try {
user = userManager.saveUser(user);
} catch (AccessDeniedException ade) {
// thrown by UserSecurityAdvice configured in aop:advisor
logger.warn(ade.getMessage());
return new HttpError(HttpServletResponse.SC_FORBIDDEN, "Resource not available");
} catch (UserExistsException e) {
// TODO #1: FIXME: only username should be highlighted.. move to onValidate()?
alertManager.error(
messages.format("errors.existing.user", user.getUsername(), user.getEmail())