@Test
  public void test() throws Exception {
    // use admin
    TestContext testContext = TestContainer.getInstance().getTestContext();

    // user is created at security.xml

    testContext.setUsername(NEXUS504_USER);
    testContext.setPassword(TEST_USER_PASSWORD);

    assertThat(UserCreationUtil.login(), hasStatusCode(403));

    // add login privilege to role
    testContext.useAdminForRequests();

    RoleResource role = roleUtil.getRole(NEXUS504_ROLE);
    role.addPrivilege("2" /* login */);
    assertThat(
        "Unable to add login privilege to role "
            + NEXUS504_ROLE
            + "\n"
            + RoleMessageUtil.update(role).getDescription(),
        RoleMessageUtil.update(role),
        isSuccess());

    // try to login again
    testContext.setUsername(NEXUS504_USER);
    testContext.setPassword(TEST_USER_PASSWORD);
    Status status2 = UserCreationUtil.login();
    assertThat(status2, hasStatusCode(200));
  }
  @Test
  public void createRoleTest() throws IOException {

    RoleResource resource = new RoleResource();

    resource.setDescription("Create Test Role");
    resource.setName("CreateRole");
    resource.setSessionTimeout(30);
    resource.addPrivilege("1");
    resource.addPrivilege("2");

    this.messageUtil.createRole(resource);
  }
  @Test
  public void listTest() throws IOException {

    RoleResource resource = new RoleResource();

    resource.setDescription("Create Test Role");
    resource.setName("ListTestRole");
    resource.setSessionTimeout(30);
    resource.addPrivilege("1");

    // create a role
    this.messageUtil.createRole(resource);

    // now that we have at least one element stored (more from other tests, most likely)

    // NEED to work around a GET problem with the REST client
    List<RoleResource> roles = this.messageUtil.getList();
    getSecurityConfigUtil().verifyRolesComplete(roles);
  }
  @Test
  @Category(SECURITY.class)
  public void deletePriv() throws Exception {
    RoleResource role = roleUtil.getRole(ROLE_ID);
    Assert.assertNotNull(role);
    MatcherAssert.assertThat(role.getPrivileges(), hasItems(PRIVS));
    privUtil.assertExists(PRIVS);

    // remove read
    Assert.assertTrue(privUtil.delete(READ_PRIV_ID).getStatus().isSuccess());
    role = roleUtil.getRole(ROLE_ID);
    MatcherAssert.assertThat(role.getPrivileges(), not(hasItems(READ_PRIV_ID)));
    MatcherAssert.assertThat(
        role.getPrivileges(), hasItems(CREATE_PRIV_ID, UPDATE_PRIV_ID, DELETE_PRIV_ID));

    // remove create
    Assert.assertTrue(privUtil.delete(CREATE_PRIV_ID).getStatus().isSuccess());
    role = roleUtil.getRole(ROLE_ID);
    MatcherAssert.assertThat(role.getPrivileges(), not(hasItems(READ_PRIV_ID, CREATE_PRIV_ID)));
    MatcherAssert.assertThat(role.getPrivileges(), hasItems(UPDATE_PRIV_ID, DELETE_PRIV_ID));

    // remove update
    Assert.assertTrue(privUtil.delete(UPDATE_PRIV_ID).getStatus().isSuccess());
    role = roleUtil.getRole(ROLE_ID);
    MatcherAssert.assertThat(
        role.getPrivileges(), not(hasItems(READ_PRIV_ID, CREATE_PRIV_ID, UPDATE_PRIV_ID)));
    MatcherAssert.assertThat(role.getPrivileges(), hasItems(DELETE_PRIV_ID));

    // remove delete
    Assert.assertTrue(privUtil.delete(DELETE_PRIV_ID).getStatus().isSuccess());
    role = roleUtil.getRole(ROLE_ID);
    MatcherAssert.assertThat(
        role.getPrivileges(),
        not(hasItems(READ_PRIV_ID, CREATE_PRIV_ID, UPDATE_PRIV_ID, DELETE_PRIV_ID)));
    Assert.assertTrue(role.getPrivileges().isEmpty());

    privUtil.assertNotExists(PRIVS);
  }
  @Test
  public void deleteTest() throws IOException {

    RoleResource resource = new RoleResource();

    resource.setDescription("Delete Test Role");
    resource.setName("deleteRole");
    resource.setSessionTimeout(1);
    resource.addPrivilege("7");
    resource.addPrivilege("8");

    RoleResource responseResource = this.messageUtil.createRole(resource);

    // use the new ID
    Response response = this.messageUtil.sendMessage(Method.DELETE, responseResource);

    if (!response.getStatus().isSuccess()) {
      Assert.fail("Could not delete Role: " + response.getStatus());
    }

    // TODO: check if deleted
    Assert.assertNull(getSecurityConfigUtil().getCRole(responseResource.getId()));
  }
  public void readTest() throws IOException {

    RoleResource resource = new RoleResource();

    resource.setDescription("Read Test Role");
    resource.setName("ReadRole");
    resource.setSessionTimeout(31);
    resource.addPrivilege("3");
    resource.addPrivilege("4");
    resource = this.messageUtil.createRole(resource);

    // get the Resource object
    RoleResource responseResource = this.messageUtil.getRole(resource.getId());

    Assert.assertEquals(resource.getId(), responseResource.getId());
    Assert.assertEquals(resource.getDescription(), responseResource.getDescription());
    Assert.assertEquals(resource.getName(), responseResource.getName());
    Assert.assertEquals(resource.getPrivileges(), responseResource.getPrivileges());
    Assert.assertEquals(resource.getRoles(), responseResource.getRoles());
  }
  @Test
  public void updateTest() throws IOException {

    RoleResource resource = new RoleResource();

    resource.setDescription("Update Test Role");
    resource.setName("UpdateRole");
    resource.setSessionTimeout(99999);
    resource.addPrivilege("5");
    resource.addPrivilege("4");

    RoleResource responseResource = this.messageUtil.createRole(resource);

    // update the Role
    // TODO: add tests that changes the Id
    resource.setId(responseResource.getId());
    resource.setName("UpdateRole Again");
    resource.setDescription("Update Test Role Again");
    resource.getPrivileges().clear(); // clear the privs
    resource.addPrivilege("6");
    resource.setSessionTimeout(10);

    Response response = this.messageUtil.sendMessage(Method.PUT, resource);

    if (!response.getStatus().isSuccess()) {
      Assert.fail("Could not update Role: " + response.getStatus());
    }

    // get the Resource object
    responseResource = this.messageUtil.getResourceFromResponse(response);

    Assert.assertEquals(resource.getId(), responseResource.getId());
    Assert.assertEquals(resource.getDescription(), responseResource.getDescription());
    Assert.assertEquals(resource.getName(), responseResource.getName());
    Assert.assertEquals(resource.getSessionTimeout(), responseResource.getSessionTimeout());
    Assert.assertEquals(resource.getPrivileges(), responseResource.getPrivileges());
    Assert.assertEquals(resource.getRoles(), responseResource.getRoles());

    getSecurityConfigUtil().verifyRole(resource);
  }