The ModelControllerClient ClientConfiguration interface allows passing in a "saslOptions" map, which gets passed to xnio. Remoting also supports an "Options.SASL_DISALLOWED_MECHANISMS" Option but does not look to the saslOptions map for that. This makes it difficult for a ModelControllerClient user to disallow a mechanism, specifically JBOSS_LOCAL_USER.
This makes building integration tests for RBAC very difficult, since the JBOSS_LOCAL_USER mechanism will get preference, the desired user account will not be used, and the intended role mapping will not occur.
Intended fix is to have ProtocolConnectionUtils, which sets up the remoting OptionMap, look for a "SASL_DISALLOWED_MECHANISMS" key in saslOptions and if found set up the Remoting Option.