff --git a/dspace-server-webapp/src/main/webapp/js/hal/http/client.js b/dspace-server-webapp/src/main/resources/static/js/hal/http/client.js
similarity index 100%
rename from dspace-server-webapp/src/main/webapp/js/hal/http/client.js
rename to dspace-server-webapp/src/main/resources/static/js/hal/http/client.js
diff --git a/dspace-server-webapp/src/main/webapp/js/vendor/CustomPostForm.js b/dspace-server-webapp/src/main/resources/static/js/vendor/CustomPostForm.js
similarity index 100%
rename from dspace-server-webapp/src/main/webapp/js/vendor/CustomPostForm.js
rename to dspace-server-webapp/src/main/resources/static/js/vendor/CustomPostForm.js
diff --git a/dspace-server-webapp/src/main/webapp/login.html b/dspace-server-webapp/src/main/resources/static/login.html
similarity index 100%
rename from dspace-server-webapp/src/main/webapp/login.html
rename to dspace-server-webapp/src/main/resources/static/login.html
diff --git a/dspace-server-webapp/src/main/webapp/styles.css b/dspace-server-webapp/src/main/resources/static/styles.css
similarity index 100%
rename from dspace-server-webapp/src/main/webapp/styles.css
rename to dspace-server-webapp/src/main/resources/static/styles.css
diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/TestApplication.java b/dspace-server-webapp/src/test/java/org/dspace/app/TestApplication.java
new file mode 100644
index 000000000000..8db55b6dedd1
--- /dev/null
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/TestApplication.java
@@ -0,0 +1,22 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app;
+
+import org.dspace.app.rest.WebApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+/**
+ * Spring boot application for integration tests.
+ *
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
+ *
+ */
+@SpringBootApplication(scanBasePackageClasses = WebApplication.class)
+public class TestApplication {
+
+}
diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/GenericAuthorizationFeatureIT.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/GenericAuthorizationFeatureIT.java
index a93a964d36de..0ac7eea4250d 100644
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/GenericAuthorizationFeatureIT.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/authorization/GenericAuthorizationFeatureIT.java
@@ -37,6 +37,7 @@
 import org.junit.Before;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.web.servlet.ResultActions;
 
 /**
  * Test for the following authorization features:
@@ -52,6 +53,8 @@
  */
 public class GenericAuthorizationFeatureIT extends AbstractControllerIntegrationTest {
 
+    private static final int SIZE = 100;
+
     @Autowired
     ConfigurationService configurationService;
 
@@ -208,215 +211,163 @@ private void testAdminsHavePermissionsAllDso(String feature) throws Exception {
         String siteId = ContentServiceFactory.getInstance().getSiteService().findSite(context).getID().toString();
 
         // Verify the general admin has this feature on the site
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/sites/" + siteId))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/sites/" + siteId)
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin doesn’t have this feature on the site
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/sites/" + siteId))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/sites/" + siteId)
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on community A
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(adminToken,"http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on community A
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on community AA
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin doesn’t have this feature on community A
-        getClient(collectionXAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify community A admin doesn’t have this feature on community B
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityB.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/communities/" + communityB.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on collection X
-        getClient(adminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on collection X
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on collection X
-        getClient(collectionXAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin doesn’t have this feature on collection X
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X admin doesn’t have this feature on collection Y
-        getClient(collectionXAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/collections/" + collectionY.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/collections/" + collectionY.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on item 1
-        getClient(adminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on item 1
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on item 1
-        getClient(collectionXAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin has this feature on item 1
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin doesn’t have this feature on item 2
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item2.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/items/" + item2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on the bundle in item 1
-        getClient(adminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on the bundle in item 1
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on the bundle in item 1
-        getClient(collectionXAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin has this feature on the bundle in item 1
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin doesn’t have this feature on the bundle in item 2
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bundles/" + bundle2.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bundles/" + bundle2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on the bitstream in item 1
-        getClient(adminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on the bitstream in item 1
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on the bitstream in item 1
-        getClient(collectionXAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin has this feature on the bitstream in item 1
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin doesn’t have this feature on the bitstream in item 2
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bitstreams/" + bitstream2.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bitstreams/" + bitstream2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -429,41 +380,31 @@ private void testAdminsHavePermissionsItem(String feature) throws Exception {
         String item1AdminToken = getAuthToken(item1Admin.getEmail(), password);
 
         // Verify the general admin has this feature on item 1
-        getClient(adminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on item 1
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on item 1
-        getClient(collectionXAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin has this feature on item 1
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin doesn’t have this feature on item 2
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item2.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/items/" + item2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -478,73 +419,55 @@ private void testWriteUsersHavePermissionsAllDso(String feature, boolean hasDSOA
         // Verify community A write has this feature on community A if the boolean parameter is true
         // (or doesn’t have access otherwise)
         if (hasDSOAccess) {
-            getClient(communityAWriterToken).perform(
-                get("/api/authz/authorizations/search/object?embed=feature&uri="
-                    + "http://localhost/api/core/communities/" + communityA.getID()))
+            getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/communities/" + communityA.getID())
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                     + feature + "')]").exists());
         } else {
-            getClient(communityAWriterToken).perform(
-                get("/api/authz/authorizations/search/object?embed=feature&uri="
-                    + "http://localhost/api/core/communities/" + communityA.getID()))
+            getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/communities/" + communityA.getID())
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                     + feature + "')]").doesNotExist());
         }
 
         // Verify community A write doesn’t have this feature on community AA
-        getClient(communityAWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify community A write doesn’t have this feature on collection X
-        getClient(communityAWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify community A write doesn’t have this feature on item 1
-        getClient(communityAWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify community A write doesn’t have this feature on the bundle in item 1
-        getClient(communityAWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify community A write doesn’t have this feature on the bitstream in item 1
-        getClient(communityAWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X write doesn’t have this feature on community A
-        getClient(collectionXWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X write doesn’t have this feature on community AA
-        getClient(collectionXWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -552,65 +475,49 @@ private void testWriteUsersHavePermissionsAllDso(String feature, boolean hasDSOA
         // Verify collection X write has this feature on collection X if the boolean parameter is true
         // (or doesn’t have access otherwise)
         if (hasDSOAccess) {
-            getClient(collectionXWriterToken).perform(
-                get("/api/authz/authorizations/search/object?embed=feature&uri="
-                    + "http://localhost/api/core/collections/" + collectionX.getID()))
+            getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/collections/" + collectionX.getID())
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                     + feature + "')]").exists());
         } else {
-            getClient(collectionXWriterToken).perform(
-                get("/api/authz/authorizations/search/object?embed=feature&uri="
-                    + "http://localhost/api/core/collections/" + collectionX.getID()))
+            getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/collections/" + collectionX.getID())
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                     + feature + "')]").doesNotExist());
         }
 
         // Verify collection X write doesn’t have this feature on item 1
-        getClient(collectionXWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X write doesn’t have this feature on the bundle in item 1
-        getClient(collectionXWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X write doesn’t have this feature on the bitstream in item 1
-        getClient(collectionXWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 write doesn’t have this feature on community A
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 write doesn’t have this feature on community AA
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 write doesn’t have this feature on collection X
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -618,57 +525,43 @@ private void testWriteUsersHavePermissionsAllDso(String feature, boolean hasDSOA
         // Verify item 1 write has this feature on item 1 if the boolean parameter is true
         // (or doesn’t have access otherwise)
         if (hasDSOAccess) {
-            getClient(item1WriterToken).perform(
-                get("/api/authz/authorizations/search/object?embed=feature&uri="
-                    + "http://localhost/api/core/items/" + item1.getID()))
+            getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item1.getID())
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                     + feature + "')]").exists());
         } else {
-            getClient(item1WriterToken).perform(
-                get("/api/authz/authorizations/search/object?embed=feature&uri="
-                    + "http://localhost/api/core/items/" + item1.getID()))
+            getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item1.getID())
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                     + feature + "')]").doesNotExist());
         }
 
         // Verify item 1 write doesn’t have this feature on the bundle in item 1
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 write doesn’t have this feature on the bitstream in item 1
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify community A write doesn’t have this feature on community B
-        getClient(communityAWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/communities/" + communityB.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/communities/" + communityB.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X write doesn’t have this feature on collection Y
-        getClient(collectionXWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/collections/" + collectionY.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/collections/" + collectionY.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 write doesn’t have this feature on item 2
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item2.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -680,17 +573,13 @@ private void testWriteUsersHavePermissionsItem(String feature, boolean hasDSOAcc
         String item1WriterToken = getAuthToken(item1Writer.getEmail(), password);
 
         // Verify community A write doesn’t have this feature on item 1
-        getClient(communityAWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X write doesn’t have this feature on item 1
-        getClient(collectionXWriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -698,25 +587,19 @@ private void testWriteUsersHavePermissionsItem(String feature, boolean hasDSOAcc
         // Verify item 1 write has this feature on item 1 if the boolean parameter is true
         // (or doesn’t have access otherwise)
         if (hasDSOAccess) {
-            getClient(item1WriterToken).perform(
-                get("/api/authz/authorizations/search/object?embed=feature&uri="
-                    + "http://localhost/api/core/items/" + item1.getID()))
+            getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item1.getID())
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                     + feature + "')]").exists());
         } else {
-            getClient(item1WriterToken).perform(
-                get("/api/authz/authorizations/search/object?embed=feature&uri="
-                    + "http://localhost/api/core/items/" + item1.getID()))
+            getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item1.getID())
                 .andExpect(status().isOk())
                 .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                     + feature + "')]").doesNotExist());
         }
 
         // Verify item 1 write doesn’t have this feature on item 2
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item2.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -754,42 +637,31 @@ public void testCanMoveAdmin() throws Exception {
         final String feature = "canMove";
 
         // Verify the general admin has this feature on item 1
-        getClient(adminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID())
-            .param("size", "30"))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on item 1
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on item 1
-        getClient(collectionXAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin doesn’t have this feature on item 1
-        getClient(item1AdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify community A admin doesn’t have this feature on item 2
-        getClient(communityAAdminToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item2.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/items/" + item2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -806,9 +678,7 @@ public void testCanMoveAdmin() throws Exception {
         context.restoreAuthSystemState();
 
         // verify item 1 write has this feature on item 1
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]")
                 .exists());
@@ -829,9 +699,7 @@ public void testCanMoveWriter() throws Exception {
 
         String item1WriterToken = getAuthToken(item1Writer.getEmail(), password);
         // verify item 1 write has this feature on item 1
-        getClient(item1WriterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-                + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='canMove')]")
                 .exists());
@@ -867,29 +735,25 @@ public void testCanDeleteAdmin() throws Exception {
         final String feature = "canDelete";
 
         // Verify the general admin doesn’t have this feature on the site
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/sites/" + siteId))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/sites/" + siteId)
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on community A
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on community A
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on community AA
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
@@ -908,162 +772,139 @@ public void testCanDeleteAdmin() throws Exception {
             .build();
         context.restoreAuthSystemState();
         String communityAAAdminToken = getAuthToken(communityAAAdmin.getEmail(), password);
-        getClient(communityAAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(communityAAAdminToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X admin doesn’t have this feature on community A
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify community A admin doesn’t have this feature on community B
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityB.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/communities/" + communityB.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on collection X
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on collection X
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin doesn’t have this feature on collection X
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 admin doesn’t have this feature on collection X
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X admin doesn’t have this feature on collection Y
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionY.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/collections/" + collectionY.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on item 1
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on item 1
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAAdminToken,"http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on item 1
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken,"http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin doesn’t have this feature on item 1
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 admin doesn’t have this feature on item 2
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item2.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/items/" + item2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on the bundle in item 1
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on the bundle in item 1
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on the bundle in item 1
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin has this feature on the bundle in item 1
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin doesn’t have this feature on the bundle in item 2
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle2.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bundles/" + bundle2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify the general admin has this feature on the bitstream in item 1
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on the bitstream in item 1
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on the bitstream in item 1
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin has this feature on the bitstream in item 1
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin doesn’t have this feature on the bitstream in item 2
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bitstreams/" + bitstream2.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bitstreams/" + bitstream2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1090,8 +931,7 @@ public void testCanDeleteAdminParent() throws Exception {
         context.restoreAuthSystemState();
         String communityAAAdminToken = getAuthToken(communityAAAdmin.getEmail(), password);
         //verify the community AA admin has this feature on community AA
-        getClient(communityAAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(communityAAAdminToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
@@ -1105,8 +945,7 @@ public void testCanDeleteAdminParent() throws Exception {
             .build();
         context.restoreAuthSystemState();
         // verify collection X admin has this feature on collection X
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
@@ -1120,8 +959,7 @@ public void testCanDeleteAdminParent() throws Exception {
             .build();
         context.restoreAuthSystemState();
         // verify item 1 admin has this feature on item 1
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
@@ -1151,14 +989,12 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String communityADeleterToken = getAuthToken(communityADeleter.getEmail(), password);
         // Verify the user has this feature on community A
-        getClient(communityADeleterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(communityADeleterToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
         // Verify this user doesn’t have this feature on community AA
-        getClient(communityADeleterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(communityADeleterToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1179,20 +1015,17 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String communityARemoverToken = getAuthToken(communityARemover.getEmail(), password);
         // Verify the user has this feature on community AA
-        getClient(communityARemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(communityARemoverToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
         // Verify this user doesn’t have this feature on community A
-        getClient(communityARemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityA.getID()))
+        getAuthorizationFeatures(communityARemoverToken, "http://localhost/api/core/communities/" + communityA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
         // Verify this user doesn’t have this feature on collection X
-        getClient(communityARemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(communityARemoverToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1212,20 +1045,17 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String communityAARemoverToken = getAuthToken(communityAARemover.getEmail(), password);
         // Verify the user has this feature on collection X
-        getClient(communityAARemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(communityAARemoverToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
         // Verify this user doesn’t have this feature on community AA
-        getClient(communityAARemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/communities/" + communityAA.getID()))
+        getAuthorizationFeatures(communityAARemoverToken, "http://localhost/api/core/communities/" + communityAA.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
         // Verify this user doesn’t have this feature on item 1
-        getClient(communityAARemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAARemoverToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1245,8 +1075,7 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String collectionXRemoverToken = getAuthToken(collectionXRemover.getEmail(), password);
         // Verify the user doesn’t have this feature on item 1
-        getClient(collectionXRemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXRemoverToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1266,8 +1095,7 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String item1DeleterToken = getAuthToken(item1Deleter.getEmail(), password);
         // Verify the user doesn’t have this feature on item 1
-        getClient(item1DeleterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1DeleterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1292,23 +1120,17 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String collectionXRemoverItem1DeleterToken = getAuthToken(collectionXRemoverItem1Deleter.getEmail(), password);
         // Verify the user has this feature on item 1
-        getClient(collectionXRemoverItem1DeleterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXRemoverItem1DeleterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
         // Verify this user doesn’t have this feature on collection X
-        getClient(collectionXRemoverItem1DeleterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/collections/" + collectionX.getID()))
+        getAuthorizationFeatures(collectionXRemoverItem1DeleterToken, "http://localhost/api/core/collections/" + collectionX.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
         // Verify this user doesn’t have this feature on the bundle in item 1
-        getClient(collectionXRemoverItem1DeleterToken).perform(
-            get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(collectionXRemoverItem1DeleterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1328,20 +1150,17 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String item1RemoverToken = getAuthToken(item1Remover.getEmail(), password);
         // Verify the user has this feature on the bundle in item 1
-        getClient(item1RemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(item1RemoverToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
         // Verify this user doesn’t have this feature on item 1
-        getClient(item1RemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1RemoverToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
         // Verify this user doesn’t have this feature on the bitstream in item 1
-        getClient(item1RemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(item1RemoverToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1361,8 +1180,7 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String bundle1RemoverToken = getAuthToken(bundle1Remover.getEmail(), password);
         // Verify the user doesn’t have this feature on the bitstream in item 1
-        getClient(bundle1RemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(bundle1RemoverToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1388,8 +1206,7 @@ public void testCanDeleteMinimalPermissions() throws Exception {
         context.restoreAuthSystemState();
         String bundle1item1RemoverToken = getAuthToken(bundle1item1Remover.getEmail(), password);
         // Verify the user has this feature on the bitstream in item 1
-        getClient(bundle1item1RemoverToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bitstreams/" + bitstream1.getID()))
+        getAuthorizationFeatures(bundle1item1RemoverToken, "http://localhost/api/core/bitstreams/" + bitstream1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1404,36 +1221,31 @@ public void testCanReorderBitstreamsAdmin() throws Exception {
         final String feature = "canReorderBitstreams";
 
         // Verify the general admin has this feature on the bundle in item 1
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on the bundle in item 1
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on the bundle in item 1
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin has this feature on the bundle in item 1
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin doesn’t have this feature on the bundle in item 2
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle2.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/bundles/" + bundle2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1447,28 +1259,24 @@ public void testCanReorderBitstreamsWriter() throws Exception {
         final String feature = "canReorderBitstreams";
 
         // Verify community A write doesn’t have this feature on the bundle in item 1
-        getClient(communityAWriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
         // Verify collection X write doesn’t have this feature on the bundle in item 1
-        getClient(collectionXWriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
         // Verify item 1 write doesn’t have this feature on the bundle in item 1
-        getClient(item1WriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Create a new user, grant WRITE permissions on the bundle in item 1 to this user
         // Verify the user has this feature on the bundle in item 1
-        getClient(communityAWriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1483,36 +1291,31 @@ public void testCanCreateBitstreamAdmin() throws Exception {
         final String feature = "canCreateBitstream";
 
         // Verify the general admin has this feature on the bundle in item 1
-        getClient(adminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(adminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin has this feature on the bundle in item 1
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify collection X admin has this feature on the bundle in item 1
-        getClient(collectionXAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(collectionXAdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify item 1 admin has this feature on the bundle in item 1
-        getClient(item1AdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(item1AdminToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
 
         // Verify community A admin doesn’t have this feature on the bundle in item 2
-        getClient(communityAAdminToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle2.getID()))
+        getAuthorizationFeatures(communityAAdminToken, "http://localhost/api/core/bundles/" + bundle2.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1526,22 +1329,19 @@ public void testCanCreateBitstreamWriter() throws Exception {
         final String feature = "canCreateBitstream";
 
         // Verify community A write doesn’t have this feature on the bundle in item 1
-        getClient(communityAWriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X write doesn’t have this feature on the bundle in item 1
-        getClient(collectionXWriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 write doesn’t have this feature on the bundle in item 1
-        getClient(item1WriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1561,8 +1361,7 @@ public void testCanCreateBitstreamWriter() throws Exception {
         context.restoreAuthSystemState();
         String bundle1WriterToken = getAuthToken(bundle1Writer.getEmail(), password);
         // Verify the user doesn’t have this feature on the bundle in item 1
-        getClient(bundle1WriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(bundle1WriterToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1582,8 +1381,7 @@ public void testCanCreateBitstreamWriter() throws Exception {
         context.restoreAuthSystemState();
         String bundle1AdderToken = getAuthToken(bundle1Adder.getEmail(), password);
         // Verify the user doesn’t have this feature on the bundle in item 1
-        getClient(bundle1AdderToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(bundle1AdderToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1619,8 +1417,7 @@ public void testCanCreateBitstreamWriter() throws Exception {
         context.restoreAuthSystemState();
         String bundle1WriterAdderToken = getAuthToken(bundle1WriterAdder.getEmail(), password);
         // Verify the user has this feature on the bundle in item 1
-        getClient(bundle1WriterAdderToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/bundles/" + bundle1.getID()))
+        getAuthorizationFeatures(bundle1WriterAdderToken, "http://localhost/api/core/bundles/" + bundle1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
@@ -1639,22 +1436,19 @@ public void testCanCreateBundleWriter() throws Exception {
         final String feature = "canCreateBundle";
 
         // Verify community A write doesn’t have this feature on item 1
-        getClient(communityAWriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(communityAWriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify collection X write doesn’t have this feature on item 1
-        getClient(collectionXWriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(collectionXWriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
 
         // Verify item 1 write doesn’t have this feature on item 1
-        getClient(item1WriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1WriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").doesNotExist());
@@ -1679,10 +1473,22 @@ public void testCanCreateBundleWriter() throws Exception {
         context.restoreAuthSystemState();
         String item1AdderWriterToken = getAuthToken(item1AdderWriter.getEmail(), password);
         // Verify the user has this feature on item 1
-        getClient(item1AdderWriterToken).perform(get("/api/authz/authorizations/search/object?embed=feature&uri="
-            + "http://localhost/api/core/items/" + item1.getID()))
+        getAuthorizationFeatures(item1AdderWriterToken, "http://localhost/api/core/items/" + item1.getID())
             .andExpect(status().isOk())
             .andExpect(jsonPath("$._embedded.authorizations[?(@._embedded.feature.id=='"
                 + feature + "')]").exists());
     }
+
+    private ResultActions getAuthorizationFeatures(String adminToken, String uri) throws Exception {
+        return getAuthorizationFeatures(adminToken, uri, SIZE);
+    }
+
+    private ResultActions getAuthorizationFeatures(String adminToken, String uri, int size) throws Exception {
+        return getClient(adminToken)
+            .perform(
+                get(
+                    "/api/authz/authorizations/search/object?size=" + size + "&embed=feature&uri=" + uri
+                )
+            );
+    }
 }
\ No newline at end of file
diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/test/AbstractControllerIntegrationTest.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/test/AbstractControllerIntegrationTest.java
index 00339ba2e482..4ec66fb00081 100644
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/test/AbstractControllerIntegrationTest.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/test/AbstractControllerIntegrationTest.java
@@ -23,7 +23,7 @@
 import com.fasterxml.jackson.databind.ObjectMapper;
 import org.apache.commons.lang3.StringUtils;
 import org.dspace.AbstractIntegrationTestWithDatabase;
-import org.dspace.app.rest.Application;
+import org.dspace.app.TestApplication;
 import org.dspace.app.rest.model.patch.Operation;
 import org.dspace.app.rest.utils.DSpaceConfigurationInitializer;
 import org.dspace.app.rest.utils.DSpaceKernelInitializer;
@@ -68,7 +68,7 @@
 // Specify main class to use to load Spring ApplicationContext
 // NOTE: By default, Spring caches and reuses ApplicationContext for each integration test (to speed up tests)
 // See: https://docs.spring.io/spring/docs/current/spring-framework-reference/testing.html#integration-testing
-@SpringBootTest(classes = Application.class)
+@SpringBootTest(classes = TestApplication.class)
 // Load DSpace initializers in Spring ApplicationContext (to initialize DSpace Kernel & Configuration)
 @ContextConfiguration(initializers = { DSpaceKernelInitializer.class, DSpaceConfigurationInitializer.class })
 // Tell Spring to make ApplicationContext an instance of WebApplicationContext (for web-based tests)
diff --git a/dspace-server-webapp/src/test/java/org/dspace/app/rest/test/AbstractWebClientIntegrationTest.java b/dspace-server-webapp/src/test/java/org/dspace/app/rest/test/AbstractWebClientIntegrationTest.java
index 6556624c6b11..be0a27b4ebd1 100644
--- a/dspace-server-webapp/src/test/java/org/dspace/app/rest/test/AbstractWebClientIntegrationTest.java
+++ b/dspace-server-webapp/src/test/java/org/dspace/app/rest/test/AbstractWebClientIntegrationTest.java
@@ -9,7 +9,7 @@
 
 import org.apache.commons.lang3.StringUtils;
 import org.dspace.AbstractIntegrationTestWithDatabase;
-import org.dspace.app.rest.Application;
+import org.dspace.app.TestApplication;
 import org.dspace.app.rest.utils.DSpaceConfigurationInitializer;
 import org.dspace.app.rest.utils.DSpaceKernelInitializer;
 import org.junit.runner.RunWith;
@@ -46,7 +46,7 @@
 // ALSO tell Spring to start a web server on a random port
 // NOTE: By default, Spring caches and reuses ApplicationContext for each integration test (to speed up tests)
 // See: https://docs.spring.io/spring/docs/current/spring-framework-reference/testing.html#integration-testing
-@SpringBootTest(classes = Application.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
+@SpringBootTest(classes = TestApplication.class, webEnvironment = SpringBootTest.WebEnvironment.RANDOM_PORT)
 // Load DSpace initializers in Spring ApplicationContext (to initialize DSpace Kernel & Configuration)
 @ContextConfiguration(initializers = { DSpaceKernelInitializer.class, DSpaceConfigurationInitializer.class })
 // Load our src/test/resources/application-test.properties to override some settings in default application.properties
diff --git a/dspace-server-webapp/src/test/resources/application-test.properties b/dspace-server-webapp/src/test/resources/application-test.properties
index 9a396cf8e5b1..bd9e2ea4a17b 100644
--- a/dspace-server-webapp/src/test/resources/application-test.properties
+++ b/dspace-server-webapp/src/test/resources/application-test.properties
@@ -14,4 +14,7 @@
 
 ## Log4j2 configuration for test environment
 ## This file is found on classpath at src/test/resources/log4j2-test.xml
-logging.config = classpath:log4j2-test.xml
\ No newline at end of file
+logging.config = classpath:log4j2-test.xml
+
+# Our integration tests expect application to be deployed at the root path (/)
+server.servlet.context-path=/
\ No newline at end of file
diff --git a/dspace/modules/pom.xml b/dspace/modules/pom.xml
index af44a7efc2e7..00f691235bc4 100644
--- a/dspace/modules/pom.xml
+++ b/dspace/modules/pom.xml
@@ -64,5 +64,16 @@
                 <module>server</module>
             </modules>
         </profile>
+        <profile>
+            <id>dspace-server-webapp-boot</id>
+            <activation>
+                <file>
+                    <exists>server-boot/pom.xml</exists>
+                </file>
+            </activation>
+            <modules>
+                <module>server-boot</module>
+            </modules>
+        </profile>
     </profiles>
 </project>
diff --git a/dspace/modules/server-boot/pom.xml b/dspace/modules/server-boot/pom.xml
new file mode 100644
index 000000000000..ee23c8ee7bc7
--- /dev/null
+++ b/dspace/modules/server-boot/pom.xml
@@ -0,0 +1,123 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <groupId>org.dspace</groupId>
+    <artifactId>server-boot</artifactId>
+    <name>DSpace Server Webapp:: Executable JAR</name>
+
+    <!--
+      A Parent POM that Maven inherits DSpace Default
+      POM attributes from.
+    -->
+    <parent>
+        <artifactId>modules</artifactId>
+        <groupId>org.dspace</groupId>
+        <version>cris-2023.02.02-SNAPSHOT</version>
+        <relativePath>..</relativePath>
+    </parent>
+
+    <properties>
+        <!-- This is the path to the root [dspace-src] directory. -->
+        <root.basedir>${basedir}/../../..</root.basedir>
+    </properties>
+
+    <dependencies>
+
+        <dependency>
+            <groupId>org.dspace.modules</groupId>
+            <artifactId>additions</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.dspace</groupId>
+            <artifactId>dspace-server-webapp</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.solr</groupId>
+            <artifactId>solr-solrj</artifactId>
+        </dependency>
+
+        <!-- Test Dependencies -->
+        <dependency>
+            <groupId>org.dspace</groupId>
+            <artifactId>dspace-api</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.dspace</groupId>
+            <artifactId>dspace-server-webapp</artifactId>
+            <type>test-jar</type>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <version>${spring-security.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.jayway.jsonpath</groupId>
+            <artifactId>json-path-assert</artifactId>
+            <version>${json-path.version}</version>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.h2database</groupId>
+            <artifactId>h2</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-inline</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <!-- Solr Core is only needed for Integration Tests (to run a MockSolrServer) -->
+        <!-- The following Solr / Lucene dependencies also support integration tests -->
+        <dependency>
+            <groupId>org.apache.solr</groupId>
+            <artifactId>solr-core</artifactId>
+            <version>${solr.client.version}</version>
+            <scope>test</scope>
+            <exclusions>
+                <!-- Newer version brought in by opencsv -->
+                <exclusion>
+                    <groupId>org.apache.commons</groupId>
+                    <artifactId>commons-text</artifactId>
+                </exclusion>
+            </exclusions>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.lucene</groupId>
+            <artifactId>lucene-analyzers-icu</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+    </dependencies>
+    
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+                <version>${spring-boot.version}</version>
+                <executions>
+                    <execution>
+                        <goals>
+                            <goal>repackage</goal>
+                        </goals>
+                    </execution>
+            </executions>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
diff --git a/dspace/modules/server-boot/src/main/java/org/dspace/app/ServerBootApplication.java b/dspace/modules/server-boot/src/main/java/org/dspace/app/ServerBootApplication.java
new file mode 100644
index 000000000000..5efa79a02aca
--- /dev/null
+++ b/dspace/modules/server-boot/src/main/java/org/dspace/app/ServerBootApplication.java
@@ -0,0 +1,33 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app;
+
+import org.dspace.app.rest.WebApplication;
+import org.dspace.app.rest.utils.DSpaceConfigurationInitializer;
+import org.dspace.app.rest.utils.DSpaceKernelInitializer;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+
+/**
+ * Define the Spring Boot Application settings itself to be runned using an
+ * embedded application server.
+ * 
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
+ *
+ */
+@SuppressWarnings({ "checkstyle:hideutilityclassconstructor" })
+@SpringBootApplication(scanBasePackageClasses = WebApplication.class)
+public class ServerBootApplication {
+
+    public static void main(String[] args) {
+        new SpringApplicationBuilder(ServerBootApplication.class)
+            .initializers(new DSpaceKernelInitializer(), new DSpaceConfigurationInitializer())
+            .run(args);
+    }
+
+}
diff --git a/dspace/modules/server/pom.xml b/dspace/modules/server/pom.xml
index e8a714dfd25e..3797e809dca5 100644
--- a/dspace/modules/server/pom.xml
+++ b/dspace/modules/server/pom.xml
@@ -3,13 +3,7 @@
     <groupId>org.dspace.modules</groupId>
     <artifactId>server</artifactId>
     <packaging>war</packaging>
-    <name>DSpace Server Webapp:: Local Customizations</name>
-    <description>Overlay customizations.
-This is probably a temporary solution to the build problems. We like to investigate about
-the possibility to remove the overlays enable a more flexible extension mechanism.
-The use of web-fragment and spring mvc technology allow us to add request handlers
-just adding new jar in the classloader</description>
-
+    <name>DSpace Server Webapp:: Tomcat deployable WAR</name>
     <parent>
         <artifactId>modules</artifactId>
         <groupId>org.dspace</groupId>
@@ -18,6 +12,7 @@ just adding new jar in the classloader</description>
     </parent>
 
     <properties>
+        <dspace.version>cris-2023.02.02-SNAPSHOT</dspace.version>
         <!-- This is the path to the root [dspace-src] directory. -->
         <root.basedir>${basedir}/../../..</root.basedir>
     </properties>
@@ -73,6 +68,26 @@ just adding new jar in the classloader</description>
                     </execution>
                 </executions>
             </plugin>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-dependency-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>unpack</id>
+                        <phase>prepare-package</phase>
+                        <goals>
+                            <goal>unpack-dependencies</goal>
+                        </goals>
+                        <configuration>
+                            <includeScope>runtime</includeScope>
+                            <includeGroupIds>org.dspace</includeGroupIds>
+                            <includeArtifactIds>dspace-server-webapp</includeArtifactIds>
+                            <includes>**/static/**,**/*.properties</includes>
+                            <outputDirectory>${project.build.directory}/additions</outputDirectory>
+                        </configuration>
+                    </execution>
+                </executions>
+            </plugin>
             <!-- This plugin allows us to run a Groovy script in our Maven POM
                  (see: https://groovy.github.io/gmaven/groovy-maven-plugin/execute.html )
                  We are generating a OS-agnostic version (agnostic.build.dir) of
@@ -255,12 +270,12 @@ just adding new jar in the classloader</description>
         <dependency>
             <groupId>org.dspace</groupId>
             <artifactId>dspace-server-webapp</artifactId>
-            <classifier>classes</classifier>
         </dependency>
         <dependency>
-            <groupId>org.dspace</groupId>
-            <artifactId>dspace-server-webapp</artifactId>
-            <type>war</type>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-tomcat</artifactId>
+            <scope>provided</scope>
+            <version>${spring-boot.version}</version>
         </dependency>
         <dependency>
             <groupId>org.apache.solr</groupId>
diff --git a/dspace/modules/server/src/main/java/org/dspace/app/ServerApplication.java b/dspace/modules/server/src/main/java/org/dspace/app/ServerApplication.java
new file mode 100644
index 000000000000..34acc778b7f3
--- /dev/null
+++ b/dspace/modules/server/src/main/java/org/dspace/app/ServerApplication.java
@@ -0,0 +1,52 @@
+/**
+ * The contents of this file are subject to the license and copyright
+ * detailed in the LICENSE and NOTICE files at the root of the source
+ * tree and available online at
+ *
+ * http://www.dspace.org/license/
+ */
+package org.dspace.app;
+
+import org.dspace.app.rest.WebApplication;
+import org.dspace.app.rest.utils.DSpaceConfigurationInitializer;
+import org.dspace.app.rest.utils.DSpaceKernelInitializer;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+
+/**
+ * Define the Spring Boot Application settings itself. This class takes the place
+ * of a web.xml file, and configures all Filters/Listeners as methods (see below).
+ * <p>
+ * NOTE: Requires a Servlet 3.0 container, e.g. Tomcat 7.0 or above.
+ * <p>
+ * NOTE: This extends SpringBootServletInitializer in order to allow us to build
+ * a deployable WAR file with Spring Boot. See:
+ * http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-create-a-deployable-war-file
+ * 
+ * @author Luca Giamminonni (luca.giamminonni at 4science.it)
+ *
+ */
+@SpringBootApplication(scanBasePackageClasses = WebApplication.class)
+public class ServerApplication extends SpringBootServletInitializer {
+
+    /**
+     * Override the default SpringBootServletInitializer.configure() method,
+     * passing it this Application class.
+     * <p>
+     * This is necessary to allow us to build a deployable WAR, rather than
+     * always relying on embedded Tomcat.
+     * <p>
+     * See: http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/#howto-create-a-deployable-war-file
+     *
+     * @param application
+     * @return
+     */
+    @Override
+    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
+        // Pass this Application class, and our initializers for DSpace Kernel and Configuration
+        // NOTE: Kernel must be initialized before Configuration
+        return application.sources(ServerApplication.class)
+                          .initializers(new DSpaceKernelInitializer(), new DSpaceConfigurationInitializer());
+    }
+}
diff --git a/dspace/pom.xml b/dspace/pom.xml
index 9d21239d1034..85b98dbb10d5 100644
--- a/dspace/pom.xml
+++ b/dspace/pom.xml
@@ -217,7 +217,6 @@
                 <dependency>
                     <groupId>org.dspace</groupId>
                     <artifactId>dspace-server-webapp</artifactId>
-                    <type>war</type>
                     <scope>compile</scope>
                 </dependency>
                 <dependency>
diff --git a/pom.xml b/pom.xml
index 7cfaf08e0011..09b01d200b50 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1172,14 +1172,6 @@
                 <groupId>org.dspace</groupId>
                 <artifactId>dspace-server-webapp</artifactId>
                 <version>cris-2023.02.02-SNAPSHOT</version>
-                <type>jar</type>
-                <classifier>classes</classifier>
-            </dependency>
-            <dependency>
-                <groupId>org.dspace</groupId>
-                <artifactId>dspace-server-webapp</artifactId>
-                <version>cris-2023.02.02-SNAPSHOT</version>
-                <type>war</type>
             </dependency>
             <!-- DSpace API Localization Packages -->
             <dependency>