public void filtered(FilteredCall<RoleCQ, RoleCQ> filteredLambda) {
        filtered(filteredLambda, null);
    }

    public void filtered(FilteredCall<RoleCQ, RoleCQ> filteredLambda, ConditionOptionCall<BoolQueryBuilder> opLambda) {
        bool((must, should, mustNot, filter) -> {
            filteredLambda.callback(must, filter);
        }, opLambda);
    }

    public void not(OperatorCall<RoleCQ> notLambda) {

import org.dbflute.exception.IllegalBehaviorStateException;
import org.dbflute.util.DfTypeUtil;

/**
 * @author FreeGen
 */
public class UserBhv extends BsUserBhv {

    private static final String ROLES = "roles";
    private static final String GROUPS = "groups";
    private static final String PASSWORD = "password";
    private static final String NAME = "name";

    private String indexName = null;

    @Override

    /**
     * Redirects an authenticated user to the appropriate admin interface based on their roles.
     * Users with admin roles are redirected to the dashboard, while other users are redirected
     * to their designated admin action class or to the root if no specific action is available.
     *
     * @param user the authenticated user bean containing role information
     * @return HTML response redirecting to the appropriate admin interface
     */

/**
 * Exception thrown when user role authentication fails during login attempts.
 * This exception is used to indicate that a user does not have the required role
 * to access a specific action or resource.
 *
 */
public class UserRoleLoginException extends RuntimeException {

    private static final long serialVersionUID = 1L;

    /** The action class that requires specific user roles */

    /** OpenID Connect default roles. */
    @Size(max = 1000)
    public String oicDefaultRoles;

    /** SAML service provider base URL. */
    @Size(max = 1000)
    public String samlSpBaseUrl;

    /** SAML attribute name for group membership. */
    @Size(max = 1000)
    public String samlAttributeGroupName;

    /** SAML attribute name for role membership. */
    @Size(max = 1000)

            return entity;
        });
    }

    /**
     * Registers available roles and labels for use in web config forms.
     * Includes role types, label types, and label setting configuration.
     *
     * @param data the render data to register the roles and labels with
     */
    protected void registerRolesAndLabels(final RenderData data) {

        LabelType labelType2 = new LabelType();
        labelType2.setName("Test Label 2");
        labelType2.setValue("test2");
        labelType2.setPermissions(new String[] { "role1", "role2" });
        labelType2.setVirtualHost("example.com");
        // Locale is derived from value, not set directly
        labelType2.setIncludedPaths("/admin.*");
        labelType2.setExcludedPaths("");

labels.oic_base_url=Base URL
labels.oic_default_groups=Default Groups
labels.oic_default_roles=Default Roles
labels.general_menu_saml=SAML
labels.saml_sp_base_url=SP Base URL
labels.saml_attribute_group_name=Group Attribute Name
labels.saml_attribute_role_name=Role Attribute Name
labels.saml_default_groups=Default Groups
labels.saml_default_roles=Default Roles
labels.general_menu_spnego=SPNEGO
labels.spnego_krb5_conf=Krb5 Config

                final LdapManager ldapManager = ComponentUtil.getLdapManager();
                permissions = distinct(ArrayUtils.addAll(ldapManager.getRoles(this, baseDn, accountFilter, groupFilter, roles -> {
                    permissions = distinct(roles);
                    ComponentUtil.getActivityHelper().permissionChanged(OptionalThing.of(new FessUserBean(this)));

        final String jwtClaim = "{\"roles\":[\"admin\",\"user\"],\"groups\":[\"group1\",\"group2\"]}";
        final Map<String, Object> attributes = new HashMap<>();

        authenticator.parseJwtClaim(jwtClaim, attributes);

        assertTrue(attributes.get("roles") instanceof List);
        @SuppressWarnings("unchecked")
        final List<Object> roles = (List<Object>) attributes.get("roles");
        assertEquals(2, roles.size());