identity.getCredentials().setPassword("bar");
assert("foo".equals(identity.getCredentials().getUsername()));
assert("bar".equals(identity.getCredentials().getPassword()));
assert("loggedIn".equals(identity.login()));
assert(identity.isLoggedIn());
// Pre-authenticated roles are cleared before authenticating,
// so this should still return false
assert(!identity.hasRole("admin"));