@Override
public UserDetails loadUserByUsername(final String username) throws UsernameNotFoundException, DataAccessException {
final Set<SimpleGrantedAuthority> authorities = new HashSet<SimpleGrantedAuthority>();
if (adminUser.equals(username)) {
for (Entitlement entitlement : entitlementDAO.findAll()) {
authorities.add(new SimpleGrantedAuthority(entitlement.getName()));
}
} else {
final SyncopeUser user = userDAO.find(username);
if (user == null) {
throw new UsernameNotFoundException("Could not find any user with id " + username);
}
// Give entitlements based on roles assigned to user (and their ancestors)
final Set<SyncopeRole> roles = new HashSet<SyncopeRole>(user.getRoles());
for (SyncopeRole role : user.getRoles()) {
roles.addAll(roleDAO.findAncestors(role));
}
for (SyncopeRole role : roles) {
for (Entitlement entitlement : role.getEntitlements()) {
authorities.add(new SimpleGrantedAuthority(entitlement.getName()));
}
}
// Give role operational entitlements for owned roles
List<SyncopeRole> ownedRoles = roleDAO.findOwned(user);
if (!ownedRoles.isEmpty()) {
authorities.add(new SimpleGrantedAuthority("ROLE_CREATE"));
authorities.add(new SimpleGrantedAuthority("ROLE_READ"));
authorities.add(new SimpleGrantedAuthority("ROLE_UPDATE"));
authorities.add(new SimpleGrantedAuthority("ROLE_DELETE"));
for (SyncopeRole role : ownedRoles) {
authorities.add(new SimpleGrantedAuthority(EntitlementUtil.
getEntitlementNameFromRoleId(role.getId())));
}
}
}