- // gather system roles
- Set<String> sysRoles = new HashSet<String>();
- for (String role : rawAuthorization.getRoles()) {
- Authorization auth = systemRoles.getAuthorization((User) userAdmin.getRole(role));
- sysRoles.addAll(Arrays.asList(auth.getRoles()));
+
+ // gather roles from other referentials
+ final AbstractUserDirectory userAdminToUse;// possibly scoped when authenticating
+ if (user instanceof DirectoryUser) {
+ userAdminToUse = userReferentialOfThisUser;
+ } else if (user instanceof AuthenticatingUser) {
+ userAdminToUse = userReferentialOfThisUser.scope(user);
+ } else {
+ throw new IllegalArgumentException("Unsupported user type " + user.getClass());
+ }
+
+ try {
+ Set<String> sysRoles = new HashSet<String>();
+ for (String role : rawAuthorization.getRoles()) {
+ User userOrGroup = (User) userAdminToUse.getRole(role);
+ Authorization auth = systemRoles.getAuthorization(userOrGroup);
+ systemRoles: for (String systemRole : auth.getRoles()) {
+ if (role.equals(systemRole))
+ continue systemRoles;
+ sysRoles.add(systemRole);
+ }
+// sysRoles.addAll(Arrays.asList(auth.getRoles()));
+ }
+ addAbstractSystemRoles(rawAuthorization, sysRoles);
+ Authorization authorization = new AggregatingAuthorization(usernameToUse, displayNameToUse, sysRoles,
+ rawAuthorization.getRoles());
+ return authorization;
+ } finally {
+ if (userAdminToUse != null && userAdminToUse.isScoped()) {
+ userAdminToUse.destroy();
+ }