#### Adding 'admin' Role

- Go to Roles
  - Add new Role `admin` with Description `${role_admin}`.
  - Add this Role into compositive role named `default-roles-{realm}` - `{realm}` should be replaced with whatever realm you created from `prerequisites` section. This role is automatically trusted in the 'Service Accounts' tab.

- Check that `account` client_id has the role 'admin' assigned in the "Service Account Roles" tab.

/**
 * Exception thrown when user role authentication fails during login attempts.
 * This exception is used to indicate that a user does not have the required role
 * to access a specific action or resource.
 *
 */
public class UserRoleLoginException extends RuntimeException {

    private static final long serialVersionUID = 1L;

    /** The action class that requires specific user roles */

		}

		// Check if claim name is the non-default value and role policy is set.
		if p.ClaimName != policy.PolicyName && p.RolePolicy != "" {
			// In the unlikely event that the user specifies
			// `policy.PolicyName` as the claim name explicitly and sets
			// a role policy, this check is thwarted, but we will be using
			// the role policy anyway.

    /**
     * Checks if the current user has the specified action role or administrative privileges.
     *
     * @param role the role to check (supports both view and edit variants)
     * @return true if the user has the role or admin privileges, false otherwise
     */
    public static boolean hasActionRole(final String role) {
        final String[] roles;
        if (role.endsWith(FessAdminAction.VIEW)) {

 * Provides access to user name, roles, groups, and permissions.
 */
public interface FessUser extends Serializable {

    /**
     * Gets the user's display name.
     * @return The user's name.
     */
    String getName();

    /**
     * Gets the user's assigned role names.
     * @return Array of role names.
     */
    String[] getRoleNames();

    /**

    /**
     * Redirects an authenticated user to the appropriate admin interface based on their roles.
     * Users with admin roles are redirected to the dashboard, while other users are redirected
     * to their designated admin action class or to the root if no specific action is available.
     *
     * @param user the authenticated user bean containing role information
     * @return HTML response redirecting to the appropriate admin interface
     */

authentication.admin.users=admin
# Admin role names for authentication.
authentication.admin.roles=admin

# Default permissions for search roles.
role.search.default.permissions=
# Default display permissions for search roles.
role.search.default.display.permissions={role}guest
# Guest permissions for search roles.
role.search.guest.permissions={role}guest

# Prefix for user roles in search.

     * @param fields the array of fields associated with the search words
     * @param tags the array of tags associated with the search words
     * @param roles the array of roles associated with the search words
     * @param score the score associated with the search words
     * @param readingConverter the converter to use for converting readings

     * @param roles array of roles to filter results
     * @param fields array of fields to search in
     * @param excludes array of words to exclude from results
     * @return list of popular words matching the criteria
     */
    public List<String> getWordList(final SearchRequestType searchRequestType, final String seed, final String[] tags, final String[] roles,

Harshavardhana <******@****.***> 1723857894 -0700