I have checked in the SPI for the client. Here is a test case in AS5 that tests the security client for simple/jaas. SASL implementation will be done in securirty 2.0.1 or later. http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/main/org/jboss... Here is the SPI for you: | public abstract class SecurityClient | { | public void login() throws LoginException | public void logout() | public void setSimple(Object username, Object credential) | public void setJAAS(String configName, CallbackHandler cbh) | public void setSASL(String mechanism, String authorizationId, | CallbackHandler cbh) | } | How does one get hold of the security client? Here are possible ways: | //Get the default | SecurityClient sc = null; | sc = SecurityClientFactory.getSecurityClient(); | assertNotNull("SecurityClient != null",sc); | | //Pass in a FQN | sc = SecurityClientFactory.getSecurityClient("org.jboss.security.client.JBossSecurityClient"); | assertNotNull("SecurityClient != null",sc); | | //Pass in a Class object whose instances are needed (Not big fan of this method) | sc = SecurityClientFactory.getSecurityClient(JBossSecurityClient.class); | assertNotNull("SecurityClient != null",sc); | Hopefully now your integration tests do not have to do SecurityAssociation.setPrincipal and SecurityAssociation.setCredential View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4042492#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...