+ if (this.validatePassword().isSuccess()) {
+ /*
+ * Only if the password is a valid one, hash it. So in case it is not
+ * valid, when UserConfig.validate() is called, the proper
+ * validation error will be returned to the caller. If we hashed a
+ * priori instead, the mis-configuration would be masked
+ */
+ this.password = hash(this.password);
+ }
+
+ this.roles = (roles == null) ? new ArrayList<String>() : new ArrayList<String>(roles);