Set<Principal> roles = new HashSet<Principal>();
roles.add(new SimpleGroup("friend", p));
roles.add(new SimpleGroup("admin", p));
s.getPrincipals().addAll(roles);
LoginSecurityContext context = new DefaultSecurityContext(p, s);
assertTrue(context.isUserInRole("friend"));
assertTrue(context.isUserInRole("admin"));
assertFalse(context.isUserInRole("bar"));
Set<Principal> roles2 = context.getUserRoles();
assertEquals(roles2, roles);
}