@Test
  public void canOverrideAuthorities() throws Exception {
    UaaUser joe = new UaaUser("joe", "password", "*****@*****.**", "Joe", "User");
    joe = joe.authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("openid,read"));
    ScimUserBootstrap bootstrap = new ScimUserBootstrap(db, gdb, mdb, Arrays.asList(joe));
    bootstrap.afterPropertiesSet();
    joe = joe.authorities(AuthorityUtils.commaSeparatedStringToAuthorityList("openid,read,write"));
    bootstrap = new ScimUserBootstrap(db, gdb, mdb, Arrays.asList(joe));
    bootstrap.setOverride(true);
    bootstrap.afterPropertiesSet();
    @SuppressWarnings("unchecked")
    Collection<Map<String, Object>> users =
        (Collection<Map<String, Object>>)
            userEndpoints.findUsers("id", "id pr", "id", "ascending", 1, 100).getResources();
    assertEquals(1, users.size());

    String id = (String) users.iterator().next().get("id");
    ScimUser user = userEndpoints.getUser(id, new MockHttpServletResponse());
    // uaa.user is always added
    assertEquals(4, user.getGroups().size());
  }
 @Test(expected = InvalidTokenException.class)
 public void revokingScopesFromUser_invalidatesToken() throws Exception {
   user = user.authorities(UaaAuthority.NONE_AUTHORITIES);
   mockUserDatabase(userId, user);
   endpoint.checkToken(accessToken.getValue());
 }