um.addUser( u1 );
assertEquals( 3, um.getUsers().size() );
// find an existing user
User user = um.findUser( "root" );
assertNotNull( user );
assertEquals( "root@somedomain.com", user.getEmail() );
assertEquals( "root", user.getPrincipal() );
assertEquals( "Root User", user.getFullName() );
// test if the plain string password is encoded and NULL'ified