Here's a tip if you are trying to do some unit testing with Acegi Security - particularly if you are doing role based authorization of method calls on your manager objects via interception. Basically, a secure method interceptor will a) need an authentication token to play with, and b) a way to

find out what authorities the user has.

We need to cater for this when running the tests.