@Override public Authentication authenticate(final Authentication authentication) throws AuthenticationException { Optional<User> u = Optional.absent(); u = userManager.getInternalUser(authentication.getPrincipal().toString()); if (!u.isPresent()) { throw new UsernameNotFoundException( "user not found: " + authentication.getPrincipal().toString()); } boolean b = userManager.authenticate( authentication.getPrincipal().toString(), authentication.getCredentials().toString()); if (!b) { throw new BadCredentialsException("invalid credentials"); } List<GrantedAuthority> gaList = Lists.newArrayList(); for (String role : u.get().getRoles()) { GrantedAuthority ga = new SimpleGrantedAuthority(role); gaList.add(ga); } UsernamePasswordAuthenticationToken upt = new UsernamePasswordAuthenticationToken( authentication.getPrincipal().toString(), authentication.getCredentials().toString(), gaList); return upt; }