@Test
  public void testAddUserAsAdmin() throws Exception {
    SecurityContext securityContext = new SecurityContextImpl();
    User user = new User("admin");
    user.setId(2L);
    user.setPassword("password");
    user.addRole(new Role(Constants.ADMIN_ROLE));
    UsernamePasswordAuthenticationToken token =
        new UsernamePasswordAuthenticationToken(
            user.getUsername(), user.getPassword(), user.getAuthorities());
    token.setDetails(user);
    securityContext.setAuthentication(token);
    SecurityContextHolder.setContext(securityContext);

    UserManager userManager = makeInterceptedTarget();
    final User adminUser = new User("admin");
    adminUser.setId(2L);

    context.checking(
        new Expectations() {
          {
            one(userDao).saveUser(with(same(adminUser)));
          }
        });

    userManager.saveUser(adminUser);
  }
  private UserManager makeInterceptedTarget() {
    ctx = new ClassPathXmlApplicationContext("/applicationContext-test.xml");

    UserManager userManager = (UserManager) ctx.getBean("target");

    // Mock the userDao
    userDao = context.mock(UserDao.class);
    userManager.setUserDao(userDao);
    return userManager;
  }
  // Test fix to http://issues.appfuse.org/browse/APF-96
  @Test
  public void testChangeToAdminRoleFromUserRole() throws Exception {
    UserManager userManager = makeInterceptedTarget();
    User user = new User("user");
    user.setId(1L);
    user.getRoles().add(new Role(Constants.ADMIN_ROLE));

    try {
      userManager.saveUser(user);
      fail("AccessDeniedException not thrown");
    } catch (AccessDeniedException expected) {
      assertNotNull(expected);
      assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
    }
  }
  @Test
  public void testAddUserWithoutAdminRole() throws Exception {
    Authentication auth = SecurityContextHolder.getContext().getAuthentication();
    assertTrue(auth.isAuthenticated());
    UserManager userManager = makeInterceptedTarget();
    User user = new User("admin");
    user.setId(2L);

    try {
      userManager.saveUser(user);
      fail("AccessDeniedException not thrown");
    } catch (AccessDeniedException expected) {
      assertNotNull(expected);
      Assert.assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
    }
  }
  // Test fix to http://issues.appfuse.org/browse/APF-96
  @Test
  public void testUpdateUserWithUserRole() throws Exception {
    UserManager userManager = makeInterceptedTarget();
    final User user = new User("user");
    user.setId(1L);
    user.getRoles().add(new Role(Constants.USER_ROLE));

    context.checking(
        new Expectations() {
          {
            one(userDao).saveUser(with(same(user)));
          }
        });

    userManager.saveUser(user);
  }