// We shouldn't be able to spoof a built-in role
assertNotSame( new WikiPrincipal( "Authenticated" ), m_auth.resolvePrincipal( "Authenticated" ) );
// An unknown user should resolve to a generic UnresolvedPrincipal
Principal principal = new UnresolvedPrincipal( "Bart Simpson" );
assertEquals( principal, m_auth.resolvePrincipal( "Bart Simpson" ) );
}