Major Description
As far I understand the User interface should specify how the User implementations should communicates with the ftpserver.
The ftpserver doesn't known directly if a user is should be authorized to perform a specific action but it delegate this decisione to the User implementation.
As I can see from the source code the method for determining if a user can perform a specific action is:
public interface User {
AuthorizationRequest authorize(AuthorizationRequest request);
...
}
So I don't see the purpose of put in the interface these methods:
Authority[] getAuthorities();
Authority[] getAuthorities(Class<? extends Authority> clazz);
These methods are not used by the ftpserver so they should not go in the interface.
The interface beetween two entities should be keep simple as possible.
The getAutorirhies() methods are used only by the specific implementation of User named BaseUser, another implementation of User should be free to choose another method for handling permissions.