From c05ba11044f2cef0e7a2e2ee44494de5ecffa23e Mon Sep 17 00:00:00 2001
From: jomu <joern@muehlencord.de>
Date: Thu, 22 Nov 2018 14:54:48 +0100
Subject: [PATCH] started to implement permission handling into views and pages

---
 .../account/web/EnsurePermissionsBean.java    |  81 ++++++
 .../account/web/FacesContextProducer.java     |   2 +
 .../account/web/PermissionConstants.java      |  48 ++++
 .../account/web/presentation/AccountView.java |   2 +-
 .../web/presentation/ApplicationView.java     |  31 +-
 .../web/presentation/PermissionView.java      |   4 +-
 .../account/web/presentation/RoleView.java    |   4 +-
 .../UniqueApplicationRoleNameValidator.java   | 125 ++++----
 .../UniqueApplicationValidator.java           |  15 +-
 .../UniquePermissionNameValidator.java        | 128 +++++----
 .../main/resources/META-INF/persistence.xml   |   9 +-
 .../main/resources/admin-config.properties    |   2 +-
 account-ui/src/main/webapp/WEB-INF/shiro.ini  | 124 ++++----
 account-ui/src/main/webapp/WEB-INF/web.xml    |   2 +-
 account-ui/src/main/webapp/login.xhtml        | 190 ++++++-------
 .../webapp/resources/template/leftmenu.xhtml  | 101 ++++---
 .../webapp/resources/template/template.xhtml  |   2 +-
 .../web/{account.xhtml => accounts.xhtml}     | 180 ++++++------
 .../src/main/webapp/web/applications.xhtml    |  84 ++++++
 account-ui/src/main/webapp/web/index.xhtml    |  79 +----
 .../src/main/webapp/web/permissions.xhtml     | 216 +++++++-------
 account-ui/src/main/webapp/web/roles.xhtml    | 269 +++++++++---------
 22 files changed, 955 insertions(+), 743 deletions(-)
 create mode 100644 account-ui/src/main/java/de/muehlencord/shared/account/web/EnsurePermissionsBean.java
 create mode 100644 account-ui/src/main/java/de/muehlencord/shared/account/web/PermissionConstants.java
 rename account-ui/src/main/webapp/web/{account.xhtml => accounts.xhtml} (62%)
 create mode 100644 account-ui/src/main/webapp/web/applications.xhtml

diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/EnsurePermissionsBean.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/EnsurePermissionsBean.java
new file mode 100644
index 0000000..cb180ad
--- /dev/null
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/EnsurePermissionsBean.java
@@ -0,0 +1,81 @@
+/*
+ * Copyright 2018 Joern Muehlencord <joern at muehlencord.de>.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.muehlencord.shared.account.web;
+
+import de.muehlencord.shared.account.business.account.boundary.AccountPermissions;
+import de.muehlencord.shared.account.business.account.entity.AccountException;
+import de.muehlencord.shared.account.business.application.boundary.ApplicationPermissions;
+import de.muehlencord.shared.account.business.application.control.ApplicationPermissionControl;
+import de.muehlencord.shared.account.business.application.control.ApplicationRoleControl;
+import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
+import java.util.Arrays;
+import javax.enterprise.context.ApplicationScoped;
+import javax.enterprise.context.Initialized;
+import javax.enterprise.event.Observes;
+import javax.inject.Inject;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+/**
+ *
+ * @author Joern Muehlencord <joern at muehlencord.de>
+ */
+@ApplicationScoped
+public class EnsurePermissionsBean {
+
+    @Inject
+    ApplicationEntity application;
+
+    @Inject
+    ApplicationPermissionControl applicationPermissionControl;
+
+    @Inject
+    ApplicationRoleControl applicationRoleControl;
+
+    private static final Logger LOGGER = LoggerFactory.getLogger(EnsurePermissionsBean.class);
+
+    public void init(@Observes @Initialized(ApplicationScoped.class) Object init) {
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug("Ensure all permissions for {} are available", application.getApplicationName());
+        }
+        applicationPermissionControl.setupPermissions(Arrays.asList(ApplicationPermissions.values()));
+        applicationPermissionControl.setupPermissions(Arrays.asList(AccountPermissions.values()));
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug("All permissions added to application", application.getApplicationName());
+        }
+
+        // all permissions available - ensure permission is assigned to Admin role
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug("Ensuring Admin role for {} has all permissions", application.getApplicationName());
+        }
+        try {
+            applicationRoleControl.setupRolePermission(Arrays.asList(ApplicationPermissions.values()), "Admin"); // NOI18N
+            applicationRoleControl.setupRolePermission(Arrays.asList(AccountPermissions.values()), "Admin"); // NOI18N
+        } catch (AccountException ex) {
+            LOGGER.error("Error adding permission to Admin role");
+            if (LOGGER.isDebugEnabled()) {
+                LOGGER.debug(ex.toString(), ex);
+            } else {
+                LOGGER.error(ex.toString());
+            }
+        }
+        if (LOGGER.isDebugEnabled()) {
+            LOGGER.debug("All permissions added to Admin role of {}", application.getApplicationName());
+        }
+
+    }
+
+}
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/FacesContextProducer.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/FacesContextProducer.java
index d26de80..5a2b950 100644
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/FacesContextProducer.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/FacesContextProducer.java
@@ -15,6 +15,7 @@
  */
 package de.muehlencord.shared.account.web;
 
+import javax.enterprise.context.ApplicationScoped;
 import javax.enterprise.context.ContextNotActiveException;
 import javax.enterprise.context.RequestScoped;
 import javax.enterprise.inject.Produces;
@@ -24,6 +25,7 @@ import javax.faces.context.FacesContext;
  *
  * @author Joern Muehlencord <joern at muehlencord.de>
  */
+@ApplicationScoped
 public class FacesContextProducer {
     
     @Produces
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/PermissionConstants.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/PermissionConstants.java
new file mode 100644
index 0000000..3970ff4
--- /dev/null
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/PermissionConstants.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2018 Joern Muehlencord <joern at muehlencord.de>.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package de.muehlencord.shared.account.web;
+
+import de.muehlencord.shared.account.business.application.boundary.ApplicationPermissions;
+import javax.enterprise.context.ApplicationScoped;
+import javax.inject.Named;
+
+/**
+ * TODO replace with omnifaces:importConstants currently problems with Netbeans
+ * to import omnifaces taglib
+ *
+ * @author Joern Muehlencord <joern at muehlencord.de>
+ */
+@Named(value = "permissionConstants")
+@ApplicationScoped
+public class PermissionConstants {
+
+    public String getApplicationListAll() {
+        return ApplicationPermissions.APP_LISTALL.getName();
+    }
+
+    public String getPermissionsCombined() {
+        return ApplicationPermissions.PERMISSION_ADD.getName() + ","
+                + ApplicationPermissions.PERMISSION_EDIT.getName() + ","
+                + ApplicationPermissions.PERMISSION_DELETE.getName();
+    }
+    
+    public String getRolesCombined() {
+        return ApplicationPermissions.ROLE_ADD.getName() + ","
+                + ApplicationPermissions.ROLE_EDIT.getName() + ","
+                + ApplicationPermissions.ROLE_DELETE.getName();
+    }    
+
+}
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/AccountView.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/AccountView.java
index 89d16a6..f634d61 100644
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/AccountView.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/AccountView.java
@@ -6,7 +6,7 @@ import de.muehlencord.shared.account.business.account.entity.AccountEntity;
 import de.muehlencord.shared.account.business.account.entity.AccountException;
 import de.muehlencord.shared.account.business.account.entity.AccountLoginEntity;
 import de.muehlencord.shared.account.business.account.entity.AccountStatus;
-import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity;
+import de.muehlencord.shared.account.business.application.entity.ApplicationRoleEntity;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
 import de.muehlencord.shared.jeeutil.FacesUtil;
 import java.io.Serializable;
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/ApplicationView.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/ApplicationView.java
index 5e03dd3..b27c96f 100644
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/ApplicationView.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/ApplicationView.java
@@ -2,9 +2,12 @@ package de.muehlencord.shared.account.web.presentation;
 
 import de.muehlencord.shared.account.business.application.boundary.ApplicationService;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
+import de.muehlencord.shared.account.util.AccountSecurityException;
 import de.muehlencord.shared.jeeutil.FacesUtil;
 import java.io.Serializable;
+import java.util.ArrayList;
 import java.util.List;
+import java.util.Locale;
 import javax.annotation.PostConstruct;
 import javax.annotation.PreDestroy;
 import javax.inject.Named;
@@ -27,6 +30,9 @@ public class ApplicationView implements Serializable {
     @Inject
     ApplicationService applicationService;
 
+    @Inject
+    Locale locale;
+
     private ApplicationEntity currentApplication = null;
     private ApplicationEntity editApplication = null;
     private List<ApplicationEntity> applicationList = null;
@@ -39,21 +45,32 @@ public class ApplicationView implements Serializable {
             currentApplication = applicationList.get(0);
         }
         if (LOGGER.isDebugEnabled()) {
-            LOGGER.debug("post construct executed"); 
-        }                
+            LOGGER.debug("post construct executed");
+        }
     }
-    
+
     @PreDestroy
     public void predestroy() {
         if (LOGGER.isDebugEnabled()) {
-            LOGGER.debug("Predestroy executed"); 
-        }        
-        
+            LOGGER.debug("Predestroy executed");
+        }
+
     }
 
     public List<ApplicationEntity> getAllApplications() {
         if (applicationList == null) {
-            applicationList = applicationService.getAllApplications();
+            try {
+                applicationList = applicationService.getAllApplications();
+                return applicationList;
+            } catch (AccountSecurityException ex) {
+                if (LOGGER.isDebugEnabled()) {
+                    LOGGER.debug(ex.toString(), ex);
+                } else {
+                    LOGGER.error(ex.toString());
+                }
+                FacesUtil.addGlobalErrorMessage("Error " + ex.getErrorCode(), ex.getLocalizedMessage(locale));
+                return new ArrayList<>();
+            }
         }
         return applicationList;
     }
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/PermissionView.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/PermissionView.java
index 292a624..5a0c91f 100644
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/PermissionView.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/PermissionView.java
@@ -16,7 +16,7 @@
 package de.muehlencord.shared.account.web.presentation;
 
 import de.muehlencord.shared.account.business.account.entity.AccountException;
-import de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity;
+import de.muehlencord.shared.account.business.application.entity.ApplicationPermissionEntity;
 import de.muehlencord.shared.account.business.application.control.ApplicationPermissionControl;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
 import de.muehlencord.shared.jeeutil.FacesUtil;
@@ -61,7 +61,7 @@ public class PermissionView implements Serializable {
                 FacesUtil.addErrorMessage("editDialogMessages", "Error", "Permission name must not be null");
             } else {
                 if (currentPermission.getId() == null) {
-                    applicationPermissionService.create(applicationView.getCurrentApplication(), newPermissionName, newPermissionName);
+                    applicationPermissionService.create(applicationView.getCurrentApplication(), newPermissionName, newPermissionDescription);
                     FacesUtil.addGlobalInfoMessage("Info", "Permission " + newPermissionName + " created");
                 } else {
                     applicationPermissionService.update(currentPermission);
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/RoleView.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/RoleView.java
index 63030d1..d69937b 100644
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/RoleView.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/RoleView.java
@@ -17,8 +17,8 @@ package de.muehlencord.shared.account.web.presentation;
 
 import de.muehlencord.shared.account.business.application.control.ApplicationRoleControl;
 import de.muehlencord.shared.account.business.account.entity.AccountException;
-import de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity;
-import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity;
+import de.muehlencord.shared.account.business.application.entity.ApplicationPermissionEntity;
+import de.muehlencord.shared.account.business.application.entity.ApplicationRoleEntity;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
 import de.muehlencord.shared.jeeutil.FacesUtil;
 import java.io.Serializable;
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationRoleNameValidator.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationRoleNameValidator.java
index 5f21451..095c7be 100644
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationRoleNameValidator.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationRoleNameValidator.java
@@ -1,57 +1,68 @@
-package de.muehlencord.shared.account.web.presentation;
-
-import de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity;
-import de.muehlencord.shared.account.business.application.control.ApplicationRoleControl;
-import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
-import de.muehlencord.shared.account.util.AccountPU;
-import java.io.Serializable;
-import javax.ejb.EJB;
-import javax.faces.application.FacesMessage;
-import javax.faces.component.UIComponent;
-import javax.faces.context.FacesContext;
-import javax.faces.validator.FacesValidator;
-import javax.faces.validator.Validator;
-import javax.faces.validator.ValidatorException;
-import javax.inject.Inject;
-import javax.persistence.EntityManager;
-
-/**
- *
- * @author Joern Muehlencord <joern at muehlencord.de>
- */
-@FacesValidator("uniqueApplicationRoleNameValidator")
-public class UniqueApplicationRoleNameValidator implements Validator, Serializable {
-
-    private static final long serialVersionUID = 8165013107453616719L;
-
-    @Inject
-    @AccountPU
-    EntityManager em;
-
-    @Inject
-    ApplicationRoleControl applicationRoleControl;
-
-    @Override
-    public void validate(FacesContext context, UIComponent component, Object value) throws ValidatorException {
-        Object applicationObj = component.getAttributes().get("application");
-        if ((applicationObj != null) && (applicationObj instanceof ApplicationEntity)) {
-            ApplicationEntity application = (ApplicationEntity) applicationObj;
-            if (value == null) {
-                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Role name invalid", "Role name must not be empty"));
-            }
-            if (value instanceof String) {
-                String roleName = (String) value;
-                ApplicationRoleEntity existingRole = applicationRoleControl.findByName(application, roleName);
-                if (existingRole != null) {
-                    throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Role name invalid", "Role already exists"));
-                }
-            } else {
-                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Role name invalid", "Role name must be a string value"));
-                // TODO add IPRS logger - someone is trying to cheat 
-            }
-        } else {
-            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Application not set", "Permission name cannot be set if application is unknown"));
-        }
-    }
-
-}
+package de.muehlencord.shared.account.web.presentation;
+
+import de.muehlencord.shared.account.business.application.entity.ApplicationRoleEntity;
+import de.muehlencord.shared.account.business.application.control.ApplicationRoleControl;
+import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
+import de.muehlencord.shared.account.util.AccountPU;
+import java.io.Serializable;
+import java.util.UUID;
+import javax.faces.application.FacesMessage;
+import javax.faces.component.UIComponent;
+import javax.faces.component.UIInput;
+import javax.faces.context.FacesContext;
+import javax.faces.validator.FacesValidator;
+import javax.faces.validator.Validator;
+import javax.faces.validator.ValidatorException;
+import javax.inject.Inject;
+import javax.persistence.EntityManager;
+
+/**
+ *
+ * @author Joern Muehlencord <joern at muehlencord.de>
+ */
+@FacesValidator("uniqueApplicationRoleNameValidator")
+public class UniqueApplicationRoleNameValidator implements Validator, Serializable {
+
+    private static final long serialVersionUID = 8165013107453616719L;
+
+    @Inject
+    @AccountPU
+    EntityManager em;
+
+    @Inject
+    ApplicationRoleControl applicationRoleControl;
+
+    @Override
+    public void validate(FacesContext context, UIComponent component, Object value) throws ValidatorException {
+
+        Object oldRoleNameObj = ((UIInput) component).getValue();
+        String oldRoleName = "";
+        if (oldRoleNameObj != null) {
+            oldRoleName = oldRoleNameObj.toString();
+        }
+
+        Object applicationObj = component.getAttributes().get("application");
+        if ((applicationObj != null) && (applicationObj instanceof ApplicationEntity)) {
+            ApplicationEntity application = (ApplicationEntity) applicationObj;
+            if (value == null) {
+                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Role name invalid", "Role name must not be empty"));
+            }
+            if (value instanceof String) {
+                String roleName = (String) value;
+                ApplicationRoleEntity existingRole = applicationRoleControl.findByName(application, roleName);
+                if (existingRole != null) {
+                    if (!oldRoleName.equals(roleName)) {
+                        // name of role changed and there is another role with the new name already  --> this must not happen
+                        throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Role name invalid", "Role already exists"));
+                    }
+                }
+            } else {
+                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Role name invalid", "Role name must be a string value"));
+                // TODO add IPRS logger - someone is trying to cheat 
+            }
+        } else {
+            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Application not set", "Permission name cannot be set if application is unknown"));
+        }
+    }
+
+}
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationValidator.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationValidator.java
index 4010e71..52c8f11 100644
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationValidator.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniqueApplicationValidator.java
@@ -3,8 +3,10 @@ package de.muehlencord.shared.account.web.presentation;
 import de.muehlencord.shared.account.business.application.boundary.ApplicationService;
 import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
 import java.io.Serializable;
+import java.util.UUID;
 import javax.faces.application.FacesMessage;
 import javax.faces.component.UIComponent;
+import javax.faces.component.UIInput;
 import javax.faces.context.FacesContext;
 import javax.faces.validator.FacesValidator;
 import javax.faces.validator.Validator;
@@ -28,6 +30,13 @@ public class UniqueApplicationValidator implements Validator, Serializable {
 
     @Override
     public void validate(FacesContext context, UIComponent component, Object value) throws ValidatorException {
+
+        Object oldAppNameObj = ((UIInput) component).getValue();
+        String oldAppName = "";
+        if (oldAppNameObj != null) {
+            oldAppName = oldAppNameObj.toString();
+        }
+
         if (value == null) {
             throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Application name invalid", "Application name must not be empty"));
         }
@@ -35,7 +44,11 @@ public class UniqueApplicationValidator implements Validator, Serializable {
             String applicationname = (String) value;
             ApplicationEntity existingApplication = applicationService.findByApplicationName(applicationname);
             if (existingApplication != null) {
-                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Application name invalid", "Application already exists"));
+                if (!oldAppName.equals(applicationname)) {
+                    // name of application changed and there is another application with the new 
+                    // name already  --> this must not happen
+                    throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Application name invalid", "Application already exists"));
+                }
             }
             LOGGER.info("Name = {}", applicationname);
         } else {
diff --git a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniquePermissionNameValidator.java b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniquePermissionNameValidator.java
index 8acc600..36be332 100644
--- a/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniquePermissionNameValidator.java
+++ b/account-ui/src/main/java/de/muehlencord/shared/account/web/presentation/UniquePermissionNameValidator.java
@@ -1,60 +1,68 @@
-package de.muehlencord.shared.account.web.presentation;
-
-import de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity;
-import de.muehlencord.shared.account.business.application.control.ApplicationPermissionControl;
-import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
-import de.muehlencord.shared.account.util.AccountPU;
-import java.io.Serializable;
-import javax.faces.application.FacesMessage;
-import javax.faces.component.UIComponent;
-import javax.faces.context.FacesContext;
-import javax.faces.validator.FacesValidator;
-import javax.faces.validator.Validator;
-import javax.faces.validator.ValidatorException;
-import javax.inject.Inject;
-import javax.persistence.EntityManager;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-/**
- *
- * @author Joern Muehlencord <joern at muehlencord.de>
- */
-@FacesValidator("uniquePermissionNameValidator")
-public class UniquePermissionNameValidator implements Validator, Serializable {
-
-    private static final long serialVersionUID = 2526409681909574670L;
-    private static final Logger LOGGER = LoggerFactory.getLogger(UniquePermissionNameValidator.class);
-
-    @Inject
-    @AccountPU
-    EntityManager em;
-
-    @Inject
-    ApplicationPermissionControl applicationPermissionControl;
-
-    @Override
-    public void validate(FacesContext context, UIComponent component, Object value) throws ValidatorException {
-        Object applicationObj = component.getAttributes().get("application");
-        if ((applicationObj != null) && (applicationObj instanceof ApplicationEntity)) {
-            ApplicationEntity application = (ApplicationEntity) applicationObj;
-            if (value == null) {
-                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Permission name invalid", "Permission name must not be empty"));
-            }
-            if (value instanceof String) {
-                String permissionName = (String) value;
-                ApplicationPermissionEntity existingPermission = applicationPermissionControl.findPermissionByName(application, permissionName);
-                if (existingPermission != null) {
-                    throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Permission name invalid", "Permission already exists"));
-                }
-            } else {
-                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Permission name invalid", "Permission name must be a string value"));
-                // TODO add IPRS logger - someone is trying to cheat 
-            }
-        } else {
-            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Application not set", "Permission name cannot be set if application is unknown"));
-        }
-
-    }
-
-}
+package de.muehlencord.shared.account.web.presentation;
+
+import de.muehlencord.shared.account.business.application.entity.ApplicationPermissionEntity;
+import de.muehlencord.shared.account.business.application.control.ApplicationPermissionControl;
+import de.muehlencord.shared.account.business.application.entity.ApplicationEntity;
+import de.muehlencord.shared.account.util.AccountPU;
+import java.io.Serializable;
+import javax.faces.application.FacesMessage;
+import javax.faces.component.UIComponent;
+import javax.faces.component.UIInput;
+import javax.faces.context.FacesContext;
+import javax.faces.validator.FacesValidator;
+import javax.faces.validator.Validator;
+import javax.faces.validator.ValidatorException;
+import javax.inject.Inject;
+import javax.persistence.EntityManager;
+
+/**
+ *
+ * @author Joern Muehlencord <joern at muehlencord.de>
+ */
+@FacesValidator("uniquePermissionNameValidator")
+public class UniquePermissionNameValidator implements Validator, Serializable {
+
+    private static final long serialVersionUID = 2526409681909574670L;
+
+    @Inject
+    @AccountPU
+    EntityManager em;
+
+    @Inject
+    ApplicationPermissionControl applicationPermissionControl;
+
+    @Override
+    public void validate(FacesContext context, UIComponent component, Object value) throws ValidatorException {
+
+        Object oldPermissionNameObj = ((UIInput) component).getValue();
+        String oldPermissionName = "";
+        if (oldPermissionNameObj != null) {
+            oldPermissionName = oldPermissionNameObj.toString();
+        }
+
+        Object applicationObj = component.getAttributes().get("application");
+        if ((applicationObj != null) && (applicationObj instanceof ApplicationEntity)) {
+            ApplicationEntity application = (ApplicationEntity) applicationObj;
+            if (value == null) {
+                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Permission name invalid", "Permission name must not be empty"));
+            }
+            if (value instanceof String) {
+                String permissionName = (String) value;
+                ApplicationPermissionEntity existingPermission = applicationPermissionControl.findPermissionByName(application, permissionName);
+                if (existingPermission != null) {
+                    if ((!oldPermissionName.equals (permissionName))) {
+                        // name of permission changed and there is another permission with the new 
+                        // name already  --> this must not happen
+                        throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Permission name invalid", "Permission already exists"));
+                    }
+                }
+            } else {
+                throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Permission name invalid", "Permission name must be a string value"));
+                // TODO add IPRS logger - someone is trying to cheat 
+            }
+        } else {
+            throw new ValidatorException(new FacesMessage(FacesMessage.SEVERITY_ERROR, "Application not set", "Permission name cannot be set if application is unknown"));
+        }
+    }
+
+}
diff --git a/account-ui/src/main/resources/META-INF/persistence.xml b/account-ui/src/main/resources/META-INF/persistence.xml
index 63351bc..8d4a14b 100644
--- a/account-ui/src/main/resources/META-INF/persistence.xml
+++ b/account-ui/src/main/resources/META-INF/persistence.xml
@@ -1,13 +1,14 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <persistence version="2.1" xmlns="http://xmlns.jcp.org/xml/ns/persistence" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence http://xmlns.jcp.org/xml/ns/persistence/persistence_2_1.xsd">
   <persistence-unit name="accountPu" transaction-type="JTA">
-    <jta-data-source>java:/jboss/accountDs</jta-data-source>    
+    <jta-data-source>java:/jboss/accountDs</jta-data-source>
     <class>de.muehlencord.shared.account.business.account.entity.AccountEntity</class>
     <class>de.muehlencord.shared.account.business.account.entity.AccountHistoryEntity</class>
     <class>de.muehlencord.shared.account.business.account.entity.AccountLoginEntity</class>
-    <class>de.muehlencord.shared.account.business.account.entity.ApplicationPermissionEntity</class>
-    <class>de.muehlencord.shared.account.business.account.entity.ApplicationRoleEntity</class>
+    <class>de.muehlencord.shared.account.business.account.entity.ApiKeyEntity</class>
     <class>de.muehlencord.shared.account.business.application.entity.ApplicationEntity</class>
+    <class>de.muehlencord.shared.account.business.application.entity.ApplicationPermissionEntity</class>
+    <class>de.muehlencord.shared.account.business.application.entity.ApplicationRoleEntity</class>
     <class>de.muehlencord.shared.account.business.config.entity.ConfigEntity</class>
     <class>de.muehlencord.shared.account.business.mail.entity.MailTemplateEntity</class>
     <exclude-unlisted-classes>true</exclude-unlisted-classes>
@@ -15,7 +16,7 @@
     <validation-mode>NONE</validation-mode>
     <properties>
       <property name="hibernate.dialect" value="org.hibernate.dialect.PostgreSQL94Dialect"/>
-      <property name="hibernate.show_sql" value="true"/>
+      <property name="hibernate.show_sql" value="false"/>
       <property name="hibernate.cache.use_second_level_cache" value="true"/>
       <property name="hibernate.cache.use_query_cache" value="true"/>
     </properties>
diff --git a/account-ui/src/main/resources/admin-config.properties b/account-ui/src/main/resources/admin-config.properties
index d3b40dd..4b4d3c0 100644
--- a/account-ui/src/main/resources/admin-config.properties
+++ b/account-ui/src/main/resources/admin-config.properties
@@ -1,5 +1,5 @@
 admin.loginPage=/login.xhtml 
-admin.indexPage=/web/account.xhtml 
+admin.indexPage=/web/index.xhtml 
 #admin.dateFormat= 
 #admin.breadcrumbSize=5
 admin.renderMessages=true
diff --git a/account-ui/src/main/webapp/WEB-INF/shiro.ini b/account-ui/src/main/webapp/WEB-INF/shiro.ini
index d9288a8..a47f5aa 100644
--- a/account-ui/src/main/webapp/WEB-INF/shiro.ini
+++ b/account-ui/src/main/webapp/WEB-INF/shiro.ini
@@ -1,62 +1,62 @@
-[main]
-
-# Context factory required for LDAP
-${shiro.contextFactory}
-
-cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
-securityManager.cacheManager = $cacheManager
-
-# DataSource Setup
-datasource = org.apache.shiro.jndi.JndiObjectFactory
-datasource.resourceName = java:/jboss/accountDs 
-datasource.resourceRef = true
-
-# HashService
-hashService = org.apache.shiro.crypto.hash.DefaultHashService
-hashService.hashIterations = 500000
-hashService.hashAlgorithmName = SHA-512
-hashService.generatePublicSalt = true
-
-# Password service
-passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
-passwordService.hashService = $hashService
-
-# Required password matcher
-${shiro.passwordMatcher}
-
-# LDAP Realm setup
-${shiro.ldapRealm}
-
-# JDBC Realm setup
-jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
-jdbcRealm.permissionsLookupEnabled=false
-# jdbcRealm.authenticationQuery = select al.account_password from account a, account_login al where al.account = a.id and a.username = ? and status not in ('LOCKED','DELETED')
-jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ?
-jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
-jdbcRealm.credentialsMatcher = $passwordMatcher
-jdbcRealm.dataSource = $datasource
-
-# Activate realms
-authcStrategy  = ${shiro.authcStrategy}
-securityManager.realms = ${shiro.realms}
-securityManager.authenticator.authenticationStrategy = $authcStrategy
-
-# Setup authentication filter
-authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
-authc.loginUrl = /login.xhtml
-authc.successUrl  = /web/account.xhtml
-
-roles.unauthorizedUrl = /error/accessDenied.xhtml
-
-#
-# filter setup 
-#
-[urls]
-/public/**=anon
-/resources/**=anon
-/fonts/**=anon
-/javax.faces.resource/**=anon
-/login.xhtml=authc
-/logout.xhtml=logout
-/**=authc
-# /web/**=authc
+[main]
+
+# Context factory required for LDAP
+${shiro.contextFactory}
+
+cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
+securityManager.cacheManager = $cacheManager
+
+# DataSource Setup
+datasource = org.apache.shiro.jndi.JndiObjectFactory
+datasource.resourceName = java:/jboss/accountDs 
+datasource.resourceRef = true
+
+# HashService
+hashService = org.apache.shiro.crypto.hash.DefaultHashService
+hashService.hashIterations = 500000
+hashService.hashAlgorithmName = SHA-512
+hashService.generatePublicSalt = true
+
+# Password service
+passwordService = org.apache.shiro.authc.credential.DefaultPasswordService
+passwordService.hashService = $hashService
+
+# Required password matcher
+${shiro.passwordMatcher}
+
+# LDAP Realm setup
+${shiro.ldapRealm}
+
+# JDBC Realm setup
+jdbcRealm = org.apache.shiro.realm.jdbc.JdbcRealm
+jdbcRealm.permissionsLookupEnabled=true
+jdbcRealm.authenticationQuery = SELECT accl.account_password from account acc, account_login accl, account_role accr, application_role appr WHERE accl.account = acc.id AND acc.id = accr.account AND accr.account_role = appr.id AND appr.application = '143a2bd3-7e0b-4162-a76e-3031331c7dfe' AND acc.status not in ('LOCKED','DELETED') AND acc.username = ?
+jdbcRealm.userRolesQuery = select r.role_name from application_role r, account_role ar, account a WHERE a.username = ? AND a.id = ar.account AND ar.account_role = r.id
+jdbcRealm.permissionsQuery = select permission_name from application_role appr, role_permission rp, application_permission appp WHERE appr.role_name = ? AND appr.application = '${applicationUuid}' AND rp.application_role = appr.id AND rp.role_permission = appp.id
+jdbcRealm.credentialsMatcher = $passwordMatcher
+jdbcRealm.dataSource = $datasource
+
+# Activate realms
+authcStrategy  = ${shiro.authcStrategy}
+securityManager.realms = ${shiro.realms}
+securityManager.authenticator.authenticationStrategy = $authcStrategy
+
+# Setup authentication filter
+authc = de.muehlencord.shirofaces.filter.FacesAjaxAwarePassThruAuthenticationFilter
+authc.loginUrl = /login.xhtml
+authc.successUrl  = /web/index.xhtml
+
+roles.unauthorizedUrl = /error/accessDenied.xhtml
+
+#
+# filter setup 
+#
+[urls]
+/public/**=anon
+/resources/**=anon
+/fonts/**=anon
+/javax.faces.resource/**=anon
+/login.xhtml=authc
+/logout.xhtml=logout
+/**=authc
+# /web/**=authc
diff --git a/account-ui/src/main/webapp/WEB-INF/web.xml b/account-ui/src/main/webapp/WEB-INF/web.xml
index 6fb534b..85faa06 100644
--- a/account-ui/src/main/webapp/WEB-INF/web.xml
+++ b/account-ui/src/main/webapp/WEB-INF/web.xml
@@ -36,7 +36,7 @@
         </session-timeout>
     </session-config>
     <welcome-file-list>
-        <welcome-file>web/account.xhtml</welcome-file>
+        <welcome-file>web/index.xhtml</welcome-file>
     </welcome-file-list>
     <!-- Shiro Web Environment -->
     <listener>
diff --git a/account-ui/src/main/webapp/login.xhtml b/account-ui/src/main/webapp/login.xhtml
index 5c4b639..5972e7b 100644
--- a/account-ui/src/main/webapp/login.xhtml
+++ b/account-ui/src/main/webapp/login.xhtml
@@ -1,96 +1,96 @@
-<?xml version='1.0' encoding='UTF-8' ?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml"
-      xmlns:h="http://java.sun.com/jsf/html"
-      xmlns:f="http://java.sun.com/jsf/core"
-      xmlns:p="http://primefaces.org/ui">
-    <h:head>
-        <title>Login Page</title>
-        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-        <link rel="shortcut icon" href="#{resource['images/favicon/favicon.ico']}" />
-        <h:outputStylesheet name="css/admin.css" />
-
-        <style type="text/css">
-            /* below css hides growls in small screens and makes messages visible */
-            @media (max-width: 768px) {
-
-                body div.ui-growl {
-                    display: none;
-                }
-
-                body div.ui-messages {
-                    display: block;
-                }
-            }
-            /* below css hides messages in medium/big devices and makes growl visible in such devices */
-            @media (min-width: 769px) {
-                body div.ui-growl {
-                    display: block;
-                }
-                body div.ui-messages {
-                    display: none;
-                }
-            }
-            body.login-page {
-                background-color: transparent;
-            }
-            html {
-                background: url(#{resource[ 'images:login-bg.png' ]}) no-repeat center center fixed;
-                -webkit-background-size: cover;
-                -moz-background-size: cover;
-                -o-background-size: cover;
-                background-size: cover;
-            }
-        </style>        
-
-    </h:head>
-    <h:body styleClass="hold-transition login-page">
-        <p:growl sticky="true">
-            <p:autoUpdate />
-        </p:growl>
-        <div id="loader" class="load-bar" style="display: none">
-            <div class="bar"></div>
-            <div class="bar"></div>
-            <div class="bar"></div>
-        </div>
-
-        <div class="login-box">
-            <div class="login-logo">
-                <p:link href="/web/account.xhtml"><b>Account&nbsp;</b>Management</p:link>  
-                <h:outputLabel rendered="#{instanceView.developmentVersion}" value="#{instanceView.instanceName}" />
-            </div>
-            <!-- /.login-logo -->
-            <div class="box login-box-body">
-                <h:form>
-                    <p:focus context="panel" for="username" />
-
-                    <p class="login-box-msg">Sign in to start your session</p>
-                    <p:messages closable="true" />
-
-
-                    <div id="panel" class="form-group has-feedback">
-                        <p:inputText id="username" value="#{loginView.username}" styleClass="form-control" placeholder="Username"
-                                     required="true" autocomplete="off"
-                                     requiredMessage="Username is required."/>
-                        <i class="fa fa-user form-control-feedback"></i>
-                    </div>
-                    <div class="form-group has-feedback">
-                        <p:inputText value="#{loginView.password}" type="password" styleClass="form-control"
-                                     placeholder="Password" required="true" autocomplete="off" size="40"
-                                     requiredMessage="Password is required."/>
-                        <i class="fa fa-lock form-control-feedback" style="font-size: 18px" ></i>
-                    </div>
-                    <div class="row">
-                        <p:spacer height="10"/>
-                        <div class="col-xs-12">
-                            <p:commandButton styleClass="btn btn-success btn-block" onclick="showBar()"
-                                             action="#{loginView.authenticate}" oncomplete="if(args.validationFailed) { hideBar()}"
-                                             value="Sign In" process="@form" update="@form" icon="fa fa-sign-in" iconPos="left"/>
-                        </div>                        
-                    </div>                    
-                </h:form>                            
-            </div>
-            <!-- /.login-box-body -->
-        </div>                
-    </h:body>
+<?xml version='1.0' encoding='UTF-8' ?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:h="http://java.sun.com/jsf/html"
+      xmlns:f="http://java.sun.com/jsf/core"
+      xmlns:p="http://primefaces.org/ui">
+    <h:head>
+        <title>Login Page</title>
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+        <link rel="shortcut icon" href="#{resource['images/favicon/favicon.ico']}" />
+        <h:outputStylesheet name="css/admin.css" />
+
+        <style type="text/css">
+            /* below css hides growls in small screens and makes messages visible */
+            @media (max-width: 768px) {
+
+                body div.ui-growl {
+                    display: none;
+                }
+
+                body div.ui-messages {
+                    display: block;
+                }
+            }
+            /* below css hides messages in medium/big devices and makes growl visible in such devices */
+            @media (min-width: 769px) {
+                body div.ui-growl {
+                    display: block;
+                }
+                body div.ui-messages {
+                    display: none;
+                }
+            }
+            body.login-page {
+                background-color: transparent;
+            }
+            html {
+                background: url(#{resource[ 'images:login-bg.png' ]}) no-repeat center center fixed;
+                -webkit-background-size: cover;
+                -moz-background-size: cover;
+                -o-background-size: cover;
+                background-size: cover;
+            }
+        </style>        
+
+    </h:head>
+    <h:body styleClass="hold-transition login-page">
+        <p:growl sticky="true">
+            <p:autoUpdate />
+        </p:growl>
+        <div id="loader" class="load-bar" style="display: none">
+            <div class="bar"></div>
+            <div class="bar"></div>
+            <div class="bar"></div>
+        </div>
+
+        <div class="login-box">
+            <div class="login-logo">
+                <p:link href="/web/accounts.xhtml"><b>Account&nbsp;</b>Management</p:link>  
+                <h:outputLabel rendered="#{instanceView.developmentVersion}" value="#{instanceView.instanceName}" />
+            </div>
+            <!-- /.login-logo -->
+            <div class="box login-box-body">
+                <h:form>
+                    <p:focus context="panel" for="username" />
+
+                    <p class="login-box-msg">Sign in to start your session</p>
+                    <p:messages closable="true" />
+
+
+                    <div id="panel" class="form-group has-feedback">
+                        <p:inputText id="username" value="#{loginView.username}" styleClass="form-control" placeholder="Username"
+                                     required="true" autocomplete="off"
+                                     requiredMessage="Username is required."/>
+                        <i class="fa fa-user form-control-feedback"></i>
+                    </div>
+                    <div class="form-group has-feedback">
+                        <p:inputText value="#{loginView.password}" type="password" styleClass="form-control"
+                                     placeholder="Password" required="true" autocomplete="off" size="40"
+                                     requiredMessage="Password is required."/>
+                        <i class="fa fa-lock form-control-feedback" style="font-size: 18px" ></i>
+                    </div>
+                    <div class="row">
+                        <p:spacer height="10"/>
+                        <div class="col-xs-12">
+                            <p:commandButton styleClass="btn btn-success btn-block" onclick="showBar()"
+                                             action="#{loginView.authenticate}" oncomplete="if(args.validationFailed) { hideBar()}"
+                                             value="Sign In" process="@form" update="@form" icon="fa fa-sign-in" iconPos="left"/>
+                        </div>                        
+                    </div>                    
+                </h:form>                            
+            </div>
+            <!-- /.login-box-body -->
+        </div>                
+    </h:body>
 </html>
\ No newline at end of file
diff --git a/account-ui/src/main/webapp/resources/template/leftmenu.xhtml b/account-ui/src/main/webapp/resources/template/leftmenu.xhtml
index e9d2625..1172c56 100644
--- a/account-ui/src/main/webapp/resources/template/leftmenu.xhtml
+++ b/account-ui/src/main/webapp/resources/template/leftmenu.xhtml
@@ -1,43 +1,58 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ui:composition xmlns="http://www.w3.org/1999/xhtml"
-                xmlns:h="http://java.sun.com/jsf/html"
-                xmlns:ui="http://java.sun.com/jsf/facelets"
-                xmlns:p="http://primefaces.org/ui"
-                xmlns:shiro="http://shiro.apache.org/tags">
-
-
-    <shiro:authenticated>
-        <ul class="sidebar-menu tree" data-widget="tree">
-            <li>
-                <p:link outcome="/web/index.xhtml">
-                    <i class="fa fa-tablet"></i>
-                    <span>Application</span>
-                </p:link>
-            </li>                  
-            <li>
-                <p:link outcome="/web/permissions.xhtml">
-                    <i class="fa fa-list-ul"></i>
-                    <span>Permissions</span>
-                </p:link>
-            </li>                 
-            <li>
-                <p:link outcome="/web/roles.xhtml">
-                    <i class="fa fa-circle"></i>
-                    <span>Roles</span>
-                </p:link>
-            </li>            
-            <li>
-                <p:link outcome="/web/account.xhtml">
-                    <i class="fa fa-user"></i>
-                    <span>Accounts</span>
-                </p:link>
-            </li>
-            <li>                
-                <p:commandLink target="/logout.xhtml" actionListener="#{loginView.logout}">
-                    <i class="fa fa-sign-out"></i>
-                    <span>Logout</span>
-                </p:commandLink>
-            </li>
-        </ul>
-    </shiro:authenticated>
-</ui:composition>
+<?xml version="1.0" encoding="UTF-8"?>
+<ui:composition xmlns="http://www.w3.org/1999/xhtml"
+                xmlns:ui="http://java.sun.com/jsf/facelets"
+                xmlns:p="http://primefaces.org/ui"              
+                xmlns:shiro="http://shiro.apache.org/tags">
+
+
+    <shiro:authenticated>
+        <ul class="sidebar-menu tree" data-widget="tree">
+
+            <li>                
+                <p:link outcome="/web/index.xhtml">
+                    <i class="fa fa-home"></i>
+                    <span>Home</span>
+                </p:link>
+            </li>                  
+
+            <shiro:hasPermission name="#{permissionConstants.applicationListAll}">
+                <li>
+                    <p:link outcome="/web/applications.xhtml">
+                        <i class="fa fa-tablet"></i>
+                        <span>Applications</span>
+                    </p:link>
+                </li>                              
+            </shiro:hasPermission>
+
+            <shiro:hasAnyPermission name="#{permissionConstants.permissionsCombined}">
+                <li>
+                    <p:link outcome="/web/permissions.xhtml">
+                        <i class="fa fa-list-ul"></i>
+                        <span>Permissions</span>
+                    </p:link>
+                </li>                 
+            </shiro:hasAnyPermission>
+
+            <shiro:hasAnyPermission name="#{permissionConstants.rolesCombined}">
+                <li>
+                    <p:link outcome="/web/roles.xhtml">
+                        <i class="fa fa-circle"></i>
+                        <span>Roles</span>
+                    </p:link>
+                </li>            
+            </shiro:hasAnyPermission>
+            <li>
+                <p:link outcome="/web/accounts.xhtml">
+                    <i class="fa fa-user"></i>
+                    <span>Accounts</span>
+                </p:link>
+            </li>
+            <li>                
+                <p:commandLink target="/logout.xhtml" actionListener="#{loginView.logout}">
+                    <i class="fa fa-sign-out"></i>
+                    <span>Logout</span>
+                </p:commandLink>
+            </li>
+        </ul>
+    </shiro:authenticated>
+</ui:composition>
diff --git a/account-ui/src/main/webapp/resources/template/template.xhtml b/account-ui/src/main/webapp/resources/template/template.xhtml
index 52892e3..e3d7889 100644
--- a/account-ui/src/main/webapp/resources/template/template.xhtml
+++ b/account-ui/src/main/webapp/resources/template/template.xhtml
@@ -19,7 +19,7 @@ limitations under the License.
                 xmlns:p="http://primefaces.org/ui"
                 template="/admin.xhtml"
                 xmlns:h="http://xmlns.jcp.org/jsf/html">
-
+    
     <ui:define name="head">
         <title>Account UI</title>
         <link rel="shortcut icon" href="#{resource['images/favicon/favicon.ico']}" />
diff --git a/account-ui/src/main/webapp/web/account.xhtml b/account-ui/src/main/webapp/web/accounts.xhtml
similarity index 62%
rename from account-ui/src/main/webapp/web/account.xhtml
rename to account-ui/src/main/webapp/web/accounts.xhtml
index 1978a6b..2a38fbe 100644
--- a/account-ui/src/main/webapp/web/account.xhtml
+++ b/account-ui/src/main/webapp/web/accounts.xhtml
@@ -19,104 +19,106 @@
     </ui:define>
 
     <ui:define name="body">
-        <h:form id="accountForm" prependId="false">           
-            <p:dataTable id="accountTable" value="#{accountView.accounts}" var="account" rowKey="#{account.username}" selectionMode="single" selection="#{accountView.currentAccount}"
-                         styleClass="box-primary">
-                <p:ajax event="rowSelect" update="buttonPanel" listener="#{accountView.selectAccount}" />
-                <p:ajax event="rowUnselect" update="buttonPanel" listener="#{accountView.unselectAccount}"  />
-                <p:column headerText="Username">
-                    <h:outputText value="#{account.username}" />
-                </p:column>
-                <p:column headerText="Lastname">
-                    <h:outputText value="#{account.lastname}" />
-                </p:column>
-                <p:column headerText="Firstname">
-                    <h:outputText value="#{account.firstname}" />
-                </p:column>
-                <p:column headerText="Email">
-                    <h:outputText value="#{account.emailaddress}" />
-                </p:column>
-                <p:column headerText="Status">
-                    <h:outputText value="#{account.status}" />
-                </p:column>
-                <p:column headerText="Can login" >
-                    <p:selectBooleanCheckbox id="canLogin" disabled="true" value="#{!empty account.accountLogin}" />
-                </p:column>                
-                <p:column headerText="CreatedOn">
-                    <h:outputText value="#{account.createdOn}" >
-                        <f:convertDateTime type="both" dateStyle="full" timeStyle="short" timeZone="Europe/Berlin"/>
-                    </h:outputText>
-                </p:column>
-                <p:column headerText="CreatedBy">
-                    <h:outputText value="#{account.createdBy}" />
-                </p:column>
-                <p:column headerText="LastUpdatedOn">                    
-                    <h:outputText value="#{account.lastUpdatedOn}">
-                        <f:convertDateTime type="both" dateStyle="full" timeStyle="short" timeZone="Europe/Berlin"/>
-                    </h:outputText>
-                </p:column>
-                <p:column headerText="LastUpdatedBy">
-                    <h:outputText value="#{account.lastUpdatedBy}" />
-                </p:column>   
-            </p:dataTable>
+        <p:panel styleClass="box-solid" rendered="#{! empty applicationView.currentApplication}">
+            <h:form id="accountForm" prependId="false">           
+                <p:dataTable id="accountTable" value="#{accountView.accounts}" var="account" rowKey="#{account.username}" selectionMode="single" selection="#{accountView.currentAccount}"
+                             styleClass="box-primary">
+                    <p:ajax event="rowSelect" update="buttonPanel" listener="#{accountView.selectAccount}" />
+                    <p:ajax event="rowUnselect" update="buttonPanel" listener="#{accountView.unselectAccount}"  />
+                    <p:column headerText="Username">
+                        <h:outputText value="#{account.username}" />
+                    </p:column>
+                    <p:column headerText="Lastname">
+                        <h:outputText value="#{account.lastname}" />
+                    </p:column>
+                    <p:column headerText="Firstname">
+                        <h:outputText value="#{account.firstname}" />
+                    </p:column>
+                    <p:column headerText="Email">
+                        <h:outputText value="#{account.emailaddress}" />
+                    </p:column>
+                    <p:column headerText="Status">
+                        <h:outputText value="#{account.status}" />
+                    </p:column>
+                    <p:column headerText="Can login" >
+                        <p:selectBooleanCheckbox id="canLogin" disabled="true" value="#{!empty account.accountLogin}" />
+                    </p:column>                
+                    <p:column headerText="CreatedOn">
+                        <h:outputText value="#{account.createdOn}" >
+                            <f:convertDateTime type="both" dateStyle="full" timeStyle="short" timeZone="Europe/Berlin"/>
+                        </h:outputText>
+                    </p:column>
+                    <p:column headerText="CreatedBy">
+                        <h:outputText value="#{account.createdBy}" />
+                    </p:column>
+                    <p:column headerText="LastUpdatedOn">                    
+                        <h:outputText value="#{account.lastUpdatedOn}">
+                            <f:convertDateTime type="both" dateStyle="full" timeStyle="short" timeZone="Europe/Berlin"/>
+                        </h:outputText>
+                    </p:column>
+                    <p:column headerText="LastUpdatedBy">
+                        <h:outputText value="#{account.lastUpdatedBy}" />
+                    </p:column>   
+                </p:dataTable>
 
-            <p:spacer height="10px" />
-            <p:panel id="buttonPanel" styleClass="box-primary"  style="margin-bottom:20px">
-                <div class="ui-g ui-fluid">
-                    <div class="col-sm-12 col-md-4" style="margin-top:10px">
-                        <div class="ui-inputgroup" >
-                            <h:outputLabel for="includeDisabledCheckbox" value="Include disabled accounts?" />
-                            <p:inputSwitch id="includeDisabledCheckbox" value="#{accountView.showDisabledAccounts}" styleClass="btn-teal btn-block"  >
-                                <p:ajax listener="#{accountView.showDisabledAccountsChange}" update="accountTable" />
-                            </p:inputSwitch>
+                <p:spacer height="10px" />
+                <p:panel id="buttonPanel" styleClass="box-primary"  style="margin-bottom:20px">
+                    <div class="ui-g ui-fluid">
+                        <div class="col-sm-12 col-md-4" style="margin-top:10px">
+                            <div class="ui-inputgroup" >
+                                <h:outputLabel for="includeDisabledCheckbox" value="Include disabled accounts?" />
+                                <p:inputSwitch id="includeDisabledCheckbox" value="#{accountView.showDisabledAccounts}" styleClass="btn-teal btn-block"  >
+                                    <p:ajax listener="#{accountView.showDisabledAccountsChange}" update="accountTable" />
+                                </p:inputSwitch>
+                            </div>
                         </div>
-                    </div>
 
-                    <div class="col-sm-12 col-md-2">
-                        <p:commandButton value="New" id="newButton" icon="fa fa-plus" 
-                                         update="editDialog" oncomplete="PF('editDialogVar').show();"
-                                         actionListener="#{accountView.newAccount}" styleClass="btn-primary btn-block" />
-                    </div>
-                    <div class="col-sm-12 col-md-2">
-                        <p:commandButton value="Edit" id="editButton" icon="fa fa-pencil" 
-                                         update="editDialog" oncomplete="PF('editDialogVar').show();"
-                                         actionListener="#{accountView.editAccount}" disabled="#{!accountView.accountSelected}" styleClass="btn-teal btn-block" />
-                    </div>                    
-                    <div class="col-sm-12 col-md-2">
-                        <p:commandButton value="Delete" id="deleteButton" icon="fa fa-trash-o"
-                                         update=":accountForm:accountTable" action="#{accountView.deleteAccount}" disabled="#{accountView.accountSelected eq false or accountView.currentLoggedInUser eq true}" styleClass="btn-danger btn-block">
-                            <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
-                        </p:commandButton>
-                    </div>
-
-                    <div class="col-sm-12 col-md-2">
-                        <c:if test="#{empty accountView.currentAccount.accountLogin}">
-                            <p:commandButton value="Add login" id="addLoginButton" icon="fa fa-plus" disabled="#{!accountView.accountSelected}"
-                                             update="editLoginDialog" oncomplete="PF('editLoginDialogVar').show();"
-                                             action="#{accountView.addAccountLogin}" styleClass="btn-teal btn-block">
+                        <div class="col-sm-12 col-md-2">
+                            <p:commandButton value="New" id="newButton" icon="fa fa-plus" 
+                                             update="editDialog" oncomplete="PF('editDialogVar').show();"
+                                             actionListener="#{accountView.newAccount}" styleClass="btn-primary btn-block" />
+                        </div>
+                        <div class="col-sm-12 col-md-2">
+                            <p:commandButton value="Edit" id="editButton" icon="fa fa-pencil" 
+                                             update="editDialog" oncomplete="PF('editDialogVar').show();"
+                                             actionListener="#{accountView.editAccount}" disabled="#{!accountView.accountSelected}" styleClass="btn-teal btn-block" />
+                        </div>                    
+                        <div class="col-sm-12 col-md-2">
+                            <p:commandButton value="Delete" id="deleteButton" icon="fa fa-trash-o"
+                                             update=":accountForm:accountTable" action="#{accountView.deleteAccount}" disabled="#{accountView.accountSelected eq false or accountView.currentLoggedInUser eq true}" styleClass="btn-danger btn-block">
+                                <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
                             </p:commandButton>
-                        </c:if>
-                        <c:if test="#{!empty accountView.currentAccount.accountLogin}">
-                            <p:splitButton value="Edit login" id="editLoginButton" icon="fa fa-pencil" disabled="#{!accountView.accountSelected}"
-                                           update="editLoginDialog" oncomplete="PF('editLoginDialogVar').show();"
-                                           action="#{accountView.editAccountLogin}" styleClass="btn-success btn-block">
+                        </div>
 
-                                <p:menuitem value="Delete login" icon="fa fa-trash-o"  disabled="#{accountView.currentLoggedInUser}"
-                                            update="accountTable,buttonPanel" styleClass="btn-danger btn-block"
-                                            action="#{accountView.deleteAccountLogin}" >
+                        <div class="col-sm-12 col-md-2">
+                            <c:if test="#{empty accountView.currentAccount.accountLogin}">
+                                <p:commandButton value="Add login" id="addLoginButton" icon="fa fa-plus" disabled="#{!accountView.accountSelected}"
+                                                 update="editLoginDialog" oncomplete="PF('editLoginDialogVar').show();"
+                                                 action="#{accountView.addAccountLogin}" styleClass="btn-teal btn-block">
+                                </p:commandButton>
+                            </c:if>
+                            <c:if test="#{!empty accountView.currentAccount.accountLogin}">
+                                <p:splitButton value="Edit login" id="editLoginButton" icon="fa fa-pencil" disabled="#{!accountView.accountSelected}"
+                                               update="editLoginDialog" oncomplete="PF('editLoginDialogVar').show();"
+                                               action="#{accountView.editAccountLogin}" styleClass="btn-success btn-block">
 
-                                    <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
-                                </p:menuitem>
-                            </p:splitButton>                        
-                        </c:if>
-                    </div>
-                </div>                    
-            </p:panel>
+                                    <p:menuitem value="Delete login" icon="fa fa-trash-o"  disabled="#{accountView.currentLoggedInUser}"
+                                                update="accountTable,buttonPanel" styleClass="btn-danger btn-block"
+                                                action="#{accountView.deleteAccountLogin}" >
+
+                                        <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
+                                    </p:menuitem>
+                                </p:splitButton>                        
+                            </c:if>
+                        </div>
+                    </div>                    
+                </p:panel>
 
 
 
-            <composite:confirmationDialog />
-        </h:form>
+                <composite:confirmationDialog />
+            </h:form>
+        </p:panel>
 
 
         <p:dialog id="editDialog" widgetVar="editDialogVar" header="Edit account" width="600"
diff --git a/account-ui/src/main/webapp/web/applications.xhtml b/account-ui/src/main/webapp/web/applications.xhtml
new file mode 100644
index 0000000..66018b0
--- /dev/null
+++ b/account-ui/src/main/webapp/web/applications.xhtml
@@ -0,0 +1,84 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<ui:composition xmlns="http://www.w3.org/1999/xhtml"
+                xmlns:ui="http://java.sun.com/jsf/facelets"
+                xmlns:p="http://primefaces.org/ui"
+                template="/resources/template/template.xhtml"
+                xmlns:h="http://xmlns.jcp.org/jsf/html"
+                xmlns:f="http://xmlns.jcp.org/jsf/core"
+                xmlns:co="http://java.sun.com/jsf/composite/composite"
+                xmlns:c="http://xmlns.jcp.org/jsp/jstl/core"
+                xmlns:composite="http://xmlns.jcp.org/jsf/composite/composite">
+
+    <ui:define name="title">
+        Applications
+    </ui:define>
+
+    <ui:define name="body" >
+
+        <p:panel styleClass="box-solid" rendered="#{! empty applicationView.currentApplication}">
+            <h:form id="applicationForm" prependId="false">           
+
+                <div class="ui-g ui-fluid">
+                    <div class="col-sm-12 col-md-6">
+                        <p:selectOneMenu id="applicationSelect" value="#{applicationView.currentApplication}" converter="omnifaces.SelectItemsConverter" required="true">
+                            <f:selectItems value="#{applicationView.allApplications}" var="app" itemLabel="#{app.applicationName}" itemValue="#{app}" />
+                        </p:selectOneMenu>
+                    </div>
+                    <div class="col-sm-12 col-md-2">
+                        <p:commandButton value="Select" styleClass="btn-primary btn-solid}" actionListener="#{applicationView.selectApplication}" />
+                    </div>
+                    <div class="col-sm-12 col-md-2">                        
+                        <p:commandButton value="New" id="newButton" icon="fa fa-plus" 
+                                         update="editDialog" oncomplete="PF('editDialogVar').show();"
+                                         actionListener="#{applicationView.newApplication}" styleClass="btn-teal btn-block" />
+                    </div>                    
+                    <div class="col-sm-12 col-md-2">   
+                        <p:commandButton id="deletePermissionButton" icon="fa fa-trash-o" value="#{msgs.button_delete}" actionListener="#{applicationView.deleteApplication}" 
+                                         update="applicationSelect" styleClass="btn-danger btn-block" >
+                            <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
+                        </p:commandButton>                
+                    </div>                
+
+                </div>                        
+                <composite:confirmationDialog />
+            </h:form>
+        </p:panel>
+
+        <p:dialog id="editDialog" widgetVar="editDialogVar" header="Edit account" width="600"
+                  modal="true" appendTo="@(body)" showEffect="fade" hideEffect="fade" styleClass="box-solid box-primary" >            
+            <h:form id="editDialogForm">
+                <p:messages id="editDialogMessages" showDetail="true" showIcon="true" showSummary="true">
+                    <p:autoUpdate />
+                </p:messages>
+
+                <div class="ui-g ui-fluid">
+                    <div class="col-sm-12 col-md-3">
+                        <p:outputLabel for="applicationName" value="Application name" />   
+                    </div>
+                    <div class="col-sm-12 col-md-6">
+                        <p:inputText id="applicationName" value="#{applicationView.editApplication.applicationName}">
+                            <f:validator validatorId="uniqueApplicationValidator"/>
+                        </p:inputText>
+                    </div>
+                    <div class="col-sm-12 col-md-3">                        
+                        <p:message for="applicationName"><p:autoUpdate /></p:message>
+                    </div>
+
+                    <div class="col-sm-12 col-md-3">
+                        <p:spacer height="10px" />
+                        <p:commandButton value="Save" action="#{applicationView.saveEditApplication}" styleClass="btn-primary btn-block" 
+                                         oncomplete="if (args &amp;&amp; !args.validationFailed) PF('editDialogVar').hide();" update=":applicationForm" />
+                    </div>
+                    <div class="col-sm-12 col-md-3">
+                        <p:spacer height="10px" />
+                        <p:commandButton value="Cancel" action="#{applicationView.cancelEditApplication}" immediate="true" styleClass="btn-teal btn-block"
+                                         oncomplete="PF('editDialogVar').hide();" />
+                    </div>
+
+
+                </div>
+            </h:form>
+        </p:dialog>
+
+    </ui:define>
+</ui:composition>
\ No newline at end of file
diff --git a/account-ui/src/main/webapp/web/index.xhtml b/account-ui/src/main/webapp/web/index.xhtml
index 750dc31..983dc13 100644
--- a/account-ui/src/main/webapp/web/index.xhtml
+++ b/account-ui/src/main/webapp/web/index.xhtml
@@ -1,84 +1,13 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <ui:composition xmlns="http://www.w3.org/1999/xhtml"
                 xmlns:ui="http://java.sun.com/jsf/facelets"
-                xmlns:p="http://primefaces.org/ui"
-                template="/resources/template/template.xhtml"
-                xmlns:h="http://xmlns.jcp.org/jsf/html"
-                xmlns:f="http://xmlns.jcp.org/jsf/core"
-                xmlns:co="http://java.sun.com/jsf/composite/composite"
-                xmlns:c="http://xmlns.jcp.org/jsp/jstl/core"
-                xmlns:composite="http://xmlns.jcp.org/jsf/composite/composite">
-
+                template="/resources/template/template.xhtml">
+    
     <ui:define name="title">
-        Applications
+        Home
     </ui:define>
 
     <ui:define name="body" >
-
-        <h:form id="applicationForm" prependId="false">           
-            <p:panel styleClass="box-solid">
-                <div class="ui-g ui-fluid">
-                    <div class="col-sm-12 col-md-6">
-                        <p:selectOneMenu id="applicationSelect" value="#{applicationView.currentApplication}" converter="omnifaces.SelectItemsConverter" required="true">
-                            <f:selectItems value="#{applicationView.allApplications}" var="app" itemLabel="#{app.applicationName}" itemValue="#{app}" />
-                        </p:selectOneMenu>
-                    </div>
-                    <div class="col-sm-12 col-md-2">
-                        <p:commandButton value="Select" styleClass="btn-primary btn-solid}" actionListener="#{applicationView.selectApplication}" />
-                    </div>
-                    <div class="col-sm-12 col-md-2">                        
-                        <p:commandButton value="New" id="newButton" icon="fa fa-plus" 
-                                         update="editDialog" oncomplete="PF('editDialogVar').show();"
-                                         actionListener="#{applicationView.newApplication}" styleClass="btn-teal btn-block" />
-                    </div>                    
-                    <div class="col-sm-12 col-md-2">   
-                        <p:commandButton id="deletePermissionButton" icon="fa fa-trash-o" value="#{msgs.button_delete}" actionListener="#{applicationView.deleteApplication}" 
-                                         update="applicationSelect" styleClass="btn-danger btn-block" >
-                            <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
-                        </p:commandButton>                
-                    </div>                
-                    
-                </div>
-            </p:panel>
-            
-            <composite:confirmationDialog />
-        </h:form>
-
-        <p:dialog id="editDialog" widgetVar="editDialogVar" header="Edit account" width="600"
-                  modal="true" appendTo="@(body)" showEffect="fade" hideEffect="fade" styleClass="box-solid box-primary" >            
-            <h:form id="editDialogForm">
-                <p:messages id="editDialogMessages" showDetail="true" showIcon="true" showSummary="true">
-                    <p:autoUpdate />
-                </p:messages>
-
-                <div class="ui-g ui-fluid">
-                    <div class="col-sm-12 col-md-3">
-                        <p:outputLabel for="applicationName" value="Application name" />   
-                    </div>
-                    <div class="col-sm-12 col-md-6">
-                        <p:inputText id="applicationName" value="#{applicationView.editApplication.applicationName}">
-                            <f:validator validatorId="uniqueApplicationValidator"/>
-                        </p:inputText>
-                    </div>
-                    <div class="col-sm-12 col-md-3">                        
-                        <p:message for="applicationName"><p:autoUpdate /></p:message>
-                    </div>
-
-                    <div class="col-sm-12 col-md-3">
-                        <p:spacer height="10px" />
-                        <p:commandButton value="Save" action="#{applicationView.saveEditApplication}" styleClass="btn-primary btn-block" 
-                                         oncomplete="if (args &amp;&amp; !args.validationFailed) PF('editDialogVar').hide();" update=":applicationForm" />
-                    </div>
-                    <div class="col-sm-12 col-md-3">
-                        <p:spacer height="10px" />
-                        <p:commandButton value="Cancel" action="#{applicationView.cancelEditApplication}" immediate="true" styleClass="btn-teal btn-block"
-                                         oncomplete="PF('editDialogVar').hide();" />
-                    </div>
-
-
-                </div>
-            </h:form>
-        </p:dialog>
-
+        Home         
     </ui:define>
 </ui:composition>
\ No newline at end of file
diff --git a/account-ui/src/main/webapp/web/permissions.xhtml b/account-ui/src/main/webapp/web/permissions.xhtml
index 6819ac0..696ca3b 100644
--- a/account-ui/src/main/webapp/web/permissions.xhtml
+++ b/account-ui/src/main/webapp/web/permissions.xhtml
@@ -1,108 +1,108 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ui:composition xmlns="http://www.w3.org/1999/xhtml"
-                xmlns:ui="http://java.sun.com/jsf/facelets"
-                xmlns:p="http://primefaces.org/ui"
-                template="/resources/template/template.xhtml"
-                xmlns:h="http://xmlns.jcp.org/jsf/html"
-                xmlns:f="http://xmlns.jcp.org/jsf/core"
-                xmlns:co="http://java.sun.com/jsf/composite/composite"
-                xmlns:c="http://xmlns.jcp.org/jsp/jstl/core"
-                xmlns:composite="http://xmlns.jcp.org/jsf/composite/composite">
-
-    <ui:define name="title">
-        Permissions
-    </ui:define>
-
-    <ui:define name="description">
-        for #{applicationView.currentApplication.applicationName}
-    </ui:define>
-
-    <ui:define name="body">
-        <h:form id="permissionForm">
-
-            <p:dataTable id="permissionTable" value="#{permissionView.appPermissions}" var="permission" rowKey="#{permission.id}"
-                         selectionMode="single" selection="#{permissionView.currentPermission}" styleClass="box-primary">
-                <p:ajax event="rowSelect" update=":permissionForm:permissionTable:editPermissionButton,:permissionForm:permissionTable:deletePermissionButton"  />
-                <p:ajax event="rowUnselect" update=":permissionForm:permissionTable:editPermissionButton,:permissionForm:permissionTable:deletePermissionButton" />
-
-                <p:column headerText="Permission name">
-                    <h:outputText value="#{permission.permissionName}" />
-                </p:column>
-                <p:column headerText="Permission description">
-                    <h:outputText value="#{permission.permissionDescription}" />
-                </p:column>    
-
-                <f:facet name="footer">
-                    <div class="ui-g-12 ui-md-2">
-                        <p:commandButton id="newPermissionButton" icon="fa fa-plus" value="#{msgs.button_new}" action="#{permissionView.newPermission}"
-                                         oncomplete="PF('editDialogVar').show();" update="editDialog" styleClass="btn-primary btn-block" />
-                    </div>
-                    <div class="ui-g-12 ui-md-2">
-                        <p:commandButton id="editPermissionButton" icon="fa fa-pencil" value="#{msgs.button_edit}" action="#{permissionView.editPermission}"
-                                         oncomplete="PF('editDialogVar').show();" update="editDialog" styleClass="btn-teal btn-block" disabled="#{!permissionView.canEdit}" />
-                    </div>
-                    <div class="ui-g-12 ui-md-2">
-                        <p:commandButton id="deletePermissionButton" icon="fa fa-trash-o" value="#{msgs.button_delete}" actionListener="#{permissionView.deletePermission}" 
-                                         update="permissionForm" styleClass="btn-danger btn-block" disabled="#{!permissionView.canDelete}">
-                            <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
-                        </p:commandButton>                
-                    </div>
-                </f:facet>
-            </p:dataTable>
-
-            <composite:confirmationDialog />
-
-        </h:form>
-
-
-        <p:dialog id="editDialog" widgetVar="editDialogVar" header="Edit permission" width="600"
-                  modal="true" appendTo="@(body)" showEffect="fade" hideEffect="fade" styleClass="box-solid box-primary" >            
-            <h:form id="editDialogForm">
-                <p:messages id="editDialogMessages" showDetail="true" showIcon="true" showSummary="true">
-                    <p:autoUpdate />
-                </p:messages>
-
-                <div class="ui-g ui-fluid">
-                    <div class="ui-g-12 ui-md-3">
-                        <div class="ui-inputgroup">
-                            <span class="ui-inputgroup-addon"><i style="font-size: 20px" class="fa fa-edit"></i></span>
-                            <p:inputText id="newName" value="#{permissionView.currentPermission.permissionName}" maxlength="80" size="30" placeholder="#{msgs.label_name}" >
-                                <f:validator validatorId="uniquePermissionNameValidator"/>
-                                <f:attribute name="application" value="#{permissionView.currentApplication}" />
-                            </p:inputText>
-                        </div>
-                    </div>
-                    <div class="col-sm-12 col-md-9">                        
-                        <p:message for="newName"><p:autoUpdate /></p:message>
-                    </div>
-
-                    <div class="ui-g-12 ui-md-3">
-                        <div class="ui-inputgroup">
-                            <span class="ui-inputgroup-addon"><i style="font-size: 20px" class="fa fa-edit"></i></span>
-                            <p:inputText id="newDescription" value="#{permissionView.currentPermission.permissionDescription}" maxlength="200" size="30" placeholder="#{msgs.label_description}" />
-                        </div>
-                    </div>
-                    <div class="col-sm-12 col-md-9">                        
-                        <p:message for="newDescription"><p:autoUpdate /></p:message>
-                    </div>
-
-                    <div class="col-sm-12 col-md-6">
-                        <p:spacer height="10px" />
-                        <p:commandButton value="Save" action="#{permissionView.saveEditPermission}" styleClass="btn-primary btn-block" 
-                                         oncomplete="if (args &amp;&amp; !args.validationFailed) PF('editDialogVar').hide();" update=":permissionForm:permissionTable" />
-                    </div>
-                    <div class="col-sm-12 col-md-6">
-                        <p:spacer height="10px" />
-                        <p:commandButton value="Cancel" action="#{permissionView.cancelEditPermission}" immediate="true" styleClass="btn-teal btn-block"
-                                         oncomplete="PF('editDialogVar').hide();" />
-                    </div>                    
-
-                </div>
-            </h:form>
-        </p:dialog>
-
-
-
-    </ui:define>
-
-</ui:composition>
+<?xml version="1.0" encoding="UTF-8"?>
+<ui:composition xmlns="http://www.w3.org/1999/xhtml"
+                xmlns:ui="http://java.sun.com/jsf/facelets"
+                xmlns:p="http://primefaces.org/ui"
+                template="/resources/template/template.xhtml"
+                xmlns:h="http://xmlns.jcp.org/jsf/html"
+                xmlns:f="http://xmlns.jcp.org/jsf/core"
+                xmlns:co="http://java.sun.com/jsf/composite/composite"
+                xmlns:c="http://xmlns.jcp.org/jsp/jstl/core"
+                xmlns:composite="http://xmlns.jcp.org/jsf/composite/composite">
+
+    <ui:define name="title">
+        Permissions
+    </ui:define>
+
+    <ui:define name="description">
+        for #{applicationView.currentApplication.applicationName}
+    </ui:define>
+
+    <ui:define name="body">
+        <p:panel styleClass="box-solid" rendered="#{! empty applicationView.currentApplication}">
+            <h:form id="permissionForm">
+                <p:dataTable id="permissionTable" value="#{permissionView.appPermissions}" var="permission" rowKey="#{permission.id}"
+                             selectionMode="single" selection="#{permissionView.currentPermission}" styleClass="box-primary">
+                    <p:ajax event="rowSelect" update=":permissionForm:permissionTable:editPermissionButton,:permissionForm:permissionTable:deletePermissionButton"  />
+                    <p:ajax event="rowUnselect" update=":permissionForm:permissionTable:editPermissionButton,:permissionForm:permissionTable:deletePermissionButton" />
+
+                    <p:column headerText="Permission name">
+                        <h:outputText value="#{permission.permissionName}" />
+                    </p:column>
+                    <p:column headerText="Permission description">
+                        <h:outputText value="#{permission.permissionDescription}" />
+                    </p:column>    
+
+                    <f:facet name="footer">
+                        <div class="ui-g-12 ui-md-2">
+                            <p:commandButton id="newPermissionButton" icon="fa fa-plus" value="#{msgs.button_new}" action="#{permissionView.newPermission}"
+                                             oncomplete="PF('editDialogVar').show();" update="editDialog" styleClass="btn-primary btn-block" />
+                        </div>
+                        <div class="ui-g-12 ui-md-2">
+                            <p:commandButton id="editPermissionButton" icon="fa fa-pencil" value="#{msgs.button_edit}" action="#{permissionView.editPermission}"
+                                             oncomplete="PF('editDialogVar').show();" update="editDialog" styleClass="btn-teal btn-block" disabled="#{!permissionView.canEdit}" />
+                        </div>
+                        <div class="ui-g-12 ui-md-2">
+                            <p:commandButton id="deletePermissionButton" icon="fa fa-trash-o" value="#{msgs.button_delete}" actionListener="#{permissionView.deletePermission}" 
+                                             update="permissionForm" styleClass="btn-danger btn-block" disabled="#{!permissionView.canDelete}">
+                                <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
+                            </p:commandButton>                
+                        </div>
+                    </f:facet>
+                </p:dataTable>
+
+                <composite:confirmationDialog />
+            </h:form>
+        </p:panel>
+
+
+        <p:dialog id="editDialog" widgetVar="editDialogVar" header="Edit permission" width="600"
+                  modal="true" appendTo="@(body)" showEffect="fade" hideEffect="fade" styleClass="box-solid box-primary" >            
+            <h:form id="editDialogForm">
+                <p:messages id="editDialogMessages" showDetail="true" showIcon="true" showSummary="true">
+                    <p:autoUpdate />
+                </p:messages>
+
+                <div class="ui-g ui-fluid">
+                    <div class="ui-g-12 ui-md-3">
+                        <div class="ui-inputgroup">
+                            <span class="ui-inputgroup-addon"><i style="font-size: 20px" class="fa fa-edit"></i></span>
+                            <p:inputText id="newName" value="#{permissionView.currentPermission.permissionName}" maxlength="80" size="30" placeholder="#{msgs.label_name}" >
+                                <f:validator validatorId="uniquePermissionNameValidator"/>
+                                <f:attribute name="application" value="#{permissionView.currentApplication}" />
+                            </p:inputText>
+                        </div>
+                    </div>
+                    <div class="col-sm-12 col-md-9">                        
+                        <p:message for="newName"><p:autoUpdate /></p:message>
+                    </div>
+
+                    <div class="ui-g-12 ui-md-3">
+                        <div class="ui-inputgroup">
+                            <span class="ui-inputgroup-addon"><i style="font-size: 20px" class="fa fa-edit"></i></span>
+                            <p:inputText id="newDescription" value="#{permissionView.currentPermission.permissionDescription}" maxlength="200" size="30" placeholder="#{msgs.label_description}" />
+                        </div>
+                    </div>
+                    <div class="col-sm-12 col-md-9">                        
+                        <p:message for="newDescription"><p:autoUpdate /></p:message>
+                    </div>
+
+                    <div class="col-sm-12 col-md-6">
+                        <p:spacer height="10px" />
+                        <p:commandButton value="Save" action="#{permissionView.saveEditPermission}" styleClass="btn-primary btn-block" 
+                                         oncomplete="if (args &amp;&amp; !args.validationFailed) PF('editDialogVar').hide();" update=":permissionForm:permissionTable" />
+                    </div>
+                    <div class="col-sm-12 col-md-6">
+                        <p:spacer height="10px" />
+                        <p:commandButton value="Cancel" action="#{permissionView.cancelEditPermission}" immediate="true" styleClass="btn-teal btn-block"
+                                         oncomplete="PF('editDialogVar').hide();" />
+                    </div>                    
+
+                </div>
+            </h:form>
+        </p:dialog>        
+
+
+
+    </ui:define>
+
+</ui:composition>
diff --git a/account-ui/src/main/webapp/web/roles.xhtml b/account-ui/src/main/webapp/web/roles.xhtml
index 73bd590..518667f 100644
--- a/account-ui/src/main/webapp/web/roles.xhtml
+++ b/account-ui/src/main/webapp/web/roles.xhtml
@@ -1,134 +1,135 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<ui:composition xmlns="http://www.w3.org/1999/xhtml"
-                xmlns:ui="http://java.sun.com/jsf/facelets"
-                xmlns:p="http://primefaces.org/ui"
-                template="/resources/template/template.xhtml"
-                xmlns:h="http://xmlns.jcp.org/jsf/html"
-                xmlns:co="http://java.sun.com/jsf/composite/composite"
-                xmlns:f="http://xmlns.jcp.org/jsf/core"
-                xmlns:composite="http://xmlns.jcp.org/jsf/composite/composite">
-
-    <ui:define name="title">
-        Roles Overview
-    </ui:define>
-
-    <ui:define name="description">
-        for #{applicationView.currentApplication.applicationName}
-    </ui:define>
-
-    <ui:define name="body">
-        <h:form id="roleForm">
-            <p:dataTable id="roleTable" value="#{roleView.allRoles}" var="role" rowKey="#{role.id}" styleClass="box-primary"
-                         selectionMode="single" selection="#{roleView.currentRole}">
-                <p:ajax event="rowSelect" update=":roleForm:permissionTable, editRoleButton, deleteRoleButton" listener="#{roleView.onRoleSelect}"/>
-                <p:ajax event="rowUnselect" update=":roleForm:permissionTable, editRoleButton, deleteRoleButton" />
-
-                <p:column headerText="Role name">
-                    <h:outputText value="#{role.roleName}" />
-                </p:column>
-                <p:column headerText="Role description">
-                    <h:outputText value="#{role.roleDescription}" />
-                </p:column>  
-
-
-                <f:facet name="footer">
-                    <div class="ui-g ui-fluid">
-                        <div class="col-sm-12 col-md-2" style="margin-top:10px">
-                            <p:commandButton id="newRoleButton" icon="fa fa-plus" value="#{msgs.button_new}" actionListener="#{roleView.startNewRole}"
-                                             update="editDialog" oncomplete="PF('editDialogVar').show();" styleClass="btn-primary btn-block"/>
-                        </div>
-                        <div class="col-sm-12 col-md-2" style="margin-top:10px">
-                            <p:commandButton id="editRoleButton" icon="fa fa-pencil" value="#{msgs.button_edit}" disabled="#{!roleView.roleSelected}"
-                                             update="editDialog" oncomplete="PF('editDialogVar').show();" styleClass="btn-teal btn-block"/>
-                        </div>
-                        <div class="col-sm-12 col-md-2" style="margin-top:10px">
-                            <p:commandButton id="deleteRoleButton" icon="fa fa-trash-o" value="#{msgs.button_delete}" disabled="#{!roleView.roleSelected}"
-                                             action="#{roleView.deleteRole}" update=":roleForm:roleTable" styleClass="btn-danger btn-block">
-                                <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
-                            </p:commandButton>                
-                        </div>
-                    </div>
-                </f:facet>
-            </p:dataTable>
-
-            <p:spacer height="15px;" />
-
-            <p:dataTable id="permissionTable" value="#{roleView.rolePermissions}" var="permission" rowKey="#{permission.id}" styleClass="box-teal"
-                         selectionMode="single" selection="#{roleView.currentPermission}">
-                <p:ajax event="rowSelect" update="addPermissionButton, deletePermissionButton" />
-                <p:ajax event="rowUnselect" update="addPermissionButton, deletePermissionButton" />
-
-                <p:column headerText="Permission name">
-                    <h:outputText value="#{permission.permissionName}" />
-                </p:column>
-                <p:column headerText="Permission description">
-                    <h:outputText value="#{permission.permissionDescription}" />
-                </p:column>   
-                <f:facet name="footer" >
-                    <p:selectOneMenu value="#{roleView.newPermission}" converter="omnifaces.SelectItemsConverter" >
-                        <f:selectItems id="permissionListItems" value="#{roleView.missingPermissions}" var="missingPermission" itemLabel="#{missingPermission.permissionName}" itemValue="#{missingPermission}"  />
-                    </p:selectOneMenu>
-                    <div class="ui-g-12 ui-md-2">
-                        <p:commandButton id="addPermissionButton" icon="fa fa-plus" value="#{msgs.button_add}" action="#{roleView.addRolePermission}" 
-                                         update="permissionTable" styleClass="btn-primary btn-block" disabled="#{!roleView.missingPermissionAvailable}" />
-                    </div>
-                    <div class="ui-g-12 ui-md-2">
-                        <p:commandButton id="deletePermissionButton" icon="fa fa-trash-o" value="#{msgs.button_delete}" update=":roleForm:permissionTable" 
-                                         action="#{roleView.removeRolePermission}" styleClass="btn-danger btn-block"
-                                         disabled="#{!roleView.permissionSelected}" >
-                            <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
-                        </p:commandButton>
-                    </div>
-                </f:facet>                   
-            </p:dataTable>
-
-            <composite:confirmationDialog />
-
-        </h:form>
-
-        <p:dialog id="editDialog" widgetVar="editDialogVar" header="Edit account" width="600"
-                  modal="true" appendTo="@(body)" showEffect="fade" hideEffect="fade" styleClass="box-solid box-primary" >            
-            <h:form id="editDialogForm">
-                <p:messages id="editDialogMessages" showDetail="true" showIcon="true" showSummary="true">
-                    <p:autoUpdate />
-                </p:messages>
-
-                <div class="ui-g ui-fluid">
-                    <div class="col-sm-12 col-md-3">
-                        <p:outputLabel for="newName" value="Role name" />   
-                    </div>
-                    <div class="col-sm-12 col-md-6">
-                        <p:inputText id="newName" value="#{roleView.currentRole.roleName}" placeholder="#{msgs.label_name}" maxlength="80" size="40">
-                            <f:validator validatorId="uniqueApplicationRoleNameValidator"/>
-                            <f:attribute name="application" value="#{roleView.currentApplication}" />
-                        </p:inputText>
-                    </div>
-                    <div class="col-sm-12 col-md-3">
-                        <p:message for="newName"><p:autoUpdate /></p:message>
-                    </div>
-                    <div class="col-sm-12 col-md-3">
-                        <p:outputLabel for="newDescription" value="Description" />   
-                    </div>
-                    <div class="col-sm-12 col-md-6">                    
-                        <p:inputText id="newDescription" value="#{roleView.currentRole.roleDescription}" placeholder="#{msgs.label_description}" maxlength="200" size="40" />                            
-                    </div>
-                    <div class="col-sm-12 col-md-3">
-                        <p:message for="newDescription"><p:autoUpdate /></p:message>
-                    </div>                    
-
-                    <div class="col-sm-12 col-md-6">
-                        <p:spacer height="10px" />
-                        <p:commandButton value="Save" action="#{roleView.saveEditRole}" styleClass="btn-primary btn-block" 
-                                         oncomplete="if (args &amp;&amp; !args.validationFailed) PF('editDialogVar').hide();" update=":roleForm:roleTable" />
-                    </div>
-                    <div class="col-sm-12 col-md-6">
-                        <p:spacer height="10px" />
-                        <p:commandButton value="Cancel" action="#{roleView.cancelEditRole}" immediate="true" styleClass="btn-teal btn-block"
-                                         oncomplete="PF('editDialogVar').hide();" />
-                    </div>
-                </div>
-            </h:form>
-        </p:dialog>
-    </ui:define>
-
-</ui:composition>
+<?xml version="1.0" encoding="UTF-8"?>
+<ui:composition xmlns="http://www.w3.org/1999/xhtml"
+                xmlns:ui="http://java.sun.com/jsf/facelets"
+                xmlns:p="http://primefaces.org/ui"
+                template="/resources/template/template.xhtml"
+                xmlns:h="http://xmlns.jcp.org/jsf/html"
+                xmlns:co="http://java.sun.com/jsf/composite/composite"
+                xmlns:f="http://xmlns.jcp.org/jsf/core"
+                xmlns:composite="http://xmlns.jcp.org/jsf/composite/composite">
+
+    <ui:define name="title">
+        Roles Overview
+    </ui:define>
+
+    <ui:define name="description">
+        for #{applicationView.currentApplication.applicationName}
+    </ui:define>
+
+    <ui:define name="body">
+        <p:panel styleClass="box-solid" rendered="#{! empty applicationView.currentApplication}">
+            <h:form id="roleForm">
+                <p:dataTable id="roleTable" value="#{roleView.allRoles}" var="role" rowKey="#{role.id}" styleClass="box-primary"
+                             selectionMode="single" selection="#{roleView.currentRole}">
+                    <p:ajax event="rowSelect" update=":roleForm:permissionTable, editRoleButton, deleteRoleButton" listener="#{roleView.onRoleSelect}"/>
+                    <p:ajax event="rowUnselect" update=":roleForm:permissionTable, editRoleButton, deleteRoleButton" />
+
+                    <p:column headerText="Role name">
+                        <h:outputText value="#{role.roleName}" />
+                    </p:column>
+                    <p:column headerText="Role description">
+                        <h:outputText value="#{role.roleDescription}" />
+                    </p:column>  
+
+
+                    <f:facet name="footer">
+                        <div class="ui-g ui-fluid">
+                            <div class="col-sm-12 col-md-2" style="margin-top:10px">
+                                <p:commandButton id="newRoleButton" icon="fa fa-plus" value="#{msgs.button_new}" actionListener="#{roleView.startNewRole}"
+                                                 update="editDialog" oncomplete="PF('editDialogVar').show();" styleClass="btn-primary btn-block"/>
+                            </div>
+                            <div class="col-sm-12 col-md-2" style="margin-top:10px">
+                                <p:commandButton id="editRoleButton" icon="fa fa-pencil" value="#{msgs.button_edit}" disabled="#{!roleView.roleSelected}"
+                                                 update="editDialog" oncomplete="PF('editDialogVar').show();" styleClass="btn-teal btn-block"/>
+                            </div>
+                            <div class="col-sm-12 col-md-2" style="margin-top:10px">
+                                <p:commandButton id="deleteRoleButton" icon="fa fa-trash-o" value="#{msgs.button_delete}" disabled="#{!roleView.roleSelected}"
+                                                 action="#{roleView.deleteRole}" update=":roleForm:roleTable" styleClass="btn-danger btn-block">
+                                    <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
+                                </p:commandButton>                
+                            </div>
+                        </div>
+                    </f:facet>
+                </p:dataTable>
+
+                <p:spacer height="15px;" />
+
+                <p:dataTable id="permissionTable" value="#{roleView.rolePermissions}" var="permission" rowKey="#{permission.id}" styleClass="box-teal"
+                             selectionMode="single" selection="#{roleView.currentPermission}">
+                    <p:ajax event="rowSelect" update="addPermissionButton, deletePermissionButton" />
+                    <p:ajax event="rowUnselect" update="addPermissionButton, deletePermissionButton" />
+
+                    <p:column headerText="Permission name">
+                        <h:outputText value="#{permission.permissionName}" />
+                    </p:column>
+                    <p:column headerText="Permission description">
+                        <h:outputText value="#{permission.permissionDescription}" />
+                    </p:column>   
+                    <f:facet name="footer" >
+                        <p:selectOneMenu value="#{roleView.newPermission}" converter="omnifaces.SelectItemsConverter" >
+                            <f:selectItems id="permissionListItems" value="#{roleView.missingPermissions}" var="missingPermission" itemLabel="#{missingPermission.permissionName}" itemValue="#{missingPermission}"  />
+                        </p:selectOneMenu>
+                        <div class="ui-g-12 ui-md-2">
+                            <p:commandButton id="addPermissionButton" icon="fa fa-plus" value="#{msgs.button_add}" action="#{roleView.addRolePermission}" 
+                                             update="permissionTable" styleClass="btn-primary btn-block" disabled="#{!roleView.missingPermissionAvailable}" />
+                        </div>
+                        <div class="ui-g-12 ui-md-2">
+                            <p:commandButton id="deletePermissionButton" icon="fa fa-trash-o" value="#{msgs.button_delete}" update=":roleForm:permissionTable" 
+                                             action="#{roleView.removeRolePermission}" styleClass="btn-danger btn-block"
+                                             disabled="#{!roleView.permissionSelected}" >
+                                <p:confirm header="Confirmation" message="Are you sure?" icon="fa fa-exclamation-triangle" />
+                            </p:commandButton>
+                        </div>
+                    </f:facet>                   
+                </p:dataTable>
+
+                <composite:confirmationDialog />
+            </h:form>
+        </p:panel>
+
+        <p:dialog id="editDialog" widgetVar="editDialogVar" header="Edit account" width="600"
+                  modal="true" appendTo="@(body)" showEffect="fade" hideEffect="fade" styleClass="box-solid box-primary" >            
+            <h:form id="editDialogForm">
+                <p:messages id="editDialogMessages" showDetail="true" showIcon="true" showSummary="true">
+                    <p:autoUpdate />
+                </p:messages>
+
+                <div class="ui-g ui-fluid">
+                    <div class="col-sm-12 col-md-3">
+                        <p:outputLabel for="newName" value="Role name" />   
+                    </div>
+                    <div class="col-sm-12 col-md-6">
+                        <p:inputText id="newName" value="#{roleView.currentRole.roleName}" placeholder="#{msgs.label_name}" maxlength="80" size="40">
+                            <f:validator validatorId="uniqueApplicationRoleNameValidator"/>
+                            <f:attribute name="application" value="#{roleView.currentApplication}" />
+                        </p:inputText>
+                    </div>
+                    <div class="col-sm-12 col-md-3">
+                        <p:message for="newName"><p:autoUpdate /></p:message>
+                    </div>
+                    <div class="col-sm-12 col-md-3">
+                        <p:outputLabel for="newDescription" value="Description" />   
+                    </div>
+                    <div class="col-sm-12 col-md-6">                    
+                        <p:inputText id="newDescription" value="#{roleView.currentRole.roleDescription}" placeholder="#{msgs.label_description}" maxlength="200" size="40" />                            
+                    </div>
+                    <div class="col-sm-12 col-md-3">
+                        <p:message for="newDescription"><p:autoUpdate /></p:message>
+                    </div>                    
+
+                    <div class="col-sm-12 col-md-6">
+                        <p:spacer height="10px" />
+                        <p:commandButton value="Save" action="#{roleView.saveEditRole}" styleClass="btn-primary btn-block" 
+                                         oncomplete="if (args &amp;&amp; !args.validationFailed) PF('editDialogVar').hide();" update=":roleForm:roleTable" />
+                    </div>
+                    <div class="col-sm-12 col-md-6">
+                        <p:spacer height="10px" />
+                        <p:commandButton value="Cancel" action="#{roleView.cancelEditRole}" immediate="true" styleClass="btn-teal btn-block"
+                                         oncomplete="PF('editDialogVar').hide();" />
+                    </div>
+                </div>
+            </h:form>
+        </p:dialog>
+    </ui:define>
+
+</ui:composition>