diff --git a/classes/Browser.php b/classes/Browser.php
index 35fe1bd..5a53ca6 100644
--- a/classes/Browser.php
+++ b/classes/Browser.php
@@ -134,7 +134,15 @@ class Browser extends Object
 		}
 
 		header('Location: ' . $destination);
-		exit;
+
+		if (defined('UNIT_TESTING'))
+		{
+			throw new Exception();
+		}
+		else
+		{
+			exit;
+		}
 	}
 
 	/**
diff --git a/classes/Controller.php b/classes/Controller.php
index bcdb746..5dfb869 100644
--- a/classes/Controller.php
+++ b/classes/Controller.php
@@ -201,7 +201,7 @@ class Controller extends Object
 					if ($_SERVER['REQUEST_METHOD'] == 'POST')
 					{
 						// @todo Perhaps I could force a logout / redirect to the login page
-						exit('{"status": "error", "message": "You are not properly authenticated, try logging out and back in."}');
+						throw new Exception('{"status": "error", "message": "You are not properly authenticated, try logging out and back in."}');
 					}
 					else
 					{
diff --git a/classes/String.php b/classes/String.php
index e9ad181..c815bbb 100644
--- a/classes/String.php
+++ b/classes/String.php
@@ -264,4 +264,3 @@ class String
 }
 
 ?>
-
diff --git a/tests/bootstrap.php b/tests/bootstrap.php
index 8a9f8ca..a3b0c5b 100644
--- a/tests/bootstrap.php
+++ b/tests/bootstrap.php
@@ -8,9 +8,32 @@ $root = org\bovigo\vfs\vfsStream::setup('site');
 
 if (!defined('SITE_PATH'))
 {
+	define('SECURITY_LEVEL_USER', 10);
 	define('SITE_PATH', org\bovigo\vfs\vfsStream::url('site/'));
+	// This isn't ideal but it helps a ton when testing the Browser class.
+	define('UNIT_TESTING', true);
 }
 
 require_once 'pickles.php';
 
+if (!file_exists(SITE_MODULE_PATH))
+{
+	mkdir(SITE_MODULE_PATH, 0644);
+}
+
+if (!file_exists(SITE_TEMPLATE_PATH))
+{
+	mkdir(SITE_TEMPLATE_PATH, 0644);
+}
+
+$_SERVER['HTTP_HOST']   = 'testsite.com';
+$_SERVER['SERVER_NAME'] = 'Test Server';
+
+function setUpRequest($request, $method = 'GET')
+{
+	$_SERVER['REQUEST_URI']    = '/' . $request;
+	$_SERVER['REQUEST_METHOD'] = $method;
+	$_REQUEST['request']       = $request;
+}
+
 ?>
diff --git a/tests/classes/ControllerTest.php b/tests/classes/ControllerTest.php
index a317497..5f8392c 100644
--- a/tests/classes/ControllerTest.php
+++ b/tests/classes/ControllerTest.php
@@ -7,20 +7,11 @@ class ControllerTest extends PHPUnit_Framework_TestCase
 	public function setUp()
 	{
 		$this->config = Config::getInstance();
-		$this->config->data['pickles']['disabled'] = false;
-		$this->config->data['pickles']['profiler'] = false;
-		$_SERVER['REQUEST_URI'] = '';
+		$this->config->data['pickles']['disabled']    = false;
+		$this->config->data['pickles']['profiler']    = false;
+		$this->config->data['security']['levels'][10] = 'USER';
 
-		if (!file_exists(SITE_MODULE_PATH))
-		{
-			mkdir(SITE_MODULE_PATH, 0644);
-		}
-
-		unlink(SITE_MODULE_PATH . 'testing.php');
-
-		$_SERVER['HTTP_HOST']   = 'testsite.com';
-		$_SERVER['REQUEST_URI'] = '/home';
-		$_REQUEST['request']    = 'home';
+		setUpRequest('home');
 
 		$module = '<?php class home extends Module { } ?>';
 
@@ -29,8 +20,6 @@ class ControllerTest extends PHPUnit_Framework_TestCase
 
 	public function testSiteDown()
 	{
-		$_SERVER['SERVER_NAME'] = 'Test Server';
-
 		$this->config->data['pickles']['disabled'] = true;
 
 		$this->expectOutputRegex('/Test Server is currently down for maintenance/');
@@ -53,28 +42,18 @@ class ControllerTest extends PHPUnit_Framework_TestCase
 
 	public function testUpperCaseURI()
 	{
-		$_SERVER['REQUEST_URI'] = '/TESTING';
-		$_REQUEST['request']    = 'TESTING';
+		setUpRequest('TESTING');
 
 		new Controller();
 
 		$this->assertTrue(in_array('Location: /testing', xdebug_get_headers()));
 	}
 
-	/*
 	public function testForceSecure()
 	{
-		$_SERVER['REQUEST_URI'] = '/secure';
-		$_REQUEST['request']    = 'secure';
+		setUpRequest('secure');
 
-		$module = '
-			<?php
-			class secure extends Module
-			{
-				public $secure = true;
-			}
-			?>
-		';
+		$module = '<?php class secure extends Module { public $secure = true; } ?>';
 
 		file_put_contents(SITE_MODULE_PATH . 'secure.php', $module);
 
@@ -85,18 +64,10 @@ class ControllerTest extends PHPUnit_Framework_TestCase
 
 	public function testForceInsecure()
 	{
-		$_SERVER['HTTPS']       = 'on';
-		$_SERVER['REQUEST_URI'] = '/insecure';
-		$_REQUEST['request']    = 'insecure';
+		setUpRequest('insecure');
+		$_SERVER['HTTPS'] = 'on';
 
-		$module = '
-			<?php
-			class insecure extends Module
-			{
-				public $secure = false;
-			}
-			?>
-		';
+		$module = '<?php class insecure extends Module { public $secure = false; } ?>';
 
 		file_put_contents(SITE_MODULE_PATH . 'insecure.php', $module);
 
@@ -107,19 +78,49 @@ class ControllerTest extends PHPUnit_Framework_TestCase
 
 	public function testNotAuthenticated()
 	{
-		$this->fail();
+		setUpRequest('notauth');
+
+		$module = '<?php class notauth extends Module { public $security = SECURITY_LEVEL_USER; } ?>';
+
+		file_put_contents(SITE_MODULE_PATH . 'notauth.php', $module);
+
+		new Controller();
+
+		$this->assertTrue(in_array('Location: http://testsite.com/login', xdebug_get_headers()));
 	}
 
 	public function testNotAuthenticatedPOST()
 	{
-		$this->fail();
+		setUpRequest('notauthpost', 'POST');
+
+		$module = '<?php class notauthpost extends Module { public $security = SECURITY_LEVEL_USER; } ?>';
+
+		file_put_contents(SITE_MODULE_PATH . 'notauthpost.php', $module);
+
+		new Controller();
+
+		$this->expectOutputRegex('/You are not properly authenticated/');
 	}
 
 	public function testAuthenticated()
 	{
-		$this->fail();
+		setUpRequest('auth');
+
+		$module = '<?php class auth extends Module { '
+				. 'public $security = SECURITY_LEVEL_USER;'
+				. 'public function __default() { return ["foo" => "bar"]; }'
+				. '} ?>';
+
+		file_put_contents(SITE_MODULE_PATH . 'auth.php', $module);
+
+		session_start();
+		Security::login(1, 10, 'USER');
+		new Controller();
+
+		$this->expectOutputString('{"foo":"bar"}');
 	}
 
+	/*
 	public function testHasLevelAccess()
 	{
 		$this->fail();