Spring Security Authorizer with JBoss JAAS

We've recently been working to integrate OpenAM (formerly OpenSSO) as our SSO solution via JAAS. Spring Security comes with OOB functionality for JAAS Authentication, but not for JAAS Authorization.  So in order to accept the roles and principals returned by SSO we put together the following.

public class JaasSpringSecurity implements AuthorityGranter {
    
    public Set grant(Principal principal) {
        Set returnSet = new HashSet();
        
        if (principal instanceof SimpleGroup) {        
            SimpleGroup sg = (SimpleGroup) principal;
            returnSet.addAll(getNestedRoles(sg));
        }
        return returnSet;
    }

    private Set getNestedRoles(SimpleGroup sg) {
        Enumeration members = sg.members();
        Set tmpSet = new HashSet();
        if (members.hasMoreElements()) {

            while (members.hasMoreElements()) {
                Object o = members.nextElement();
                if (o instanceof SimpleGroup) {
                    tmpSet.addAll(getNestedRoles((SimpleGroup) o));
                } else if(o instanceof SimplePrincipal){
                    tmpSet.add( ((SimplePrincipal) o).getName());
                } 
            }
        } else {

        }
        return tmpSet;
    }
}

It should be noted that in this case we are running under JBoss and so we are passed objects of Type :

org.jboss.security.SimpleGroup and org.jboss.security.SimplePrincipal.  This may differ based on provider.

Cannot invoke method containsKey() on null object

I spent about an hour on this one today.  I have a Grails Integration test with mock objects, but every time I tried to instantiate the Mock (via mockFor(MyService) ) I was receiving the error :

Cannot invoke method containsKey() on null object

After toying with it for too long I googled it up and found that I had forgotten the super.setUp() in my setUp() method. After correcting that :

  protected void setUp() {
    super.setUp()
...

All was well. Ugh..