diff --git a/.aurora-config/security.ini b/.aurora-config/security.ini
new file mode 100644
index 0000000..411fedb
--- /dev/null
+++ b/.aurora-config/security.ini
@@ -0,0 +1,5 @@
+[users]
+aurora = secret, admin
+
+[roles]
+admin = *
diff --git a/docker-compose.yml b/docker-compose.yml
index ee0cff6..3632491 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -65,6 +65,12 @@ services:
       CLUSTER_NAME: test-cluster
       ZK_ENDPOINTS: "192.168.33.2:2181"
       MESOS_MASTER: "zk://192.168.33.2:2181/mesos"
+      EXTRA_SCHEDULER_ARGS: >
+        -http_authentication_mechanism=BASIC
+        -shiro_realm_modules=INI_AUTHNZ
+        -shiro_ini_path=/etc/aurora/security.ini
+    volumes:
+      - ./.aurora-config:/etc/aurora
     networks:
       aurora_cluster:
         ipv4_address: 192.168.33.7
diff --git a/realis_e2e_test.go b/realis_e2e_test.go
index 2bc684d..93a44e7 100644
--- a/realis_e2e_test.go
+++ b/realis_e2e_test.go
@@ -85,6 +85,29 @@ func TestNonExistentEndpoint(t *testing.T) {
 
 }
 
+func TestBadCredentials(t *testing.T) {
+	r, err := realis.NewClient(realis.SchedulerUrl("http://192.168.33.7:8081"),
+		realis.BasicAuth("incorrect", "password"))
+	defer r.Close()
+
+	assert.NoError(t, err)
+
+	job := realis.NewJob().
+		Environment("prod").
+		Role("vagrant").
+		Name("create_thermos_job_test").
+		ExecutorName(aurora.AURORA_EXECUTOR_NAME).
+		ExecutorData(string(thermosPayload)).
+		CPU(.5).
+		RAM(64).
+		Disk(100).
+		IsService(true).
+		InstanceCount(2).
+		AddPorts(1)
+
+	assert.Error(t, r.CreateJob(job))
+}
+
 func TestThriftBinary(t *testing.T) {
 	r, err := realis.NewClient(realis.SchedulerUrl("http://192.168.33.7:8081"),
 		realis.BasicAuth("aurora", "secret"),
@@ -92,6 +115,7 @@ func TestThriftBinary(t *testing.T) {
 		realis.ThriftBinary())
 
 	assert.NoError(t, err)
+	defer r.Close()
 
 	role := "all"
 	taskQ := &aurora.TaskQuery{
@@ -103,8 +127,6 @@ func TestThriftBinary(t *testing.T) {
 
 	assert.NoError(t, err)
 
-	r.Close()
-
 }
 
 func TestThriftJSON(t *testing.T) {