authlogic's password field is not required in rspec?

Hello,

I am using authlogic and rspec in our project. I steup the authlogic
as the offical example. But when i run my rspec, it tells me that
password field is not required. My spec file is as following:

require 'spec_helper'

describe User do
  before(:each) do
    @valid_attributes = {
      :email => 'tcsnhj@gmail.com',
      :password => "aaaaaa",
      :password_confirmation => "aaaaaa"
    }
    @user = User.new(@valid_attributes)
  end

......

  it "should not be valid without a password" do
    @user.password = nil
    @user.should_not be_valid
  end
........
end

the rspec show me "expected valid? to return false, got true". but
when I run the application in firefox, and if I leave the password
field empty, the form will give errors. I also run irb: @user =
User.new( :email => "gaga@gag.com", :password =
nil, :password_confirmation = 'a' * 10), the @user.valid? returned
false.

Why the rspec got true?
.

Anyboby know why? I am waiting online!