protected List<Principal> expandGroupPrincipals(AbstractUserAuthorizor.DefaultUser user) {
    List<Principal> res = null;

    {
      if (user != null) {
        res = new ArrayList<Principal>();

        List<Principal> groupPrincipals = user.getGroupPrincipals();

        if (groupPrincipals != null) {
          // Add "User" principal, if required:
          {
            if (matchGroupPrincipal(groupPrincipals, ApplicationUserRoles.BACKEND_USER_A)
                || matchGroupPrincipal(groupPrincipals, ApplicationUserRoles.BACKEND_USER_B)) {
              Principal p = new SimplePrincipal(ApplicationUserRoles.ROLE_USER);
              res.add(p);
            }
          }

          // Add "Administrator" principal, if required:
          {
            if (matchGroupPrincipal(groupPrincipals, ApplicationUserRoles.BACKEND_ADMINISTRATOR_A)
                || matchGroupPrincipal(
                    groupPrincipals, ApplicationUserRoles.BACKEND_ADMINISTRATOR_B)) {
              Principal p = new SimplePrincipal(ApplicationUserRoles.ROLE_ADMINISTRATOR);
              res.add(p);
            }
          }

          // Add all original principals "as is":
          {
            res.addAll(groupPrincipals);
          }
        }
      }
    }

    return res;
  }
  public User getUser(Principal principal, Properties properties) throws IOException {
    User res = null;

    {
      AbstractUserAuthorizor.DefaultUser user = null; // user created by this

      // Set 'user':
      {
        User u = super.getUser(principal, properties); // get user returned from nested resource

        if (u == null) {
          user = new AbstractUserAuthorizor.DefaultUser();

          // Set principal:
          {
            String userName = PrincipalUtil.getNameStripped(principal);
            Principal userPrincipal = new SimplePrincipal(userName);
            user.setPrincipal(userPrincipal);
          }
        } else {
          user = new AbstractUserAuthorizor.DefaultUser(u);
        }
      }

      // Override group principals:
      {
        List<Principal> l = expandGroupPrincipals(user); // new list of group-principals
        user.setGroupPrincipals(l); // overwrite the original group principals
      }

      // Override user roles:
      {
        List<String> userRoles = new ArrayList<String>();

        // Add basic user roles:
        {
          List<String> l = user.getUserRoles();
          if (l != null) {
            userRoles.addAll(l);
          }
        }

        // Add special, additional user roles:
        {
          List<String> l = getIncludeUserRolesFromConfig(principal);
          if (l != null) {
            userRoles.addAll(l); // add!
          }
        }

        // Expand all user roles:
        {
          userRoles =
              ApplicationUserRoles.expandUserRoles(
                  userRoles); // expanded user-roles, sorted, duplicates removed!
        }

        // Remove special, excluded user roles:
        {
          List<String> l = getExcludeUserRolesFromConfig(principal);
          if (l != null) {
            l =
                ApplicationUserRoles.expandUserRoles(
                    l); // expanded user-roles, sorted, duplicates removed!
            userRoles.removeAll(l); // remove!
          }
        }

        user.setUserRoles(userRoles); // overwrite the original user roles
      }

      // Override full name:
      {
        Principal userPrincipal = user.getPrincipal();
        String fullName = getUserPresentationNameFromConfig(userPrincipal);
        if (fullName != null) {
          fullName = fullName.trim();

          if (fullName.length() > 0) {
            user.setFullName(fullName);
          }
        }
      }

      res = user;
    }

    return res;
  }