completed update of account, splitted login from account

2018-11-14 17:16:12 +01:00
parent 939f043b01
commit 765589afdf
27 changed files with 3383 additions and 3157 deletions
--- a/account-ui/pom.xml
+++ b/account-ui/pom.xml
@ -59,7 +59,11 @@
            <groupId>de.muehlencord.shared</groupId>
            <artifactId>shared-account</artifactId>
            <version>1.1-SNAPSHOT</version>
-            <type>jar</type>
+        </dependency>        
        <dependency>
            <groupId>de.muehlencord.shared</groupId>
            <artifactId>shared-util</artifactId>
            <version>1.1-SNAPSHOT</version>
        </dependency>        
        <dependency>
            <groupId>de.muehlencord.sf</groupId>
@ -86,6 +90,7 @@
                <filtering>true</filtering>
                <includes>
                    <include>**/*.properties</include>
                    <include>**/*.xml</include>
                </includes>
            </resource>
        </resources>
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/ApplicationProducer.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/ApplicationProducer.java
@ -0,0 +1,67 @@
 /*
 * Copyright 2018 Joern Muehlencord <joern at muehlencord.de>.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package de.muehlencord.shared.account.web;
 import de.muehlencord.shared.account.business.application.boundary.ApplicationService;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
 import java.util.UUID;
 import javax.annotation.PostConstruct;
 import javax.ejb.EJB;
 import javax.enterprise.context.ApplicationScoped;
 import javax.enterprise.inject.Produces;
 import javax.inject.Named;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 /**
 *
 * @author Joern Muehlencord <joern at muehlencord.de>
 */
@Named("applicationProdiucer")
@ApplicationScoped
 public class ApplicationProducer {
    private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationProducer.class);
    @EJB
    ApplicationService applicationService;
    private ApplicationEntity application = null;
    @PostConstruct
    public void init() {
        String id = "143a2bd3-7e0b-4162-a76e-3031331c7dfe"; // TODO load from properties file
        this.application = applicationService.findById(UUID.fromString(id));
        if (application == null) {
            LOGGER.error("Could not find application with id ");
        } else {
            LOGGER.info("Found application {} for id{}", application.getApplicationName(), id); 
        }
    }
    /**
     * needs to return link to "Account UI" and not to current selected
     * application TODO: ensure only Account UI can call functions where
     * appliction can be handed in all other applications need to call the
     * function which use the injected application
     */
    @Produces
    public ApplicationEntity getApplication() {
        return application;
    }
 }
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/AccountView.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/AccountView.java
@ -4,6 +4,7 @@ import de.muehlencord.shared.account.business.account.boundary.AccountControl;
 import de.muehlencord.shared.account.business.account.boundary.ApplicationRoleControl;
 import de.muehlencord.shared.account.business.account.entity.AccountEntity;
 import de.muehlencord.shared.account.business.account.entity.AccountException;
 import de.muehlencord.shared.account.business.account.entity.AccountLoginEntity;
 import de.muehlencord.shared.account.business.account.entity.AccountStatus;
 import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
@ -11,11 +12,17 @@ import de.muehlencord.shared.jeeutil.FacesUtil;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Locale;
 import javax.ejb.EJB;
 import javax.faces.component.UIInput;
 import javax.faces.context.FacesContext;
 import javax.faces.view.ViewScoped;
 import javax.inject.Named;
 import javax.inject.Inject;
 import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.subject.Subject;
 import org.primefaces.event.SelectEvent;
 import org.primefaces.event.UnselectEvent;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -51,6 +58,9 @@ public class AccountView implements Serializable {
    // account currently on edit
    private AccountEntity currentAccount;
    private List<ApplicationRoleEntity> currentAccountRoles = null;
    private AccountLoginEntity currentAccountLogin;
    private String password = null;
    private String repeatPassword = null;
    public List<AccountEntity> getAccounts() {
        if (accountList == null) {
@ -68,11 +78,13 @@ public class AccountView implements Serializable {
    }
    public void selectAccount(SelectEvent event) {
-        if (currentAccount == null) {
+        // nothing to do, currentAccountRoles are loaded before dialog is shown
    }
    public void unselectAccount(UnselectEvent event) {
        applicationRoles = null;
        currentAccountRoles = null;
    }
    }
    public boolean getAccountSelected() {
        return currentAccount != null;
@ -80,7 +92,6 @@ public class AccountView implements Serializable {
    public void newAccount() {
        currentAccount = new AccountEntity();
        currentAccount.setUsername(null);
        currentAccount.setStatus("NEW"); // TODO add status enum   
        currentAccountRoles = new ArrayList<>();
    }
@ -108,15 +119,12 @@ public class AccountView implements Serializable {
        AccountEntity existingEntity = accountService.getAccountEntity(username, true);
        // check if it is a new user (createdBy == null) but a user with same name already exists
        if ((currentAccount.getCreatedBy() == null) && (existingEntity != null)) {
            currentAccount.setUsername(null);
            FacesUtil.addErrorMessage("editDialogMessaegs", "Create new account failed", "Account with username " + username + " already exists");
        } else {
-            accountService.saveAccount(applicationView.getCurrentApplication(), currentAccount, currentAccountRoles);
+            accountService.saveAccount(currentAccount, currentAccountRoles);
            if (currentAccount.getId() == null) {
                // this was a new account
            // force accounts to be loaded from database again
            accountList = null;
-            }
+
        }
    }
@ -149,6 +157,96 @@ public class AccountView implements Serializable {
        return AccountStatus.getAllStatusNames();
    }
    /* **** account login methods **** */
    public boolean validatePasswords(FacesContext context, List<UIInput> components, List<Object> values) {
        String password = components.get(0).getSubmittedValue().toString();
        String passwordRepeat = components.get(1).getSubmittedValue().toString();
        if ((password == null) || (passwordRepeat == null)) {
            return false;
        }
        boolean returnValue = password.equals(passwordRepeat);
        return returnValue;
    }
    public void addAccountLogin() {
        if (currentAccount == null) {
            // TODO add error handling
        } else {
            this.currentAccountLogin = accountService.createLoginWithRandomPassword();
        }
    }
    public void editAccountLogin() {
        if (currentAccount == null) {
            // TODO add error handling
        } else {
            this.currentAccountLogin = currentAccount.getAccountLogin();
        }
    }
    public void deleteAccountLogin() {
        if (currentAccount == null) {
            // TODO add error handling            
        } else {
            accountService.deleteLogin(currentAccount);
            currentAccount.setAccountLogin(null);
            currentAccountLogin = null;
            accountList = null; // force reload
            FacesUtil.addGlobalInfoMessage("Account saved", "Login removed");
        }
    }
    public void saveEditAccountLogin() {
        // TODO move to account control - to much logic for the view
        if ((currentAccountLogin == null) || (currentAccount == null)) {
            // TODO add error handling
        } else {
            // overwrite password if provided
            if ((password != null) && (!password.trim().equals(""))) {
                // password has been specified 
                if (password.equals(repeatPassword)) {
                    currentAccount.getAccountLogin().setAccountPassword(accountService.getHashedPassword(password));
                    FacesUtil.addGlobalInfoMessage("Info", "Password updated"); 
                } else {
                    // TODO connect to IPRS 
                    // frontend does validate passwords do match 
                    // someone is trying to cheat
                }
            }
            if (currentAccountLogin.getId() == null) {
                accountService.addLogin(currentAccount, currentAccountLogin);
                currentAccount.setAccountLogin(currentAccountLogin);
                accountList = null; // force reload of accounts
            } else {
                accountService.updateLogin(currentAccountLogin);
            }
            currentAccountLogin = null;
            FacesUtil.addGlobalInfoMessage("Account saved", "Login data updated");
        }
    }
    public void cancelEditAccountLogin() {
        this.currentAccountLogin = null;
    }
    public boolean getCurrentLoggedInUser() {
        if (currentAccount == null) {
            return false;
        }
        Subject currentUser = SecurityUtils.getSubject();
        if (currentUser == null) {
            // TODO - connect to IPRS - how can this method be called if no user is logged in
            return false;
        }
        String currentUserName = currentUser.getPrincipal().toString();
        return currentUserName.equals(currentAccount.getUsername());
    }
    /* **** getter / setter **** */
    /**
     * setter for managed property applicationView
@ -183,4 +281,20 @@ public class AccountView implements Serializable {
        this.currentAccountRoles = currentAccountRoles;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public String getRepeatPassword() {
        return repeatPassword;
    }
    public void setRepeatPassword(String repeatPassword) {
        this.repeatPassword = repeatPassword;
    }
 }
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/PermissionView.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/PermissionView.java
@ -53,8 +53,6 @@ public class PermissionView implements Serializable {
    public void saveEditPermission() throws AccountException {
        if (currentPermission != null) {                        
            ApplicationEntity currentApplication = applicationView.getCurrentApplication();
            String currentApplicationName = currentApplication.getApplicationName();
            String newPermissionName = currentPermission.getPermissionName();
            String newPermissionDescription = currentPermission.getPermissionDescription();
            if ((newPermissionName == null) || (newPermissionName.trim().length() == 0)) {
@ -63,13 +61,11 @@ public class PermissionView implements Serializable {
                FacesUtil.addErrorMessage("editDialogMessages", "Error", "Permission name must not be null");
            } else {
                if (currentPermission.getId() == null) {
-                    applicationPermissionService.create(currentApplicationName, newPermissionName, newPermissionName);
+                    applicationPermissionService.create(applicationView.getCurrentApplication(), newPermissionName, newPermissionName);
                    FacesUtil.addGlobalInfoMessage("Info", "Permission " + newPermissionName + " created");
 //                    deselectPermission();
                } else {
                    applicationPermissionService.update(currentPermission);
                    FacesUtil.addGlobalInfoMessage("Info", "Permission " + newPermissionName + " updated");
 //                    deselectPermission();
                }
            }
        }
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationRoleNameValidator.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationRoleNameValidator.java
@ -1,9 +1,8 @@
 package de.muehlencord.shared.account.web.presentation;
 import de.muehlencord.shared.account.business.account.boundary.ApplicationPermissionControl;
 import de.muehlencord.shared.account.business.account.boundary.ApplicationRoleControl;
 import de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity;
 import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity;
 import de.muehlencord.shared.account.business.application.boundary.ApplicationService;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
 import java.io.Serializable;
 import javax.ejb.EJB;
@ -15,8 +14,6 @@ import javax.faces.validator.Validator;
 import javax.faces.validator.ValidatorException;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 /**
 *
@ -54,7 +51,6 @@ public class UniqueApplicationRoleNameValidator implements Validator, Serializab
        } else {
            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Application not set", "Permission name cannot be set if application is unknown"));
        }
    }
 }
--- a/account-ui/src/main/resources/META-INF/persistence.xml
+++ b/account-ui/src/main/resources/META-INF/persistence.xml
@ -1,14 +1,15 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <persistence version="2.1" xmlns="http://xmlns.jcp.org/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd">
-  <persistence-unit name="com.wincornixdorf.pcd_pu" transaction-type="JTA">
+  <persistence-unit name="de.muehlencord.shared.accountUiPu" transaction-type="JTA">
    <jta-data-source>java:/jboss/accountTestDs</jta-data-source>    
    <class>de.muehlencord.shared.account.business.account.entity.AccountEntity</class>
    <class>de.muehlencord.shared.account.business.account.entity.AccountHistoryEntity</class>
    <class>de.muehlencord.shared.account.business.account.entity.AccountLoginEntity</class>
    <class>de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity</class>
    <class>de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity</class>
    <class>de.muehlencord.shared.account.business.application.entity.ApplicationEntity</class>
    <class>de.muehlencord.shared.account.business.config.entity.ConfigEntity</class>
    <class>de.muehlencord.shared.account.business.mail.entity.MailTemplateEntity</class>
    <class>de.muehlencord.shared.account.business.application.entity.ApplicationEntity</class>
    <exclude-unlisted-classes>true</exclude-unlisted-classes>
    <shared-cache-mode>ENABLE_SELECTIVE</shared-cache-mode>
    <validation-mode>NONE</validation-mode>
--- a/account-ui/src/main/resources/de/muehlencord/shared/account/web/presentation/messages.properties
+++ b/account-ui/src/main/resources/de/muehlencord/shared/account/web/presentation/messages.properties
@ -130,3 +130,4 @@ label_template_waitlist_cancelled=Waitlist cancelled mail template
 msgs_menu_status=Status
 menu_status=Status
 button_add=Add
 passwords_different=Passwords do not match, please check input
--- a/account-ui/src/main/resources/de/muehlencord/shared/account/web/presentation/messages_de.properties
+++ b/account-ui/src/main/resources/de/muehlencord/shared/account/web/presentation/messages_de.properties
@ -131,3 +131,4 @@ label_template_waitlist_cancelled=Vorlage Warteliste Abbruch
 msgs_menu_status=Status
 menu_status=Status
 button_add=Hinzuf\u00fcgen
 passwords_different=Passw\u00f6rter stimmen \u00fcberein, bitte \u00fcberpr\u00fcfen Sie ihre Eingabe
--- a/account-ui/src/main/resources/de/muehlencord/shared/account/web/presentation/messages_en.properties
+++ b/account-ui/src/main/resources/de/muehlencord/shared/account/web/presentation/messages_en.properties
@ -131,3 +131,4 @@ label_template_waitlist_cancelled=Waitlist cancelled mail template
 msgs_menu_status=Status
 menu_status=Status
 button_add=Add
 passwords_different=Passwords do not match, please check input
--- a/account-ui/src/main/webapp/WEB-INF/shiro.ini
+++ b/account-ui/src/main/webapp/WEB-INF/shiro.ini
@ -25,7 +25,7 @@ passwordMatcher.passwordService = $passwordService
 # JDBC Realm setup
 jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
 jdbcRealm.permissionsLookupEnabled=false
-jdbcRealm.authenticationQuery = select account_password from account where username = ? and status not in ('LOCKED','DELETED')
+jdbcRealm.authenticationQuery = select al.account_password from account a, account_login al where al.account = a.id and a.username = ? and status not in ('LOCKED','DELETED')
 jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
 jdbcRealm.credentialsMatcher = $passwordMatcher
 jdbcRealm.dataSource = $datasource
--- a/account-ui/src/main/webapp/web/account.xhtml
+++ b/account-ui/src/main/webapp/web/account.xhtml
@ -7,6 +7,7 @@
                xmlns:f="http://xmlns.jcp.org/jsf/core"
                xmlns:co="http://java.sun.com/jsf/composite/composite"
                xmlns:c="http://xmlns.jcp.org/jsp/jstl/core"
                xmlns:o="http://omnifaces.org/ui"
                xmlns:composite="http://xmlns.jcp.org/jsf/composite/composite">
    <ui:define name="title">
@ -18,11 +19,11 @@
    </ui:define>
    <ui:define name="body">
-        <h:form id="accountForm">           
+        <h:form id="accountForm" prependId="false">           
            <p:dataTable id="accountTable" value="#{accountView.accounts}" var="account" rowKey="#{account.username}" selectionMode="single" selection="#{accountView.currentAccount}"
                         styleClass="box-primary">
-                <p:ajax event="rowSelect" update="deleteButton,editButton" listener="#{accountView.selectAccount}" />
+                <p:ajax event="rowSelect" update="buttonPanel" listener="#{accountView.selectAccount}" />
-                <p:ajax event="rowUnselect" update="deleteButton,editButton" listener="#{accountView.selectAccount}"  />
+                <p:ajax event="rowUnselect" update="buttonPanel" listener="#{accountView.unselectAccount}"  />
                <p:column headerText="Username">
                    <h:outputText value="#{account.username}" />
                </p:column>
@ -35,12 +36,12 @@
                <p:column headerText="Email">
                    <h:outputText value="#{account.emailaddress}" />
                </p:column>
                <p:column headerText="Last login">
                    <h:outputText value="#{account.lastLogin}" />
                </p:column>
                <p:column headerText="Status">
                    <h:outputText value="#{account.status}" />
                </p:column>
                <p:column headerText="Can login" >
                    <p:selectBooleanCheckbox id="canLogin" disabled="true" value="#{!empty account.accountLogin}" />
                </p:column>                
                <p:column headerText="CreatedOn">
                    <h:outputText value="#{account.createdOn}" >
                        <f:convertDateTime type="both" dateStyle="full" timeStyle="short" timeZone="Europe/Berlin"/>
@ -57,10 +58,12 @@
                <p:column headerText="LastUpdatedBy">
                    <h:outputText value="#{account.lastUpdatedBy}" />
                </p:column>   
-                <f:facet name="footer" >
+            </p:dataTable>
                    <div class="col-sm-12 col-md-3" style="margin-top:10px">
            <p:spacer height="10px" />
            <p:panel id="buttonPanel" styleClass="box-primary"  style="margin-bottom:20px">
                <div class="ui-g ui-fluid">
                    <div class="col-sm-12 col-md-4" style="margin-top:10px">
                        <div class="ui-inputgroup" >
                            <h:outputLabel for="includeDisabledCheckbox" value="Include disabled accounts?" />
                            <p:inputSwitch id="includeDisabledCheckbox" value="#{accountView.showDisabledAccounts}" styleClass="btn-teal btn-block"  >
@ -69,27 +72,48 @@
                        </div>
                    </div>
-                    <div class="col-sm-12 col-md-3">
+                    <div class="col-sm-12 col-md-2">
                        <p:spacer height="10px" />
                        <p:commandButton value="New" id="newButton" icon="fa fa-plus" 
                                         update="editDialog" oncomplete="PF('editDialogVar').show();"
                                         actionListener="#{accountView.newAccount}" styleClass="btn-primary btn-block" />
                    </div>
-                    <div class="col-sm-12 col-md-3">
+                    <div class="col-sm-12 col-md-2">
                        <p:spacer height="10px" />
                        <p:commandButton value="Edit" id="editButton" icon="fa fa-pencil" 
                                         update="editDialog" oncomplete="PF('editDialogVar').show();"
                                         actionListener="#{accountView.editAccount}" disabled="#{!accountView.accountSelected}" styleClass="btn-teal btn-block" />
                    </div>                    
-                    <div class="col-sm-12 col-md-3">
+                    <div class="col-sm-12 col-md-2">
                        <p:spacer height="10px" />
                        <p:commandButton value="Delete" id="deleteButton" icon="fa fa-trash-o"
-                                         update=":accountForm:accountTable" action="#{accountView.deleteAccount}" disabled="#{!accountView.accountSelected}" styleClass="btn-danger btn-block">
+                                         update=":accountForm:accountTable" action="#{accountView.deleteAccount}" disabled="#{accountView.accountSelected eq false or accountView.currentLoggedInUser eq true}" styleClass="btn-danger btn-block">
                            <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
                        </p:commandButton>
                    </div>
-                </f:facet>                
+
-            </p:dataTable>
+                    <div class="col-sm-12 col-md-2">
                        <c:if test="#{empty accountView.currentAccount.accountLogin}">
                            <p:commandButton value="Add login" id="addLoginButton" icon="fa fa-plus" disabled="#{!accountView.accountSelected}"
                                             update="editLoginDialog" oncomplete="PF('editLoginDialogVar').show();"
                                             action="#{accountView.addAccountLogin}" styleClass="btn-teal btn-block">
                            </p:commandButton>
                        </c:if>
                        <c:if test="#{!empty accountView.currentAccount.accountLogin}">
                            <p:splitButton value="Edit login" id="editLoginButton" icon="fa fa-pencil" disabled="#{!accountView.accountSelected}"
                                           update="editLoginDialog" oncomplete="PF('editLoginDialogVar').show();"
                                           action="#{accountView.editAccountLogin}" styleClass="btn-success btn-block">
                                <p:menuitem value="Delete login" icon="fa fa-trash-o"  disabled="#{accountView.currentLoggedInUser}"
                                            update="accountTable,buttonPanel" styleClass="btn-danger btn-block"
                                            action="#{accountView.deleteAccountLogin}" >
                                    <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
                                </p:menuitem>
                            </p:splitButton>                        
                        </c:if>
                    </div>
                </div>                    
            </p:panel>
            <composite:confirmationDialog />
        </h:form>
@ -164,16 +188,6 @@
                            <p:message for="status" />                
                        </div>
                        <div class="col-sm-12 col-md-3">                        
                            <p:outputLabel for="lastlogin" value="Lastlogin" />
                        </div>
                        <div class="col-sm-12 col-md-3">                        
                            <h:outputText id="lastlogin" value="#{accountView.currentAccount.lastLogin}" />
                        </div>
                        <div class="col-sm-12 col-md-6">                        
                            <p:message for="lastlogin" />
                        </div>
                        <div class="col-sm-12 col-md-3">
                            <p:outputLabel for="createdon" value="Created on" />
                        </div>
@ -246,6 +260,55 @@
            </h:form>
        </p:dialog>
        <p:dialog id="editLoginDialog" widgetVar="editLoginDialogVar" header="Edit account login" width="600"
                  modal="true" appendTo="@(body)" showEffect="fade" hideEffect="fade" styleClass="box-solid box-primary" >            
            <h:form id="editLoginDialogForm">
                <p:messages id="editLoginDialogMessages" showDetail="true" showIcon="true" showSummary="true">
                    <p:autoUpdate />
                </p:messages>
                <div class="ui-g ui-fluid">
                    <o:validateMultiple id="myId" components="password repeatPassword" 
                                        validator="#{accountView.validatePasswords}" message="#{msgs.passwords_different}" />
                    <div class="col-sm-12">
                        <p:outputLabel value="Enter a new password or keep values empty to keep existing / autogenrated value" />
                    </div>
                    <div class="col-sm-12 col-md-3">
                        <p:outputLabel for="password" value="Password" />
                    </div>
                    <div class="col-sm-12 col-md-6">
                        <p:password id="password" value="#{accountView.password}" maxlength="32" size="32" required="false"/>
                    </div>
                    <div class="col-sm-12 col-md-3">
                        <p:message for="password" />                
                    </div>
                    <div class="col-sm-12 col-md-3">
                        <p:outputLabel for="repeatPassword" value="repeat Password" />
                    </div>
                    <div class="col-sm-12 col-md-6">
                        <p:password id="repeatPassword" value="#{accountView.repeatPassword}" maxlength="32" size="32" required="false"/>
                    </div>
                    <div class="col-sm-12 col-md-3">
                        <p:message for="repeatPassword" />                
                    </div>                                    
                    <div class="col-sm-12 col-md-6">
                        <p:spacer height="10px" />
                        <p:commandButton value="Save" action="#{accountView.saveEditAccountLogin}" styleClass="btn-primary btn-block" 
                                         oncomplete="if (args &amp;&amp; !args.validationFailed) PF('editLoginDialogVar').hide();" update=":accountForm:accountTable,:accountForm:buttonPanel" />
                    </div>
                    <div class="col-sm-12 col-md-6">
                        <p:spacer height="10px" />
                        <p:commandButton value="Cancel" action="#{accountView.cancelEditAccountLogin}" immediate="true" styleClass="btn-teal btn-block"
                                         oncomplete="PF('editLoginDialogVar').hide();" />
                    </div>
                </div>
            </h:form>
        </p:dialog>
    </ui:define>
 </ui:composition>
--- a/account-ui/src/main/webapp/web/index.xhtml
+++ b/account-ui/src/main/webapp/web/index.xhtml
@ -15,7 +15,7 @@
    <ui:define name="body" >
-        <h:form id="applicationForm">           
+        <h:form id="applicationForm" prependId="false">           
            <p:panel styleClass="box-solid">
                <div class="ui-g ui-fluid">
                    <div class="col-sm-12 col-md-6">
--- a/account/pom.xml
+++ b/account/pom.xml
@ -66,6 +66,12 @@
            <artifactId>jcl-over-slf4j</artifactId>            
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>de.muehlencord.shared</groupId>
            <artifactId>shared-util</artifactId>
            <version>1.1-SNAPSHOT</version>
            <type>jar</type>
        </dependency>
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-api</artifactId>
--- a/account/sql/account_prefill.sql
+++ b/account/sql/account_prefill.sql
@ -1,18 +1,32 @@
 DELETE FROM config;
 DELETE FROM account_role;
 DELETE FROM account_login;
 DELETE FROM account;
 DELETE FROM role_permission;
 DELETE FROM application_role;
 DELETE FROM application_permission;
 DELETE FROM application;
-- application configuration
+INSERT INTO application (id, application_name) values ('143a2bd3-7e0b-4162-a76e-3031331c7dfe', 'Account UI');
 INSERT INTO application_permission (id, permission_name, permission_description) values ('dfd0f8f1-4a51-4fdc-9a1c-a942bee9b649', 'test:view', 'Display test view');
 INSERT INTO application_role (id, role_name, role_description) values ('5cd0aca0-5466-483d-8f3e-c369f8061131','Admin', 'Admin role');
 INSERT INTO application_role (id, role_name, role_description) values ('da30060e-fd23-4016-a506-4e12e9322148', 'User', 'Standard user role');
-- account
+-- permissions not used in Account UI
-INSERT INTO account (id, username, firstname, lastname, emailaddress, account_password, created_by, last_updated_by) values ('2a712ed4-30f8-47b4-a002-7d87441b7013', 'system', 'system', 'system', 'n/a', 'n/a', 'system', 'system');
+-- INSERT INTO application_permission (id, permission_name, permission_description) values ('dfd0f8f1-4a51-4fdc-9a1c-a942bee9b649', 'test:view', 'Display test view');
-INSERT INTO account (id, username, emailaddress, firstname, lastname, account_password, created_by, last_updated_by) values('ab5c8337-6872-4aea-a9b9-78ea63706b8f','admin', 'joern@muehlencord.de', 'Joern', 'Muehlencord','$shiro1$SHA-256$500000$4bHPNH9k539UjdFLgm/HOA==$T/n8skgoGSOtNw/c9ScDlXCiGrx2cZF0Esrvf6WPq6g=', 'admin','admin'); --admin/secret
+
 -- add roles to Account UI application
 INSERT INTO application_role (id, application, role_name, role_description) values ('5cd0aca0-5466-483d-8f3e-c369f8061131','143a2bd3-7e0b-4162-a76e-3031331c7dfe', 'Admin', 'Admin role');
 INSERT INTO application_role (id, application, role_name, role_description) values ('da30060e-fd23-4016-a506-4e12e9322148','143a2bd3-7e0b-4162-a76e-3031331c7dfe', 'User', 'Standard user role');
 -- create accounts
 INSERT INTO account (id, username, firstname, lastname, emailaddress, created_by, last_updated_by) values ('2a712ed4-30f8-47b4-a002-7d87441b7013', 'system', 'system', 'system', 'n/a', 'system', 'system');
 INSERT INTO account (id, username, emailaddress, firstname, lastname, created_by, last_updated_by) values('ab5c8337-6872-4aea-a9b9-78ea63706b8f','admin', 'joern@muehlencord.de', 'Joern', 'Muehlencord','system','system'); --admin/secret
 -- assign AccountUI.Admin role to admin user
 INSERT INTO account_role (account, account_role) values ('ab5c8337-6872-4aea-a9b9-78ea63706b8f', '5cd0aca0-5466-483d-8f3e-c369f8061131');
-
+-- create login for user admin (login admin, password secret)
 INSERT INTO account_login (account, account_password, created_by, last_updated_by) VALUES ('ab5c8337-6872-4aea-a9b9-78ea63706b8f', '$shiro1$SHA-256$500000$4bHPNH9k539UjdFLgm/HOA==$T/n8skgoGSOtNw/c9ScDlXCiGrx2cZF0Esrvf6WPq6g=', 'system', 'system');
 -- config
-INSERT INTO config (config_key, config_key_account, config_value) VALUES ('account.maxFailedLogins', '2a712ed4-30f8-47b4-a002-7d87441b7013', '5');
+INSERT INTO config (application, config_key, config_key_account, config_value) VALUES ('143a2bd3-7e0b-4162-a76e-3031331c7dfe', 'account.maxFailedLogins', '2a712ed4-30f8-47b4-a002-7d87441b7013', '5');
--- a/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/AccountControl.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/AccountControl.java
@ -6,10 +6,11 @@ import de.muehlencord.shared.account.business.config.boundary.ConfigService;
 import de.muehlencord.shared.account.business.mail.entity.MailException;
 import de.muehlencord.shared.account.business.mail.boundary.MailService;
 import de.muehlencord.shared.account.business.account.entity.AccountEntity;
 import de.muehlencord.shared.account.business.account.entity.AccountLoginEntity;
 import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
 import de.muehlencord.shared.account.business.config.entity.ConfigException;
 import de.muehlencord.shared.account.util.SecurityUtil;
 import de.muehlencord.shared.util.DateUtil;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Date;
@ -43,6 +44,9 @@ public class AccountControl implements Serializable {
    @EJB
    private MailService mailService;
    @Inject
    private ApplicationEntity application;
    @Inject
    EntityManager em;
@ -92,8 +96,8 @@ public class AccountControl implements Serializable {
    }
    @Transactional
-    public AccountEntity saveAccount(ApplicationEntity application, AccountEntity account, List<ApplicationRoleEntity> applicationRoles) {
+    public AccountEntity saveAccount(AccountEntity account, List<ApplicationRoleEntity> applicationRoles) {
-        Date now = new Date(); // Todo now in UTC                                
+        Date now = DateUtil.getCurrentTimeInUTC();
        Subject currentUser = SecurityUtils.getSubject();
        String currentLoggedInUser = currentUser.getPrincipal().toString();
@ -106,11 +110,6 @@ public class AccountControl implements Serializable {
        if (newAccount) {
            account.setCreatedOn(now);
            account.setCreatedBy(currentLoggedInUser);
            // set default random password, user has to get password via lost passwort option afterwards
            String randomPassword = RandomStringUtils.random(20, true, true);
            String hashedPassword = SecurityUtil.createPassword(randomPassword);
            account.setAccountPassword(hashedPassword);
            em.persist(account);
        } else {
            em.merge(account);
@ -192,10 +191,10 @@ public class AccountControl implements Serializable {
            Date validTo = new Date(); // TODO now in UTC
            validTo = new Date(validTo.getTime() + 1000 * 600); // 10 minutes to react
-            account.setPasswordResetHash(randomString);
+            // TODO rework password reset
-            account.setPasswordResetOngoing(true);
+//            account.setPasswordResetHash(randomString);
-            account.setPasswordResetValidTo(validTo);
+//            account.setPasswordResetOngoing(true);
-
+//            account.setPasswordResetValidTo(validTo);
            mailService.sendPasswortResetStartEmail(account, randomString);
            em.merge(account);
@ -218,6 +217,7 @@ public class AccountControl implements Serializable {
            return false;
        }
        /*
        if (account.getPasswordResetOngoing() && (account.getPasswordResetHash() != null) && (account.getPasswordResetValidTo() != null)) {
            Date now = new Date(); // TODO now in UTC
            String storedHash = account.getPasswordResetHash().trim();
@ -245,17 +245,19 @@ public class AccountControl implements Serializable {
            addLoginError(account);
            return false;
        }
         */
        return false; // FIMXE re-implement password reset
    }
    private void executePasswordReset(AccountEntity account, String newPassword) {
        Date now = new Date(); // TODO now in UTC
        String hashedPassword = SecurityUtil.createPassword(newPassword);
-        account.setAccountPassword(hashedPassword);
+//        account.setAccountPassword(hashedPassword);
-
+//
-        account.setPasswordResetOngoing(false);
+//        account.setPasswordResetOngoing(false);
-        account.setPasswordResetHash(null);
+//        account.setPasswordResetHash(null);
-        account.setPasswordResetValidTo(null);
+//        account.setPasswordResetValidTo(null);
        account.setLastUpdatedBy(account.getUsername());
        account.setLastUpdatedOn(now);
@ -263,52 +265,112 @@ public class AccountControl implements Serializable {
    }
-    public void updateLogin(AccountEntity account) {
+    public AccountLoginEntity updateSuccessFullLogin(AccountLoginEntity login, String byUser) {
-        Date now = new Date(); // TODO now in UTC
+        Date now = DateUtil.getCurrentTimeInUTC();
        // a scucessful login ends a password reset procedure
-        if (account.getPasswordResetOngoing()) {
+        if (login.getPasswordResetOngoing()) {
-            account.setPasswordResetOngoing(false);
+            login.setPasswordResetOngoing(false);
-            account.setPasswordResetHash(null);
+            login.setPasswordResetHash(null);
-            account.setPasswordResetValidTo(null);
+            login.setPasswordResetValidTo(null);
-            account.setLastUpdatedOn(now);
+            login.setLastUpdatedOn(now);
-            account.setLastUpdatedBy(account.getUsername());
+            login.setLastUpdatedBy(byUser);
        }
-        account.setLastLogin(now);
+        login.setLastLogin(now); 
-        account.setFailureCount(0);
+        login.setFailureCount(0); 
-        account.setStatus(AccountStatus.NORMAL.name());
+        return updateLogin(login);
        em.merge(account);
    }
    public void addLoginError(ApplicationEntity application, AccountEntity account) {
        try {
            Date now = new Date(); // TODO now in UTC
            account.setLastFailedLogin(now);
            account.setFailureCount(account.getFailureCount() + 1);
-            int maxFailedLogins = Integer.parseInt(configService.getConfigValue("account.maxFailedLogins"));
+    public AccountLoginEntity updateLogin(AccountLoginEntity login) {
-            if ((account.getFailureCount() >= maxFailedLogins) && (!account.getStatus().equals("LOCKED"))) { // TOD add status enum
+        return em.merge (login); 
                // max failed logins reached, disabling user
                LOGGER.info("Locking account " + account.getUsername() + " due to " + account.getFailureCount() + " failed logins");
                account.setStatus(AccountStatus.BLOCKED.name());
    }
-            // on a failed login request, disable password reset
+    public void updateLogin (AccountEntity account) {
-            account.setPasswordResetOngoing(false);
+        if (account.getAccountLogin() == null) {
-            account.setPasswordResetHash(null);
+            // TODO connect to IPRS - how can an account ask for an updated login if the user cannot login
            account.setPasswordResetValidTo(null);
            account.setLastUpdatedBy("system");
            account.setLastUpdatedOn(now);
            em.merge(account);
        } catch (ConfigException ex) {
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug(ex.toString(), ex);
        } else {
-                LOGGER.error(ex.toString());
+            updateSuccessFullLogin (account.getAccountLogin(), account.getUsername());
        }
    }
    public void addLoginError(AccountEntity account) {
        // TODO reimplement
 //        try {
 //            Date now = new Date(); // TODO now in UTC
 //            account.setLastFailedLogin(now);
 //            account.setFailureCount(account.getFailureCount() + 1);
 //
 //            int maxFailedLogins = Integer.parseInt(configService.getConfigValue( "account.maxFailedLogins"));
 //            if ((account.getFailureCount() >= maxFailedLogins) && (!account.getStatus().equals("LOCKED"))) { // TOD add status enum
 //                // max failed logins reached, disabling user
 //                LOGGER.info("Locking account " + account.getUsername() + " due to " + account.getFailureCount() + " failed logins");
 //                account.setStatus(AccountStatus.BLOCKED.name());
 //            }
 //
 //            // on a failed login request, disable password reset
 //            account.setPasswordResetOngoing(false);
 //            account.setPasswordResetHash(null);
 //            account.setPasswordResetValidTo(null);
 //
 //            account.setLastUpdatedBy("system");
 //            account.setLastUpdatedOn(now);
 //            em.merge(account);
 //        } catch (ConfigException ex) {
 //            if (LOGGER.isDebugEnabled()) {
 //                LOGGER.debug(ex.toString(), ex);
 //            } else {
 //                LOGGER.error(ex.toString());
 //            }
 //        }
    }
    public AccountLoginEntity createLoginWithRandomPassword() {
        AccountLoginEntity login = new AccountLoginEntity();
        String randomPassword = RandomStringUtils.random(20, true, true);
        String hashedPassword = SecurityUtil.createPassword(randomPassword);
        login.setAccountPassword(hashedPassword);
        login.setLastLogin(null);
        login.setLastFailedLogin(null);
        login.setFailureCount(0);
        return login;
    }
    public String getHashedPassword (String password) {
        String hashedPassword = SecurityUtil.createPassword(password);
        return hashedPassword;
    }
    @Transactional
    public void addLogin(AccountEntity accountToAdd, AccountLoginEntity accountLogin) {
        Date now = DateUtil.getCurrentTimeInUTC();
        Subject currentUser = SecurityUtils.getSubject();
        String currentLoggedInUser = currentUser.getPrincipal().toString();
        AccountEntity account = em.merge(accountToAdd);
        accountLogin.setAccount(account);
        accountLogin.setCreatedBy(currentLoggedInUser);
        accountLogin.setCreatedOn(now);
        accountLogin.setLastUpdatedBy(currentLoggedInUser);
        accountLogin.setLastUpdatedOn(now);
        em.persist(accountLogin);
        account.setAccountLogin(accountLogin);
        em.merge(account);
    }
    @Transactional
    public void deleteLogin(AccountEntity accountToDelete) {
        AccountEntity account = em.merge(accountToDelete);
        AccountLoginEntity login = account.getAccountLogin();
        login.setAccount(null);
        account.setAccountLogin(null);
        em.remove(login);
        em.merge(account);
    }
 }
--- a/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApplicationPermissionControl.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApplicationPermissionControl.java
@ -2,7 +2,6 @@ package de.muehlencord.shared.account.business.account.boundary;
 import de.muehlencord.shared.account.business.account.entity.AccountException;
 import de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity;
 import de.muehlencord.shared.account.business.application.boundary.ApplicationService;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
 import java.io.Serializable;
 import javax.ejb.Stateless;
@ -10,7 +9,6 @@ import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
 import java.util.List;
 import java.util.ArrayList;
 import javax.ejb.EJB;
 import javax.persistence.OptimisticLockException;
 import javax.persistence.Query;
 import javax.transaction.Transactional;
@ -24,15 +22,12 @@ public class ApplicationPermissionControl implements Serializable {
    private static final long serialVersionUID = -3761100587901739481L;
    @EJB
    ApplicationService applicationService;
    @PersistenceContext
    EntityManager em;
-    public List<ApplicationPermissionEntity> getApplicationPermissions(ApplicationEntity application) {
+    public List<ApplicationPermissionEntity> getApplicationPermissions(ApplicationEntity app) {
        Query query = em.createNamedQuery("ApplicationPermissionEntity.findAll");
-        query.setParameter("application", application);
+        query.setParameter("application", app);
        List<ApplicationPermissionEntity> permissionList = query.getResultList();
        if (permissionList == null) {
            return new ArrayList<>();
@ -54,9 +49,7 @@ public class ApplicationPermissionControl implements Serializable {
    }
    @Transactional
-    public void create(String applicationName, String name, String description) {
+    public void create(ApplicationEntity application,String name, String description) {
        ApplicationEntity application = applicationService.findByApplicationName(applicationName);
        // TODO add error handling if not found
        ApplicationPermissionEntity permission = new ApplicationPermissionEntity(application, name, description);
        em.persist(permission);
    }
@ -68,8 +61,8 @@ public class ApplicationPermissionControl implements Serializable {
    }
    @Transactional
-    public void createOrUpdate(String name, String description) {
+    public void createOrUpdate(ApplicationEntity application, String name, String description) {
-        ApplicationPermissionEntity permission = findByName(name);
+        ApplicationPermissionEntity permission = findByName(application, name);
        if (permission == null) {
            permission = new ApplicationPermissionEntity(name, description);
            em.persist(permission);
@ -92,8 +85,9 @@ public class ApplicationPermissionControl implements Serializable {
        }
    }
-    private ApplicationPermissionEntity findByName(String name) {
+    private ApplicationPermissionEntity findByName(ApplicationEntity application, String name) {
        Query query = em.createNamedQuery("ApplicationPermissionEntity.findByPermissionName");
        query.setParameter("application", application); 
        query.setParameter("permissionName", name);
        List<ApplicationPermissionEntity> permissions = query.getResultList();
        if ((permissions == null) || (permissions.isEmpty())) {
--- a/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApplicationRoleControl.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/account/boundary/ApplicationRoleControl.java
@ -38,9 +38,9 @@ public class ApplicationRoleControl implements Serializable {
    @PersistenceContext
    EntityManager em;
-    public List<ApplicationRoleEntity> getAllRoles(ApplicationEntity application) {
+    public List<ApplicationRoleEntity> getAllRoles(ApplicationEntity app) {
        Query query = em.createNamedQuery("ApplicationRoleEntity.findAll");
-        query.setParameter ("application", application); 
+        query.setParameter("application", app);
        List<ApplicationRoleEntity> roles = query.getResultList();
        if (roles == null) {
@ -68,7 +68,7 @@ public class ApplicationRoleControl implements Serializable {
    }
    @Transactional
-    public void update (ApplicationRoleEntity role) {
+    public void update(ApplicationRoleEntity role) {
        em.merge(role);
    }
@ -144,6 +144,4 @@ public class ApplicationRoleControl implements Serializable {
        em.merge(role);
    }
 }
--- a/account/src/main/java/de/muehlencord/shared/account/business/account/entity/AccountEntity.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/account/entity/AccountEntity.java
@ -26,7 +26,6 @@ import javax.persistence.TemporalType;
 import javax.validation.constraints.NotNull;
 import javax.validation.constraints.Size;
 import javax.xml.bind.annotation.XmlRootElement;
 import javax.xml.bind.annotation.XmlTransient;
 import org.hibernate.annotations.GenericGenerator;
 import org.hibernate.annotations.Type;
@ -38,27 +37,14 @@ import org.hibernate.annotations.Type;
@Table(name = "account")
@XmlRootElement
@NamedQueries({
-    @NamedQuery(name = "AccountEntity.findAll", query = "SELECT a FROM AccountEntity a ORDER by a.username"),
+    @NamedQuery(name = "AccountEntity.findAll", query = "SELECT a FROM AccountEntity a ORDER by a.lastname, a.firstname"),
    @NamedQuery(name = "AccountEntity.findByUsername", query = "SELECT a FROM AccountEntity a WHERE a.username = :username"),
    @NamedQuery(name = "AccountEntity.findByFirstname", query = "SELECT a FROM AccountEntity a WHERE a.firstname = :firstname ORDER BY a.username"),
    @NamedQuery(name = "AccountEntity.findByLastname", query = "SELECT a FROM AccountEntity a WHERE a.lastname = :lastname ORDER BY a.username"),
    @NamedQuery(name = "AccountEntity.findByAccountPassword", query = "SELECT a FROM AccountEntity a WHERE a.accountPassword = :accountPassword"),
    @NamedQuery(name = "AccountEntity.findByLastLogin", query = "SELECT a FROM AccountEntity a WHERE a.lastLogin = :lastLogin"),
    @NamedQuery(name = "AccountEntity.findByLastFailedLogin", query = "SELECT a FROM AccountEntity a WHERE a.lastFailedLogin = :lastFailedLogin"),
    @NamedQuery(name = "AccountEntity.findByFailureCount", query = "SELECT a FROM AccountEntity a WHERE a.failureCount = :failureCount"),
    @NamedQuery(name = "AccountEntity.findByStatus", query = "SELECT a FROM AccountEntity a WHERE a.status = :status"),
    @NamedQuery(name = "AccountEntity.findByPasswordResetOngoing", query = "SELECT a FROM AccountEntity a WHERE a.passwordResetOngoing = :passwordResetOngoing"),
    @NamedQuery(name = "AccountEntity.findByPasswordResetValidTo", query = "SELECT a FROM AccountEntity a WHERE a.passwordResetValidTo = :passwordResetValidTo"),
    @NamedQuery(name = "AccountEntity.findByPasswordResetHash", query = "SELECT a FROM AccountEntity a WHERE a.passwordResetHash = :passwordResetHash"),
    @NamedQuery(name = "AccountEntity.findByCreatedOn", query = "SELECT a FROM AccountEntity a WHERE a.createdOn = :createdOn"),
    @NamedQuery(name = "AccountEntity.findByCreatedBy", query = "SELECT a FROM AccountEntity a WHERE a.createdBy = :createdBy"),
    @NamedQuery(name = "AccountEntity.findByLastUpdatedOn", query = "SELECT a FROM AccountEntity a WHERE a.lastUpdatedOn = :lastUpdatedOn"),
    @NamedQuery(name = "AccountEntity.findByLastUpdatedBy", query = "SELECT a FROM AccountEntity a WHERE a.lastUpdatedBy = :lastUpdatedBy")})
 public class AccountEntity implements Serializable, Account {
    @OneToMany(cascade = CascadeType.ALL, mappedBy = "account")
    private List<ConfigEntity> configEntityList;
    private static final long serialVersionUID = 6216991757526150935L;
    @Id
@ -71,6 +57,16 @@ public class AccountEntity implements Serializable, Account {
    private UUID id;
    @Basic(optional = false)
    @NotNull
    @Size(min = 1, max = 32)
    @Column(name = "username")
    private String username;
    @Basic(optional = false)
    @NotNull
    @Size(min = 1, max = 200)
    @Column(name = "emailaddress")
    private String emailaddress;
    @Basic(optional = false)
    @NotNull
    @Size(min = 1, max = 100)
    @Column(name = "firstname")
    private String firstname;
@ -81,36 +77,11 @@ public class AccountEntity implements Serializable, Account {
    private String lastname;
    @Basic(optional = false)
    @NotNull
    @Size(min = 1, max = 200)
    @Column(name = "account_password", columnDefinition = "bpchar(200)")
    private String accountPassword;
    @Column(name = "last_login")
    @Temporal(TemporalType.TIMESTAMP)
    private Date lastLogin;
    @Column(name = "last_failed_login")
    @Temporal(TemporalType.TIMESTAMP)
    private Date lastFailedLogin;
    @Basic(optional = false)
    @NotNull
    @Column(name = "failure_count")
    private int failureCount;
    @Basic(optional = false)
    @NotNull
    @Size(min = 1, max = 10)
    @Column(name = "status")
    private String status;
    @Basic(optional = false)
    @NotNull
    @Column(name = "password_reset_ongoing")
    private boolean passwordResetOngoing;
    @Column(name = "password_reset_valid_to")
    @Temporal(TemporalType.TIMESTAMP)
    private Date passwordResetValidTo;
    @Size(max = 200)
    @Column(name = "password_reset_hash", columnDefinition = "bpchar(200)")
    private String passwordResetHash;
    @Basic(optional = false)
    @NotNull
    @Column(name = "created_on")
    @Temporal(TemporalType.TIMESTAMP)
    private Date createdOn;
@ -138,20 +109,13 @@ public class AccountEntity implements Serializable, Account {
    private List<AccountHistoryEntity> accountHistoryList;
    @OneToOne(cascade = CascadeType.ALL, mappedBy = "account")
    private AccountLoginEntity accountLogin;
    @OneToMany(cascade = CascadeType.ALL, mappedBy = "account")
    private List<ConfigEntity> configItems;
    public AccountEntity() {
        // empty constructor required for JPA
    }
    @Override
    public String getUsername() {
        if (accountLogin == null) {
            return null;
        } else {
            return accountLogin.getUsername();
        }
    }
    public void addApplicationRole(ApplicationRoleEntity applicationRole) {
        if (applicationRoleList == null) {
            applicationRoleList = new ArrayList<>();
@ -168,7 +132,22 @@ public class AccountEntity implements Serializable, Account {
        this.id = id;
    }
-    @Override
+    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getEmailaddress() {
        return emailaddress;
    }
    public void setEmailaddress(String emailaddress) {
        this.emailaddress = emailaddress;
    }
    public String getFirstname() {
        return firstname;
    }
@ -177,7 +156,6 @@ public class AccountEntity implements Serializable, Account {
        this.firstname = firstname;
    }
    @Override
    public String getLastname() {
        return lastname;
    }
@ -186,38 +164,6 @@ public class AccountEntity implements Serializable, Account {
        this.lastname = lastname;
    }
    public String getAccountPassword() {
        return accountPassword;
    }
    public void setAccountPassword(String accountPassword) {
        this.accountPassword = accountPassword;
    }
    public Date getLastLogin() {
        return lastLogin;
    }
    public void setLastLogin(Date lastLogin) {
        this.lastLogin = lastLogin;
    }
    public Date getLastFailedLogin() {
        return lastFailedLogin;
    }
    public void setLastFailedLogin(Date lastFailedLogin) {
        this.lastFailedLogin = lastFailedLogin;
    }
    public int getFailureCount() {
        return failureCount;
    }
    public void setFailureCount(int failureCount) {
        this.failureCount = failureCount;
    }
    public String getStatus() {
        return status;
    }
@ -226,30 +172,6 @@ public class AccountEntity implements Serializable, Account {
        this.status = status;
    }
    public boolean getPasswordResetOngoing() {
        return passwordResetOngoing;
    }
    public void setPasswordResetOngoing(boolean passwordResetOngoing) {
        this.passwordResetOngoing = passwordResetOngoing;
    }
    public Date getPasswordResetValidTo() {
        return passwordResetValidTo;
    }
    public void setPasswordResetValidTo(Date passwordResetValidTo) {
        this.passwordResetValidTo = passwordResetValidTo;
    }
    public String getPasswordResetHash() {
        return passwordResetHash;
    }
    public void setPasswordResetHash(String passwordResetHash) {
        this.passwordResetHash = passwordResetHash;
    }
    public Date getCreatedOn() {
        return createdOn;
    }
@ -282,7 +204,6 @@ public class AccountEntity implements Serializable, Account {
        this.lastUpdatedBy = lastUpdatedBy;
    }
    @XmlTransient
    public List<ApplicationRoleEntity> getApplicationRoleList() {
        return applicationRoleList;
    }
@ -291,7 +212,6 @@ public class AccountEntity implements Serializable, Account {
        this.applicationRoleList = applicationRoleList;
    }
    @XmlTransient
    public List<AccountHistoryEntity> getAccountHistoryList() {
        return accountHistoryList;
    }
@ -300,6 +220,22 @@ public class AccountEntity implements Serializable, Account {
        this.accountHistoryList = accountHistoryList;
    }
    public AccountLoginEntity getAccountLogin() {
        return accountLogin;
    }
    public void setAccountLogin(AccountLoginEntity accountLogin) {
        this.accountLogin = accountLogin;
    }
    public List<ConfigEntity> getConfigItems() {
        return configItems;
    }
    public void setConfigItems(List<ConfigEntity> configItems) {
        this.configItems = configItems;
    }
    @Override
    public int hashCode() {
        int hash = 0;
@ -324,22 +260,4 @@ public class AccountEntity implements Serializable, Account {
    public String toString() {
        return "de.muehlencord.shared.account.entity.Account[ id=" + id + " ]";
    }
    public AccountLoginEntity getAccountLogin() {
        return accountLogin;
    }
    public void setAccountLogin(AccountLoginEntity accountLogin) {
        this.accountLogin = accountLogin;
    }
    @XmlTransient
    public List<ConfigEntity> getConfigEntityList() {
        return configEntityList;
    }
    public void setConfigEntityList(List<ConfigEntity> configEntityList) {
        this.configEntityList = configEntityList;
    }
 }
--- a/account/src/main/java/de/muehlencord/shared/account/business/account/entity/AccountLoginEntity.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/account/entity/AccountLoginEntity.java
@ -14,7 +14,6 @@ import javax.persistence.Entity;
 import javax.persistence.GeneratedValue;
 import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.Lob;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.OneToOne;
@ -61,16 +60,6 @@ public class AccountLoginEntity implements Serializable {
    private UUID id;
    @Basic(optional = false)
    @NotNull
    @Size(min = 1, max = 32)
    @Column(name = "username")
    private String username;
    @Basic(optional = false)
    @NotNull
    @Size(min = 1, max = 200)
    @Column(name = "emailaddress")
    private String emailaddress;    
    @Basic(optional = false)
    @NotNull
    @Size(min = 1, max = 200)
    @Column(name = "account_password")
    private String accountPassword;
@ -226,22 +215,6 @@ public class AccountLoginEntity implements Serializable {
        this.account = account;
    }
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public String getEmailaddress() {
        return emailaddress;
    }
    public void setEmailaddress(String emailaddress) {
        this.emailaddress = emailaddress;
    }    
    @Override
    public int hashCode() {
        int hash = 0;
--- a/account/src/main/java/de/muehlencord/shared/account/business/application/boundary/ApplicationService.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/application/boundary/ApplicationService.java
@ -4,6 +4,7 @@ import de.muehlencord.shared.account.business.application.entity.ApplicationEnti
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.UUID;
 import javax.ejb.Stateless;
 import javax.inject.Inject;
 import javax.persistence.EntityManager;
@ -25,6 +26,10 @@ public class ApplicationService implements Serializable {
    @Inject
    EntityManager em;
    public ApplicationEntity findById(UUID id) {
        return em.find(ApplicationEntity.class, id);
    }
    public List<ApplicationEntity> getAllApplications() {
        Query query = em.createNamedQuery("ApplicationEntity.findAll");
        List<ApplicationEntity> resultList = query.getResultList();
--- a/account/src/main/java/de/muehlencord/shared/account/business/application/entity/ApplicationEntity.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/application/entity/ApplicationEntity.java
@ -55,7 +55,7 @@ public class ApplicationEntity implements Serializable {
    @OneToMany(cascade = CascadeType.ALL, mappedBy = "application")
    private List<ApplicationPermissionEntity> applicationPermissions;
    @OneToMany(cascade = CascadeType.ALL, mappedBy = "application")
-    private List<ConfigEntity> configItems;
+    private List<ConfigEntity> configEntityList;
    public ApplicationEntity() {
    }
@ -85,6 +85,24 @@ public class ApplicationEntity implements Serializable {
        this.applicationRoleEntityList = applicationRoleEntityList;
    }
    @XmlTransient
    public List<ApplicationPermissionEntity> getApplicationPermissions() {
        return applicationPermissions;
    }
    public void setApplicationPermissions(List<ApplicationPermissionEntity> applicationPermissions) {
        this.applicationPermissions = applicationPermissions;
    }
    @XmlTransient
    public List<ConfigEntity> getConfigEntityList() {
        return configEntityList;
    }
    public void setConfigEntityList(List<ConfigEntity> configEntityList) {
        this.configEntityList = configEntityList;
    }
    @Override
    public int hashCode() {
        int hash = 0;
@ -110,22 +128,4 @@ public class ApplicationEntity implements Serializable {
        return "de.muehlencord.shared.account.business.application.entity.ApplicationEntity[ id=" + id + " ]";
    }
    @XmlTransient
    public List<ApplicationPermissionEntity> getApplicationPermissions() {
        return applicationPermissions;
    }
    public void setApplicationPermissions(List<ApplicationPermissionEntity> applicationPermissions) {
        this.applicationPermissions = applicationPermissions;
    }
    @XmlTransient
    public List<ConfigEntity> getConfigItems() {
        return configItems;
    }
    public void setConfigItems(List<ConfigEntity> configItems) {
        this.configItems = configItems;
    }
 }
--- a/account/src/main/java/de/muehlencord/shared/account/business/config/boundary/ConfigService.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/config/boundary/ConfigService.java
@ -36,19 +36,8 @@ public class ConfigService implements Serializable {
    @Inject
    EntityManager em;
-//    private String storagePath = null;
+    @Inject
-//    private int maxFailedLogins = 5;
+    ApplicationEntity application;
    @PostConstruct
    public void init() {
 //        ConfigEntity configEntity = em.find(ConfigEntity.class, "storage.path");
 //        if (configEntity != null) {
 //            this.storagePath = configEntity.getConfigValue();
 //        }
 //        configEntity = em.find(ConfigEntity.class, "account.maxFailedLogins");
 //        if (configEntity != null) {
 //            this.maxFailedLogins = Integer.parseInt(configEntity.getConfigValue());
 //        }
    }
    /**
     * returns global config key which is not assigned to any. If more than one
@ -63,9 +52,9 @@ public class ConfigService implements Serializable {
     * more than one value is defined for the given key but none of the values
     * is defined for the system user
     */
-    public String getConfigValue(ApplicationEntity application, String configKey) throws ConfigException {
+    public String getConfigValue(String configKey) throws ConfigException {
        Query query = em.createNamedQuery("ConfigEntity.findByConfigKey");
-        query.setParameter ("application", application);
+        query.setParameter("application", application);
        query.setParameter("configKey", configKey);
        List<ConfigEntity> configList = query.getResultList();
        if ((configList == null) || (configList.isEmpty())) {
@ -88,13 +77,13 @@ public class ConfigService implements Serializable {
        }
    }
-    public String getConfigValue(ApplicationEntity application, String configKey, String defaultValue) throws ConfigException {
+    public String getConfigValue(String configKey, String defaultValue) throws ConfigException {
-        return getConfigValue(application, configKey, defaultValue, false);
+        return getConfigValue(configKey, defaultValue, false);
    }
-    public String getConfigValue(ApplicationEntity application, String configKey, String defaultValue, boolean storeDefaultValue) throws ConfigException {
+    public String getConfigValue(String configKey, String defaultValue, boolean storeDefaultValue) throws ConfigException {
        // get configValue as usual
-        String configValue = getConfigValue(application, configKey);
+        String configValue = getConfigValue(configKey);
        // if config value is not found null has been returned
        // in this case the value to return is the defaultValue
@ -105,13 +94,13 @@ public class ConfigService implements Serializable {
        // check if the default value should be stored in the database
        if (storeDefaultValue) {
            AccountEntity account = getAccount("system");
-            updateConfigValue(application, configKey, account, configValue);
+            updateConfigValue(configKey, account, configValue);
        }
        return defaultValue;
    }
-    public String getConfigValue(ApplicationEntity application, String configKey, Account account, boolean fallbackToSystem) throws ConfigException {
+    public String getConfigValue(String configKey, Account account, boolean fallbackToSystem) throws ConfigException {
        Query query = em.createNamedQuery("ConfigEntity.findByConfigKeyAndAccount");
        query.setParameter("configKey", configKey);
        query.setParameter("account", account);
@ -119,7 +108,7 @@ public class ConfigService implements Serializable {
        if ((configList == null) || (configList.isEmpty())) {
            // fallback to default / system value
            if (fallbackToSystem) {
-                return getConfigValue(application, configKey);
+                return getConfigValue(configKey);
            } else {
                return null;
            }
@ -132,8 +121,8 @@ public class ConfigService implements Serializable {
        }
    }
-    public String getConfigValue(ApplicationEntity application, String configKey, String defaultValue, boolean storeDefaultValue, Account account, boolean fallbackToSystem) throws ConfigException {
+    public String getConfigValue(String configKey, String defaultValue, boolean storeDefaultValue, Account account, boolean fallbackToSystem) throws ConfigException {
-        String configValue = getConfigValue(application, configKey, account, fallbackToSystem);
+        String configValue = getConfigValue(configKey, account, fallbackToSystem);
        if (configValue == null) {
            // value not found for given account and if allowed also not found for system user
@ -142,7 +131,7 @@ public class ConfigService implements Serializable {
        // check if the default value should be stored in the database
        if (storeDefaultValue) {
-            updateConfigValue(application, configKey, account, configValue);
+            updateConfigValue(configKey, account, configValue);
        }
        return configValue;
@ -150,14 +139,14 @@ public class ConfigService implements Serializable {
    @Transactional
    @Lock(LockType.WRITE)
-    public boolean updateConfigValue(ApplicationEntity application,String configKey, String configValue) throws ConfigException {
+    public boolean updateConfigValue(String configKey, String configValue) throws ConfigException {
        Account account = getAccount("system");
-        return updateConfigValue(application, configKey, account, configValue);
+        return updateConfigValue(configKey, account, configValue);
    }
    @Transactional
    @Lock(LockType.WRITE)
-    public boolean updateConfigValue(ApplicationEntity application,String configKey, String accountName, String configValue) {
+    public boolean updateConfigValue(String configKey, String accountName, String configValue) {
        Account account = getAccount(accountName);
        if (accountName == null) {
            return false;
@ -166,12 +155,12 @@ public class ConfigService implements Serializable {
            LOGGER.error("Account for usreName {} not found", accountName);
            return false;
        }
-        return updateConfigValue(application, configKey, account, configValue);
+        return updateConfigValue(configKey, account, configValue);
    }
    @Transactional
    @Lock(LockType.WRITE)
-    public boolean updateConfigValue(ApplicationEntity application, String configKey, Account account, String configValue) {
+    public boolean updateConfigValue(String configKey, Account account, String configValue) {
        if ((configKey == null) || (configKey.equals("")) || (configValue == null) || (configValue.equals(""))) {
            // null or empty key / values are not possible            
            return false;
@ -182,7 +171,7 @@ public class ConfigService implements Serializable {
            return false;
        }
-        AccountEntity accountEntity = getAccount (account.getUsername()); 
+        AccountEntity accountEntity = getAccount(account.getUsername());
        ConfigEntityPK pk = new ConfigEntityPK(application, configKey, accountEntity);
        ConfigEntity currentEntity = em.find(ConfigEntity.class, pk);
        if (currentEntity == null) {
@ -212,26 +201,4 @@ public class ConfigService implements Serializable {
            return accountList.get(0);
        }
    }
    /* *** getter *** */
    /**
     * FIXME remove, this is application specific
     *
     * @return
     * @deprecated replace by getConfigValue ("storage.path")
     */
 //    @Deprecated
 //    public String getStoragePath() {
 //        return storagePath;
 //    }
    /**
     * // TODO move to accountControl
     *
     * @return
     * @deprecated replace by getConfigValue ("account.maxFailedLogins")
     */
 //    @Deprecated
 //    public int getMaxFailedLogins() {
 //        return maxFailedLogins;
 //    }
 }
--- a/account/src/main/java/de/muehlencord/shared/account/business/config/entity/ConfigEntity.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/config/entity/ConfigEntity.java
@ -63,6 +63,12 @@ public class ConfigEntity implements Serializable {
    @Size(max = 200)
    @Column(name = "config_key_group")
    private String configKeyGroup;  
    @JoinColumn(name = "config_key_account", referencedColumnName = "id", insertable = false, updatable = false)
    @ManyToOne(optional = false)
    private AccountEntity account;
    @JoinColumn(name = "application", referencedColumnName = "id", insertable = false, updatable = false)
    @ManyToOne(optional = false)
    private ApplicationEntity application;    
    public ConfigEntity() {
    }
@ -124,4 +130,20 @@ public class ConfigEntity implements Serializable {
        return "de.muehlencord.shared.account.business.config.entity.Config[ configPK=" + configPK + " ]";
    }
    public AccountEntity getAccount() {
        return account;
    }
    public void setAccount(AccountEntity account) {
        this.account = account;
    }
    public ApplicationEntity getApplication() {
        return application;
    }
    public void setApplication(ApplicationEntity application) {
        this.application = application;
    }
 }
--- a/account/src/main/java/de/muehlencord/shared/account/business/mail/boundary/MailService.java
+++ b/account/src/main/java/de/muehlencord/shared/account/business/mail/boundary/MailService.java
@ -189,7 +189,7 @@ public class MailService implements Serializable {
        String resetUrlWithToken = passwordResetUrl + "?token=" + token;
        model.addParameter("url", baseUrl);
        model.addParameter("resetUrl", resetUrlWithToken);
-        return sendHTMLMail(account.getAccountLogin().getEmailaddress(), "Reset your password", model, "password_reset_html");
+        return sendHTMLMail(account.getEmailaddress(), "Reset your password", model, "password_reset_html");
    }
    private String transportMail(Message message) throws MessagingException {
--- a/account/src/test/java/de/muehlencord/shared/account/business/config/boundary/ConfigServiceTest.java
+++ b/account/src/test/java/de/muehlencord/shared/account/business/config/boundary/ConfigServiceTest.java
@ -37,9 +37,9 @@ public class ConfigServiceTest {
        application.setApplicationName("Test App"); 
        AccountEntity account = new AccountEntity();
        account.setUsername("system"); 
        AccountLoginEntity login = new AccountLoginEntity();        
        login.setAccount (account); 
        login.setUsername("system"); 
        account.setAccountLogin(login); 
        ConfigEntityPK pk = new ConfigEntityPK(application, "account.maxFailedLogins", account); 
@ -52,7 +52,7 @@ public class ConfigServiceTest {
    @Ignore
    // TODO move to account test
    public void testGetMaxFailedLogins() {
-        configService.init();
+//        configService.init();
 //        assertEquals ("maxFailedLogins", 7, configService.getMaxFailedLogins());        
    }
--- a/account/src/test/java/de/muehlencord/shared/account/util/SecurityUtilTest.java
+++ b/account/src/test/java/de/muehlencord/shared/account/util/SecurityUtilTest.java
@ -0,0 +1,22 @@
 /*
 * To change this license header, choose License Headers in Project Properties.
 * To change this template file, choose Tools | Templates
 * and open the template in the editor.
 */
 package de.muehlencord.shared.account.util;
 import org.junit.Test;
 /**
 *
 * @author Joern Muehlencord <joern at muehlencord.de>
 */
 public class SecurityUtilTest {
    @Test
    public void testCreatePassword() {
        System.out.println (SecurityUtil.createPassword("secret")); 
    }
 }