I am looking to unittest my Struts actions (currently using the Struts JUnit plugin (and my test classes extend StrutsTestCase). At the moment, my actions have nasty static calls to the get the Principal, such as:
My actions implement various interfaces such as SessionAware to make my unit-testing life easier. However, does implementing the PrincipalAware interface compromise security? For example, by implementing the PrincipalAware interface, I have to implement a setter for the PrincipalProxy. Is there not a risk that a user could alter security and set this themselves?