user.setId(1L);
user.getRoles().add(new Role(Constants.ADMIN_ROLE));
user.getRoles().add(new Role(Constants.USER_ROLE));
try {
userManager.saveUser(user);
fail("AccessDeniedException not thrown");
} catch (AccessDeniedException expected) {
assertNotNull(expected);
assertEquals(expected.getMessage(), UserSecurityAdvice.ACCESS_DENIED);
}