1 files changed, 23 insertions, 0 deletions

diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py
index 03a466e7c..b596a1547 100644
--- a/repoze/bfg/tests/test_security.py
+++ b/repoze/bfg/tests/test_security.py
@@ -243,6 +243,18 @@ class TestACLSecurityPolicy(unittest.TestCase):
         result = policy.principals_allowed_by_permission(None, 'read')
         self.assertEqual(result, [])
 
+    def test_forbidden(self):
+        policy = self._makeOne(lambda *arg: None)
+        forbidden_app = policy.forbidden()
+        environ = {}
+        result = []
+        def start_response(status, headers):
+            result.append((status, headers))
+        response = forbidden_app(environ, start_response)
+        self.assertEqual(result[0][0], '401 Unauthorized')
+        self.failUnless(len(result[0][1]), 2) # headers
+        
+
 class TestInheritingACLSecurityPolicy(unittest.TestCase):
     def setUp(self):
         cleanUp()
@@ -430,6 +442,17 @@ class TestInheritingACLSecurityPolicy(unittest.TestCase):
         result = policy.authenticated_userid(request)
         self.assertEqual(result, None)
 
+    def test_forbidden(self):
+        policy = self._makeOne(lambda *arg: None)
+        forbidden_app = policy.forbidden()
+        environ = {}
+        result = []
+        def start_response(status, headers):
+            result.append((status, headers))
+        response = forbidden_app(environ, start_response)
+        self.assertEqual(result[0][0], '401 Unauthorized')
+        self.failUnless(len(result[0][1]), 2) # headers
+
 class TestAllPermissionsList(unittest.TestCase):
     def setUp(self):
         cleanUp()