private ModelAndView createModelAndView(User user) {
    ModelAndView mv = new ModelAndView("privilege");
    mv.addObject("user", user);

    // Create triplet list
    List<PrivilegeTriplet> triplets = new ArrayList<PrivilegeTriplet>();
    EnumSet<Privilege> usersprivilege = SecurityContext.getAllAssociatedPrivileges(user);
    for (Privilege privilege : Privilege.values()) {
      PrivilegeTriplet newTriplet = new PrivilegeTriplet();
      newTriplet.setPrivilege(privilege);
      if (usersprivilege.contains(privilege)) {
        newTriplet.setPermitted(true);
      }
      newTriplet.setRole(privilege.getAssociatedRole());
      triplets.add(newTriplet);
    }
    mv.addObject("privilegetriplets", triplets);
    return mv;
  }
 @RequestMapping("/privilegeeditsubmit")
 public ModelAndView privilegeEditSubmit(@RequestParam Map<String, String> params) {
   SecurityContext.assertUserHasPrivilege(Privilege.MANAGE_USERS);
   User user = getRequiredEntity(Long.parseLong(params.get("id")));
   // ModelAndView mv = new ModelAndView("redirect:user", "username", user.getUserName());
   ModelAndView mv = new ModelAndView("redirect:/user/" + user.getUserName());
   params.remove("id");
   user.getPrivileges().clear();
   for (Map.Entry<String, String> entry : params.entrySet()) {
     try {
       user.getPrivileges().add(Privilege.valueOf(entry.getKey()));
     } catch (Exception e) {
       throw new IllegalArgumentException("parameters should only contains Id and privileges");
     }
   }
   // em.merge(user); Not needed (we did not modify the user, we changed the .privilege
   // collection). Save will happen with dirty checking.
   return mv;
 }