Merge branch 'master' of dev.intra.insomnia.fi:/data/bortal

Tuukka Kivilahti
Commit 0185b6ab authored Jun 12, 2010 by Tuukka Kivilahti
Showing with 607 additions and 159 deletions
code/LanBortal/.settings/org.eclipse.wst.common.project.facet.core.xml
code/LanBortalAuthModule.jar
code/LanBortalAuthModule/.classpath
code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalLoginModule.java
code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalRealm.java
code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalServerAuthModule.java
code/LanBortalAuthModule/src/fi/insomnia/bortal/RealmBeanRemote.java
code/LanBortalBeans/.classpath
code/LanBortalBeans/.settings/org.eclipse.jdt.core.prefs
code/LanBortalBeans/.settings/org.eclipse.wst.common.project.facet.core.xml
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/AccessRightBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/EventBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceMapBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/TestDataBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryFacade.java
--- a/code/LanBortal/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/code/LanBortal/.settings/org.eclipse.wst.common.project.facet.core.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <faceted-project>
+  <runtime name="GlassFish v3 Java EE 6"/>
  <fixed facet="jst.ear"/>
  <installed facet="jst.ear" version="5.0"/>
  <installed facet="sun.facet" version="9"/>

--- a/code/LanBortalAuthModule.jar
+++ b/code/LanBortalAuthModule.jar
--- a/code/LanBortalAuthModule/.classpath
+++ b/code/LanBortalAuthModule/.classpath
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
 	<classpathentry kind="src" path="src"/>
-	<classpathentry combineaccessrules="false" exported="true" kind="src" path="/LanBortalBeansClient"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
-	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/com.sun.enterprise.jst.server.runtimeTarget/GlassFish v3 Java EE 6"/>
+	<classpathentry kind="lib" path="/Users/tuomari/bin/glassfishv31_0507_2/glassfish/lib/appserv-rt.jar"/>
 	<classpathentry kind="output" path="bin"/>
 </classpath>
--- a/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalLoginModule.java
+++ b/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalLoginModule.java
@@ -44,7 +44,6 @@ import com.sun.appserv.security.AppservPasswordLoginModule;
 import com.sun.enterprise.security.auth.realm.InvalidOperationException;
 import com.sun.enterprise.security.auth.realm.NoSuchUserException;
-import fi.insomnia.bortal.beans.JaasBeanRemote;
 /**
 * 
@@ -77,7 +76,7 @@ public class BortalLoginModule extends AppservPasswordLoginModule {
 			throw new LoginException("Realm not SampleRealm");
 		}
-		JaasBeanRemote authbean = BortalRealm.getAuthBean();
+		RealmBeanRemote authbean = BortalRealm.getAuthBean();
 		if (authbean == null) {
 			throw new LoginException("Error. Could not get authentication bean!");
 		}

--- a/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalRealm.java
+++ b/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalRealm.java
@@ -48,7 +48,7 @@ import com.sun.enterprise.security.auth.realm.InvalidOperationException;
 import com.sun.enterprise.security.auth.realm.NoSuchRealmException;
 import com.sun.enterprise.security.auth.realm.NoSuchUserException;
-import fi.insomnia.bortal.beans.JaasBeanRemote;
 /**
 * 
@@ -109,7 +109,7 @@ public class BortalRealm extends AppservRealm {
 				append(s).toString());
 	}
-	public static JaasBeanRemote getAuthBean() {
+	public static RealmBeanRemote getAuthBean() {
 		Object beanObj = null;
 		try {
 			beanObj = new InitialContext().lookup(JAAS_BEAN_JNDI);
@@ -118,8 +118,8 @@ public class BortalRealm extends AppservRealm {
 			e.printStackTrace();
 			return null;
 		}
-		if (beanObj instanceof JaasBeanRemote) {
+		if (beanObj instanceof RealmBeanRemote) {
-			return (JaasBeanRemote) beanObj;
+			return (RealmBeanRemote) beanObj;
 		}
 		return null;

--- a/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalServerAuthModule.java
+++ b/code/LanBortalAuthModule/src/fi/insomnia/bortal/BortalServerAuthModule.java
+package fi.insomnia.bortal;
+import java.io.IOException;
+import java.util.Map;
+import javax.security.auth.Subject;
+import javax.security.auth.callback.Callback;
+import javax.security.auth.callback.CallbackHandler;
+import javax.security.auth.callback.UnsupportedCallbackException;
+import javax.security.auth.message.AuthException;
+import javax.security.auth.message.AuthStatus;
+import javax.security.auth.message.MessageInfo;
+import javax.security.auth.message.MessagePolicy;
+import javax.security.auth.message.callback.CallerPrincipalCallback;
+import javax.security.auth.message.callback.GroupPrincipalCallback;
+import javax.security.auth.message.callback.PasswordValidationCallback;
+import javax.security.auth.message.module.ServerAuthModule;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.apache.catalina.util.Base64;
+public class BortalServerAuthModule implements ServerAuthModule {
+	protected static final Class<?>[] supportedMessageTypes =
+			new Class[] {
+					HttpServletRequest.class,
+					HttpServletResponse.class
+	};
+	private MessagePolicy requestPolicy;
+	private MessagePolicy responsePolicy;
+	private CallbackHandler handler;
+	private Map<?, ?> options;
+	private String realmName = null;
+	private String defaultGroup[] = null;
+	private static final String REALM_PROPERTY_NAME = "realm.name";
+	private static final String GROUP_PROPERTY_NAME = "group.name";
+	private static final String BASIC = "Basic";
+	static final String AUTHORIZATION_HEADER = "authorization";
+	static final String AUTHENTICATION_HEADER = "WWW-Authenticate";
+	private static void log(String str) {
+		System.out.println(str);
+	}
+	public void initialize(MessagePolicy reqPolicy, MessagePolicy resPolicy,
+			CallbackHandler cBH, Map opts)
+			throws AuthException {
+		requestPolicy = reqPolicy;
+		responsePolicy = resPolicy;
+		handler = cBH;
+		options = opts;
+		if (options != null) {
+			realmName = (String) options.get(REALM_PROPERTY_NAME);
+			if (options.containsKey(GROUP_PROPERTY_NAME)) {
+				defaultGroup = new String[] { (String)
+						options.get(GROUP_PROPERTY_NAME) };
+			}
+		}
+	}
+	public Class<?>[] getSupportedMessageTypes() {
+		return supportedMessageTypes;
+	}
+	public AuthStatus validateRequest(MessageInfo msgInfo, Subject client, Subject server) throws AuthException {
+		try {
+		    String username = processAuthorizationToken(msgInfo, client);
+                    log("req pol mand:  " + requestPolicy.isMandatory());
+			if (username == null && requestPolicy.isMandatory()) {
+				return sendAuthenticateChallenge(msgInfo);
+			}
+			setAuthenticationResult(username, client, msgInfo);
+			return AuthStatus.SUCCESS;
+		} catch (Exception e) {
+			AuthException ae = new AuthException();
+			ae.initCause(e);
+			throw ae;
+		}
+	}
+	private String processAuthorizationToken(MessageInfo msgInfo, Subject s) throws AuthException {
+		HttpServletRequest request = (HttpServletRequest) msgInfo.getRequestMessage();
+		String token = request.getHeader(AUTHORIZATION_HEADER);
+		log("Processing authentication: " + token);
+		if (token != null && token.startsWith(BASIC + " ")) {
+			token = token.substring(6).trim();
+			// Decode and parse the authorization token
+			String decoded = new String(Base64.decode(token.getBytes()));
+			int colon = decoded.indexOf(':');
+			if (colon <= 0 || colon == decoded.length() - 1) {
+				return (null);
+			}
+			String username = decoded.substring(0, colon);
+			log("Logging in as :" + username);
+			// use the callback to ask the container to
+			// validate the password
+			PasswordValidationCallback pVC = new PasswordValidationCallback(s, username,
+					decoded.substring(colon + 1).toCharArray());
+			try {
+				handler.handle(new Callback[] { pVC });
+				pVC.clearPassword();
+			} catch (Exception e) {
+				AuthException ae = new AuthException();
+				ae.initCause(e);
+				throw ae;
+			}
+			if (pVC.getResult()) {
+				return username;
+			}
+		}
+		return null;
+	}
+	private AuthStatus sendAuthenticateChallenge(MessageInfo msgInfo) {
+		log("Sending authenticate challenge!!!");
+		String realm = realmName;
+		// if the realm property is set use it,
+		// otherwise use the name of the server
+		// as the realm name.
+		if (realm == null) {
+			HttpServletRequest request = (HttpServletRequest) msgInfo.getRequestMessage();
+			realm = request.getServerName();
+		}
+		HttpServletResponse response = (HttpServletResponse) msgInfo.getResponseMessage();
+		String header = BASIC + " realm=\"" + realm + "\"";
+		response.setHeader(AUTHENTICATION_HEADER, header);
+		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+		return AuthStatus.SEND_CONTINUE;
+	}
+	public AuthStatus secureResponse(MessageInfo msgInfo, Subject service) throws AuthException {
+		log("Resp mand: " + responsePolicy.isMandatory());
+		if (responsePolicy.isMandatory()) {
+			return sendAuthenticateChallenge(msgInfo);
+		}
+		return AuthStatus.SEND_SUCCESS;
+	}
+	public void cleanSubject(MessageInfo msgInfo, Subject subject) throws AuthException {
+		if (subject != null) {
+			subject.getPrincipals().clear();
+		}
+	}
+	private static final String AUTH_TYPE_INFO_KEY = "javax.servlet.http.authType";
+	// distinguish the caller principal
+	// and assign default groups
+	private void setAuthenticationResult(String name, Subject s, MessageInfo m) throws IOException, UnsupportedCallbackException {
+		handler.handle(new Callback[] { new CallerPrincipalCallback(s, name) });
+		if (name != null) {
+			// add the default group if the property is set
+			if (defaultGroup != null) {
+				handler.handle(new Callback[] { new GroupPrincipalCallback(s, defaultGroup) });
+			}
+			m.getMap().put(AUTH_TYPE_INFO_KEY, "BortalSAM");
+		}
+	}
+}
--- a/code/LanBortalAuthModule/src/fi/insomnia/bortal/RealmBeanRemote.java
+++ b/code/LanBortalAuthModule/src/fi/insomnia/bortal/RealmBeanRemote.java
+package fi.insomnia.bortal;
+import java.util.Enumeration;
+public interface RealmBeanRemote {
+	Enumeration<String> getGroupNames(String user);
+	boolean authenticate(String _username, String string);
+}
--- a/code/LanBortalBeans/.classpath
+++ b/code/LanBortalBeans/.classpath
@@ -4,14 +4,15 @@
 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
 	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/com.sun.enterprise.jst.server.runtimeTarget/GlassFish v3 Java EE 6">
 		<attributes>
-			<attribute name="owner.project.facets" value="jst.ejb"/>
+			<attribute name="owner.project.facets" value="jst.ejb;#system#"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
+	<classpathentry kind="lib" path="libs/PDFjet.jar"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.launching.macosx.MacOSXType/JVM 1.6">
 		<attributes>
-			<attribute name="owner.project.facets" value="jst.java"/>
+			<attribute name="owner.project.facets" value="java"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="lib" path="libs/PDFjet.jar"/>
+	<classpathentry combineaccessrules="false" kind="src" path="/LanBortalAuthModule"/>
 	<classpathentry kind="output" path="build/classes"/>
 </classpath>
--- a/code/LanBortalBeans/.settings/org.eclipse.jdt.core.prefs
+++ b/code/LanBortalBeans/.settings/org.eclipse.jdt.core.prefs
-#Sun Mar 07 12:30:43 EET 2010
+#Thu Jun 10 02:19:46 EEST 2010
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
@@ -12,9 +12,10 @@ org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.source=1.6
 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=0
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=1
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
 org.eclipse.jdt.core.formatter.alignment_for_assignment=0
 org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
@@ -22,6 +23,7 @@ org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
 org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=80
 org.eclipse.jdt.core.formatter.alignment_for_enum_constants=0
 org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
+org.eclipse.jdt.core.formatter.alignment_for_method_declaration=0
 org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
@@ -66,10 +68,15 @@ org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
 org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
 org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=insert
 org.eclipse.jdt.core.formatter.comment.line_length=80
+org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
+org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
 org.eclipse.jdt.core.formatter.compact_else_if=true
 org.eclipse.jdt.core.formatter.continuation_indentation=2
 org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
+org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
+org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
 org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
+org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
@@ -84,6 +91,7 @@ org.eclipse.jdt.core.formatter.indentation.size=8
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
@@ -266,5 +274,7 @@ org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1
 org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=true
 org.eclipse.jdt.core.formatter.tabulation.char=space
 org.eclipse.jdt.core.formatter.tabulation.size=4
+org.eclipse.jdt.core.formatter.use_on_off_tags=false
 org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
 org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
+org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
--- a/code/LanBortalBeans/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/code/LanBortalBeans/.settings/org.eclipse.wst.common.project.facet.core.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <faceted-project>
+  <runtime name="GlassFish v3 Java EE 6"/>
  <fixed facet="jst.ejb"/>
  <fixed facet="jst.java"/>
  <installed facet="jst.java" version="6.0"/>

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/AccessRightBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/AccessRightBean.java
@@ -11,8 +11,11 @@ import fi.insomnia.bortal.model.AccessRight;
 import javax.ejb.EJB;
 import javax.ejb.Stateless;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 /**
- *
+ * 
 * @author tuukka
 */
 @Stateless
@@ -20,6 +23,7 @@ public class AccessRightBean implements AccessRightBeanLocal {
    @EJB
    private AccessRightFacade accessRightFacade;
+    private static final Logger logger = LoggerFactory.getLogger(AccessRightBean.class);
    public AccessRight findOrCreate(Permission permission) {
        AccessRight right = accessRightFacade.findByPermission(permission);
@@ -29,9 +33,10 @@ public class AccessRightBean implements AccessRightBeanLocal {
            right.setName(permission.name());
            right.setDescription(permission.getDescription());
            accessRightFacade.create(right);
+            logger.info("Access right permission {} not found. created {}", permission, right);
        }
        return right;
    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/BillBean.java
@@ -7,21 +7,21 @@ import javax.ejb.EJB;
 import javax.ejb.Stateless;
 import javax.servlet.ServletOutputStream;
 import fi.insomnia.bortal.beanutil.AuthorisationBean;
 import fi.insomnia.bortal.beanutil.AuthorisationBean.Right;
 import fi.insomnia.bortal.beanutil.AuthorisationBean.RightType;
 import fi.insomnia.bortal.beanutil.PdfPrinter;
+import fi.insomnia.bortal.enums.BeanRole;
 import fi.insomnia.bortal.facade.BillFacade;
 import fi.insomnia.bortal.model.Bill;
 import fi.insomnia.bortal.model.Event;
 import fi.insomnia.bortal.model.User;
 /**
 * Session Bean implementation class BillBean
 */
 @Stateless
-@DeclareRoles({ "user", "moneyadmin" })
 public class BillBean implements BillBeanLocal {
    @EJB

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/EventBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/EventBean.java
@@ -44,7 +44,6 @@ public class EventBean implements EventBeanLocal {
    public Event findOrCreateDefaultEvent() {
        Event ret = eventFacade.findByName(DEFAULT_EVENT_NAME);
        if (ret == null) {
            ret = new Event();
            ret.setReferer("");

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/JaasBean.java
@@ -9,8 +9,9 @@ import javax.ejb.Stateless;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import fi.insomnia.bortal.enums.Role;
+import fi.insomnia.bortal.enums.BeanRole;
 import fi.insomnia.bortal.facade.UserFacade;
+import fi.insomnia.bortal.model.Role;
 import fi.insomnia.bortal.model.User;
 /**
@@ -19,14 +20,13 @@ import fi.insomnia.bortal.model.User;
 @Stateless
 public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
-    public static final String JAAS_SUPERADMINGROUP = "superadmin";
-    public static final String JAAS_USERGROUP = "user";
    private static final Logger logger = LoggerFactory.getLogger(JaasBean.class);
    @EJB
    private UserFacade userfacade;
+    @EJB
+    private SecurityBeanLocal secubean;
    @EJB
    private UserBean userbean;
@@ -37,38 +37,49 @@ public class JaasBean implements JaasBeanLocal, JaasBeanRemote {
        // TODO Auto-generated constructor stub
    }
    public User tryLogin(String username, String password) {
        User user = userfacade.findByLogin(username.trim());
+logger.debug("Trying to login as {}", username);
+logger.info("Logging test");
+        User ret = null;
+        if (user != null) {
+            if (user.checkPassword(password)) {
+                ret = user;
+            } else {
+                secubean.logMessage(SecurityLogType.permissionDenied, user, "Login failed: wrong password!");
+            }
+        } else {
+            secubean.logMessage(SecurityLogType.permissionDenied, "Login failed: Username not found: " + username);
-        if (user != null && user.checkPassword(password)) {
-            return user;
        }
-        return null;
+        return ret;
    }
    @Override
    public boolean authenticate(String username, String password) {
-        return (tryLogin(username, password) != null);
+        boolean ret = (tryLogin(username, password) != null);
+        return ret;
    }
    @Override
    public Enumeration<String> getGroupNames(String user) {
        User usr = userbean.getUser(user);
+        Vector<String> roles = new Vector<String>();
-        Vector<String> rights = new Vector<String>();
        if (usr != null) {
-            rights.add(JAAS_USERGROUP);
+            for (Role r : usr.getRoles()) {
+                roles.add(r.getName());
+            }
            if (usr.isSuperadmin()) {
-                rights.add(JAAS_SUPERADMINGROUP);
+                roles.add(BeanRole.SUPERADMIN.name());
            }
        }
-        return rights.elements();
+        logger.debug("group names for user {}: {}", user, roles);
+        return roles.elements();
    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceMapBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/PlaceMapBean.java
@@ -47,7 +47,6 @@ public class PlaceMapBean implements PlaceMapBeanLocal {
    @EJB
    private UserFacade userFacade;
-    @Override
    public void printPlaceMapToStream(OutputStream outputStream, String filetype, Event event, Integer mapId, Integer userId, List<Integer> placeIds) throws IOException {
        long begin = new Date().getTime();

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/RoleBean.java
@@ -4,24 +4,34 @@
 */
 package fi.insomnia.bortal.beans;
-import fi.insomnia.bortal.facade.RoleFacade;
-import fi.insomnia.bortal.model.Role;
 import java.util.ArrayList;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
 import javax.ejb.EJB;
 import javax.ejb.Stateless;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import fi.insomnia.bortal.facade.RoleFacade;
+import fi.insomnia.bortal.model.Role;
 /**
- *
+ * 
 * @author tuukka
 */
 @Stateless
 public class RoleBean implements RoleBeanLocal {
+//    public static final String[] DECLARED_ROLES = 
+//    {
+//        BeanRole.SUPERADMIN.toString(),
+//        BeanRole.ADMIN_BASE.name(), 
+//        BeanRole.USER_BASE.name() 
+//        };
    @EJB
    private RoleFacade roleFacade;
    private static final Logger logger = LoggerFactory.getLogger(RoleBean.class);
@@ -37,7 +47,6 @@ public class RoleBean implements RoleBeanLocal {
    public Role create(Role role) {
        roleFacade.create(role);
        return role;
@@ -46,22 +55,20 @@ public class RoleBean implements RoleBeanLocal {
    public List<Role> getPossibleParents(Role role) {
        List<Role> roleList = listRoles();
-        if(role == null)
+        if (role == null)
            return roleList;
        List<Role> children = getAllChilds(role, new HashSet<Role>());
        for (Role unit : children) {
-            if (roleList.contains(role)) {
+            if (roleList.contains(unit)) {
-                roleList.remove(role);
+                roleList.remove(unit);
            }
        }
        return roleList;
    }
    private static List<Role> getAllChilds(Role role, Set<Role> checkedRoles) {
        List<Role> returnList = new ArrayList<Role>();
@@ -80,7 +87,11 @@ public class RoleBean implements RoleBeanLocal {
        return returnList;
    }
+//    public static String[] getDeclaredRoles() {
+//        return DECLARED_ROLES;
+//    }
    // Add business logic below. (Right-click in editor and choose
    // "Insert Code > Add Business Method")

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/SecurityBean.java
@@ -19,6 +19,8 @@ import fi.insomnia.bortal.model.User;
 @Stateless
 public class SecurityBean implements SecurityBeanLocal {
+    private static final boolean DEBUG = true;
    private final Logger logger = org.slf4j.LoggerFactory.getLogger(SecurityBean.class);
    @EJB
    private LogEntryTypeFacade typeFacade;
@@ -42,6 +44,7 @@ public class SecurityBean implements SecurityBeanLocal {
    public LogEntry logMessage(User user, String description) {
        LogEntry entry = logMessage(SecurityLogType.genericMessage, user, description);
        return entry;
    }
@@ -55,20 +58,21 @@ public class SecurityBean implements SecurityBeanLocal {
        return logMessage(type, null, description);
    }
-    public LogEntry logMessage(SecurityLogType paramType, User user, String description) {
+    public LogEntry logMessage( SecurityLogType paramType, User user, String description) {
        LogEntryType type = typeFacade.findOrCreate(paramType);
-        LogEntry entry = new LogEntry();
+        LogEntry entry = new LogEntry(Calendar.getInstance());
        entry.setType(type);
-        entry.setTime(Calendar.getInstance());
        entry.setDescription(description);
        entry.setUser(user);
        entryFacade.create(entry);
+        if (DEBUG) {
+            logger.debug("SECURITY DEBUG: Type: \"{}\" user \"{}\", description \"{}\"", new String[] { paramType.name(), (user == null)?"null":user.getLogin(), description });
+        }
        return entry;
    }
    public void logPermissionDenied(User currentuser, String string) {
    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/TestDataBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/TestDataBean.java
@@ -17,6 +17,7 @@ import javax.ejb.Stateless;
 import org.slf4j.LoggerFactory;
+import fi.insomnia.bortal.enums.BeanRole;
 import fi.insomnia.bortal.facade.CompoEntryFacade;
 import fi.insomnia.bortal.facade.CompoFacade;
 import fi.insomnia.bortal.facade.BillFacade;
@@ -38,8 +39,8 @@ import fi.insomnia.bortal.model.User;
 * Session Bean implementation class TestDataBean
 */
 @Stateless
-@DeclareRoles(JaasBean.JAAS_SUPERADMINGROUP)
+// @DeclareRoles("ADMIN_BASE")
-//@RolesAllowed(JaasBean.JAAS_SUPERADMINGROUP)
+// @RolesAllowed("ADMIN_BASE")
 public class TestDataBean implements TestDataBeanLocal {
    public static final String TEST_MAP_IMAGE_NAME = "testmap.png";
@@ -64,7 +65,17 @@ public class TestDataBean implements TestDataBeanLocal {
    private BillFacade billFacade;
    @EJB
    private BillLineFacade billLineFacade;
+    @EJB
+    private RoleBeanLocal role;
+    @EJB
+    private UserBeanLocal userbean;
+   public void bootstrap()
+   {
+   }
    /**
     * Default constructor.
     */
@@ -73,6 +84,7 @@ public class TestDataBean implements TestDataBeanLocal {
    }
    public User createUser() {
        User u = new User();
        u.setActive(true);
        u.setAddress("Pallokorvankatu 1");
@@ -96,6 +108,34 @@ public class TestDataBean implements TestDataBeanLocal {
        return u;
    }
+    public User createAdmin() {
+        User u = new User();
+        u.setActive(true);
+        u.setAddress("Elite 1337");
+        u.setNick("admin");
+        Calendar bday = Calendar.getInstance();
+        bday.set(Calendar.YEAR, 1980);
+        u.setBirthday(bday);
+        u.setCreated(Calendar.getInstance());
+        u.setEmail("admin@inter.net");
+        u.setFemale(false);
+        u.setFirstnames("Asko Admin");
+        u.setLastname("admin");
+        u.setLogin("admin");
+        u.setNick("admin");
+        u.resetPassword("admin");
+        u.setPhone("1337");
+        u.setTown("Adminila");
+        u.setPostalTown("Adminila ");
+        u.setZip("6666");
+        u.setSuperadmin(true);
+        userFacade.create(u);
+        return u;
+    }
    public Bill createBill(Event e, User u) {
        Bill b = new Bill(e);
        b.setUser(u);

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/beans/UserBean.java
@@ -78,6 +78,11 @@ public class UserBean implements UserBeanLocal {
        return userFacade.findByLogin(nick);
    }
+    public boolean isCurrentUser(User user) {
+        return (context.getCallerPrincipal() == null || user == null) ? false: context.getCallerPrincipal().getName().equals(user.getNick());        
+    }
    @Override
    public User getCurrentUser(Event event) {
        Principal principal = context.getCallerPrincipal();
@@ -108,6 +113,13 @@ public class UserBean implements UserBeanLocal {
        if (user == null) {
            return false;
        }
+        //TODO: FIX THIS!! really bad idea....
+        if(user.isSuperadmin())
+        {
+            return true;
+        }
        AccessRight expectedRight = accessRightBeanLocal.findOrCreate(target);
        User dbusr = userFacade.find(user.getId());
@@ -160,4 +172,5 @@ public class UserBean implements UserBeanLocal {
    }
 }
--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryFacade.java
@@ -8,7 +8,7 @@ import fi.insomnia.bortal.model.LogEntry;
 @Stateless
 @LocalBean
-public class LogEntryFacade extends EventChildGenericFacade<LogEntry> {
+public class LogEntryFacade extends GenericFacade<Integer,LogEntry> {
    @PersistenceContext
    private EntityManager em;

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryTypeFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/LogEntryTypeFacade.java
@@ -28,8 +28,9 @@ public class LogEntryTypeFacade extends GenericFacade<Integer, LogEntryType> {
        // Fetch log entry type
        TypedQuery<LogEntryType> q = em.createNamedQuery("LogEntryType.findByName", LogEntryType.class);
-        q.setParameter("login", type.name());
+        q.setParameter("name", type.name());
-        LogEntryType logEntryType = q.getSingleResult();
+        LogEntryType logEntryType = this.getSingleNullableResult(q);
        // Might not exist yet
        if (logEntryType == null) {

--- a/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
+++ b/code/LanBortalBeans/ejbModule/fi/insomnia/bortal/facade/RoleFacade.java
@@ -6,6 +6,7 @@ import javax.persistence.EntityManager;
 import javax.persistence.PersistenceContext;
 import javax.persistence.TypedQuery;
+import fi.insomnia.bortal.enums.BeanRole;
 import fi.insomnia.bortal.model.Event;
 import fi.insomnia.bortal.model.Role;
@@ -13,7 +14,7 @@ import fi.insomnia.bortal.model.Role;
 @LocalBean
 public class RoleFacade extends EventChildGenericFacade<Role> {
-    private static final String PUBLIC_ROLE_NAME = "public";
+    private static final String PUBLIC_ROLE_NAME = BeanRole.ANONYMOUS.toString();
    @PersistenceContext
    private EntityManager em;
@@ -24,7 +25,7 @@ public class RoleFacade extends EventChildGenericFacade<Role> {
    protected EntityManager getEm() {
        return em;
    }
    public Role findByName(String name) {
        TypedQuery<Role> q = em.createNamedQuery("Role.findByRoleName", Role.class);
        q.setParameter("name", name);

--- a/code/LanBortalBeansClient/.classpath
+++ b/code/LanBortalBeansClient/.classpath
@@ -4,13 +4,14 @@
 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
 	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/com.sun.enterprise.jst.server.runtimeTarget/GlassFish v3 Java EE 6">
 		<attributes>
-			<attribute name="owner.project.facets" value="jst.utility"/>
+			<attribute name="owner.project.facets" value="#system#;jst.utility"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.launching.macosx.MacOSXType/JVM 1.6">
 		<attributes>
-			<attribute name="owner.project.facets" value="jst.java"/>
+			<attribute name="owner.project.facets" value="java"/>
 		</attributes>
 	</classpathentry>
+	<classpathentry kind="src" path="/LanBortalAuthModule"/>
 	<classpathentry kind="output" path="ejbModule"/>
 </classpath>
--- a/code/LanBortalBeansClient/.settings/org.eclipse.jdt.core.prefs
+++ b/code/LanBortalBeansClient/.settings/org.eclipse.jdt.core.prefs
-#Sun Mar 07 12:30:50 EET 2010
+#Thu Jun 10 02:19:46 EEST 2010
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.5
 org.eclipse.jdt.core.compiler.compliance=1.5
@@ -7,9 +7,10 @@ org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.source=1.5
 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=0
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=1
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
 org.eclipse.jdt.core.formatter.alignment_for_assignment=0
 org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
@@ -17,6 +18,7 @@ org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
 org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=80
 org.eclipse.jdt.core.formatter.alignment_for_enum_constants=0
 org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
+org.eclipse.jdt.core.formatter.alignment_for_method_declaration=0
 org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
@@ -61,10 +63,15 @@ org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
 org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
 org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=insert
 org.eclipse.jdt.core.formatter.comment.line_length=80
+org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
+org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
 org.eclipse.jdt.core.formatter.compact_else_if=true
 org.eclipse.jdt.core.formatter.continuation_indentation=2
 org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
+org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
+org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
 org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
+org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
@@ -79,6 +86,7 @@ org.eclipse.jdt.core.formatter.indentation.size=8
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
@@ -261,5 +269,7 @@ org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1
 org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=true
 org.eclipse.jdt.core.formatter.tabulation.char=space
 org.eclipse.jdt.core.formatter.tabulation.size=4
+org.eclipse.jdt.core.formatter.use_on_off_tags=false
 org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
 org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
+org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
--- a/code/LanBortalBeansClient/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/code/LanBortalBeansClient/.settings/org.eclipse.wst.common.project.facet.core.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <faceted-project>
+  <runtime name="GlassFish v3 Java EE 6"/>
  <fixed facet="jst.utility"/>
  <fixed facet="jst.java"/>
  <installed facet="jst.java" version="5.0"/>

--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/JaasBeanRemote.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/JaasBeanRemote.java
 package fi.insomnia.bortal.beans;
-import java.util.Enumeration;
 import javax.ejb.Remote;
-@Remote
+import fi.insomnia.bortal.RealmBeanRemote;
-public interface JaasBeanRemote {
-    boolean authenticate(String username, String password);
+@Remote
+public interface JaasBeanRemote extends RealmBeanRemote{
-    Enumeration<String> getGroupNames(String user);
 }
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/TestDataBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/TestDataBeanLocal.java
@@ -26,4 +26,6 @@ public interface TestDataBeanLocal {
    void generateTestCompos(Event event);
+    User createAdmin();
 }
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/beans/UserBeanLocal.java
@@ -27,4 +27,7 @@ public interface UserBeanLocal {
    boolean hasPermission(Permission target, User user, RolePermission permission);
+    boolean isCurrentUser(User thisuser);
 }
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Role.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Role.java
@@ -3,7 +3,7 @@ package fi.insomnia.bortal.enums;
 import java.util.HashSet;
 import java.util.Set;
-public enum Role {
+public enum BeanRole {
    // Bean level access
    ANONYMOUS, // Unauthenticated web user
@@ -17,9 +17,9 @@ public enum Role {
    ;
    private boolean inDatabase;
-    private Set<Role> parents = new HashSet<Role>();
+    private Set<BeanRole> parents = new HashSet<BeanRole>();
-    Role() {
+    BeanRole() {
    }
    /**
@@ -27,8 +27,8 @@ public enum Role {
     * 
     * @param parent
     */
-    Role(Role... parent) {
+    BeanRole(BeanRole... parent) {
-        for (Role role : parent) {
+        for (BeanRole role : parent) {
            parents.add(role);
        }
    }
@@ -42,7 +42,7 @@ public enum Role {
     * @param parent
     *            default (create time) parent roles
     */
-    Role(boolean inDb, Role... parent) {
+    BeanRole(boolean inDb, BeanRole... parent) {
        this(parent);
        this.inDatabase = inDb;
    }
@@ -56,7 +56,7 @@ public enum Role {
     * 
     * @return
     */
-    public Set<Role> getParents() {
+    public Set<BeanRole> getParents() {
        return parents;
    }
 }
--- a/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Permission.java
+++ b/code/LanBortalBeansClient/ejbModule/fi/insomnia/bortal/enums/Permission.java
@@ -4,8 +4,6 @@
 */
 package fi.insomnia.bortal.enums;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 /**
 * 
@@ -15,16 +13,14 @@ public enum Permission {
    PERMISSION("Description"),
    LOGIN("User can see loginbutton. (only defaultuser should have permission to that one)"),
-    userManagement;
+    USER_MANAGEMENT("User has right to manage users.... ");
-    private static final Logger logger = LoggerFactory.getLogger(Permission.class);
    private String description;
    public static Permission getPermission(String name) {
        try {
            return valueOf(name);
        } catch (IllegalArgumentException x) {
-            logger.error("There is no permission named: " + name);
            throw x;
        }
    }

--- a/code/LanBortalDatabase/.settings/org.eclipse.jdt.core.prefs
+++ b/code/LanBortalDatabase/.settings/org.eclipse.jdt.core.prefs
-#Sun Mar 07 12:30:58 EET 2010
+#Thu Jun 10 02:19:46 EEST 2010
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
@@ -12,9 +12,10 @@ org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.source=1.6
 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=0
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=1
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
 org.eclipse.jdt.core.formatter.alignment_for_assignment=0
 org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
@@ -22,6 +23,7 @@ org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
 org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=80
 org.eclipse.jdt.core.formatter.alignment_for_enum_constants=0
 org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
+org.eclipse.jdt.core.formatter.alignment_for_method_declaration=0
 org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
@@ -66,10 +68,15 @@ org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
 org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
 org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=insert
 org.eclipse.jdt.core.formatter.comment.line_length=80
+org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
+org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
 org.eclipse.jdt.core.formatter.compact_else_if=true
 org.eclipse.jdt.core.formatter.continuation_indentation=2
 org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
+org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
+org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
 org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
+org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
@@ -84,6 +91,7 @@ org.eclipse.jdt.core.formatter.indentation.size=8
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
@@ -266,5 +274,7 @@ org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1
 org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=true
 org.eclipse.jdt.core.formatter.tabulation.char=space
 org.eclipse.jdt.core.formatter.tabulation.size=4
+org.eclipse.jdt.core.formatter.use_on_off_tags=false
 org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
 org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
+org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
--- a/code/LanBortalDatabase/src/META-INF/persistence.xml
+++ b/code/LanBortalDatabase/src/META-INF/persistence.xml
@@ -6,6 +6,7 @@
      <property name="eclipselink.ddl-generation" value="drop-and-create-tables"/>
      <property name="eclipselink.ddl-generation.output-mode" value="both"/>
      <property name="eclipselink.cache.type.default" value="NONE"/>
    </properties>
  </persistence-unit>
 </persistence>
--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Event.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Event.java
@@ -48,6 +48,8 @@ public class Event implements ModelInterface<Integer> {
    @Temporal(TemporalType.TIMESTAMP)
    private Calendar startTime;
    @Column(name = "end_time")
    @Temporal(TemporalType.TIMESTAMP)
    private Calendar endTime;
@@ -74,6 +76,10 @@ public class Event implements ModelInterface<Integer> {
    @ManyToOne(optional = false)
    private EventStatus status;
+    @OneToMany(mappedBy="parentEvent")
+    private List<LogEntry> logEntries;
    @JoinColumns( {
            @JoinColumn(name = "default_role_id", referencedColumnName = "id"),
            @JoinColumn(name = "event_id", referencedColumnName = "event_id", nullable = false, updatable = false, insertable = false) })
@@ -297,4 +303,14 @@ public class Event implements ModelInterface<Integer> {
    public Integer getReferenceNumberBase() {
        return referenceNumberBase;
    }
+    public void setLogEntries(List<LogEntry> logEntries) {
+        this.logEntries = logEntries;
+    }
+    public List<LogEntry> getLogEntries() {
+        return logEntries;
+    }
 }
--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/LogEntry.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/LogEntry.java
@@ -11,6 +11,9 @@ import java.util.Calendar;
 import javax.persistence.Column;
 import javax.persistence.EmbeddedId;
 import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.GenerationType;
+import javax.persistence.Id;
 import javax.persistence.JoinColumn;
 import javax.persistence.Lob;
 import javax.persistence.ManyToOne;
@@ -29,13 +32,18 @@ import javax.persistence.Version;
        @NamedQuery(name = "LogEntry.findAll", query = "SELECT l FROM LogEntry l"),
        @NamedQuery(name = "LogEntry.findByTime", query = "SELECT l FROM LogEntry l WHERE l.time = :time"),
        @NamedQuery(name = "LogEntry.findByDescription", query = "SELECT l FROM LogEntry l WHERE l.description = :description") })
-public class LogEntry implements EventChildInterface {
+public class LogEntry implements ModelInterface<Integer> {
    private static final long serialVersionUID = 1L;
-    @EmbeddedId
+    @Id
-    private EventPk id;
+    @Column(name = "log_id", nullable = false)
+    @GeneratedValue(strategy = GenerationType.IDENTITY)
+    private Integer id;
+    @ManyToOne
+    private Event parentEvent;
    @Column(name = "event_time", nullable = false)
    @Temporal(TIMESTAMP)
    private Calendar time = Calendar.getInstance();
@@ -56,15 +64,10 @@ public class LogEntry implements EventChildInterface {
    @Column(nullable = false)
    private int jpaVersionField = 0;
-    public LogEntry() {
+    public LogEntry()
-    }
+    {}
-    public LogEntry(Event event) {
+    public LogEntry(Calendar eventTime) {
-        this.id = new EventPk(event);
-    }
-    public LogEntry(Event event, Calendar eventTime) {
-        this(event);
        this.time = eventTime;
    }
@@ -127,22 +130,7 @@ public class LogEntry implements EventChildInterface {
        return "fi.insomnia.bortal.model.LogEntry[eventLogId=" + getId() + "]";
    }
-    /**
-     * @return the id
-     */
-    @Override
-    public EventPk getId() {
-        return id;
-    }
-    /**
-     * @param id
-     *            the id to set
-     */
-    @Override
-    public void setId(EventPk id) {
-        this.id = id;
-    }
    /**
     * @return the jpaVersionField
@@ -160,4 +148,22 @@ public class LogEntry implements EventChildInterface {
    public void setJpaVersionField(int jpaVersionField) {
        this.jpaVersionField = jpaVersionField;
    }
+    @Override
+    public Integer getId() {
+       return id;
+    }
+    @Override
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public void setParentEvent(Event parentEvent) {
+        this.parentEvent = parentEvent;
+    }
+    public Event getParentEvent() {
+        return parentEvent;
+    }
 }
--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/LogEntryType.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/LogEntryType.java
@@ -35,7 +35,7 @@ public class LogEntryType implements ModelInterface<Integer> {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
-    @Column(name = "event_log_type_id", nullable = false)
+    @Column(name = "id", nullable = false)
    private Integer id;
    /**

--- a/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Role.java
+++ b/code/LanBortalDatabase/src/fi/insomnia/bortal/model/Role.java
@@ -61,8 +61,8 @@ public class Role implements EventChildInterface {
    private List<RoleRight> roleRights;
    @JoinColumns( {
-            @JoinColumn(name = "card_template_id", referencedColumnName = "id", nullable = false, updatable = false, insertable = false),
+            @JoinColumn(name = "card_template_id", referencedColumnName = "id",  updatable = false, insertable = false),
-            @JoinColumn(name = "event_id", referencedColumnName = "event_id", nullable = false, updatable = false, insertable = false) })
+            @JoinColumn(name = "event_id", referencedColumnName = "event_id",  updatable = false, insertable = false) })
    @ManyToOne
    private CardTemplate cardTemplate;

--- a/code/LanBortalUtilities/.classpath
+++ b/code/LanBortalUtilities/.classpath
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
 	<classpathentry kind="src" path="src"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
+	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/com.sun.enterprise.jst.server.runtimeTarget/GlassFish v3 Java EE 6">
+		<attributes>
+			<attribute name="owner.project.facets" value="jst.utility"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.launching.macosx.MacOSXType/JVM 1.6">
+		<attributes>
+			<attribute name="owner.project.facets" value="java"/>
+		</attributes>
+	</classpathentry>
 	<classpathentry kind="output" path="build/classes"/>
 </classpath>
--- a/code/LanBortalUtilities/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/code/LanBortalUtilities/.settings/org.eclipse.wst.common.project.facet.core.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <faceted-project>
+  <runtime name="GlassFish v3 Java EE 6"/>
  <fixed facet="jst.java"/>
  <fixed facet="jst.utility"/>
  <installed facet="jst.java" version="6.0"/>

--- a/code/LanBortalWeb/.classpath
+++ b/code/LanBortalWeb/.classpath
@@ -5,12 +5,12 @@
 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.module.container"/>
 	<classpathentry kind="con" path="org.eclipse.jst.server.core.container/com.sun.enterprise.jst.server.runtimeTarget/GlassFish v3 Java EE 6">
 		<attributes>
-			<attribute name="owner.project.facets" value="jst.web"/>
+			<attribute name="owner.project.facets" value="#system#;jst.web"/>
 		</attributes>
 	</classpathentry>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER">
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.launching.macosx.MacOSXType/JVM 1.6">
 		<attributes>
-			<attribute name="owner.project.facets" value="jst.java"/>
+			<attribute name="owner.project.facets" value="java"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="output" path="build/classes"/>

--- a/code/LanBortalWeb/.settings/org.eclipse.jdt.core.prefs
+++ b/code/LanBortalWeb/.settings/org.eclipse.jdt.core.prefs
-#Sun Mar 07 12:33:11 EET 2010
+#Thu Jun 10 02:19:46 EEST 2010
 eclipse.preferences.version=1
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
 org.eclipse.jdt.core.compiler.compliance=1.6
@@ -7,9 +7,10 @@ org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.source=1.6
 org.eclipse.jdt.core.formatter.align_type_members_on_columns=false
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_allocation_expression=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_annotation=0
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_enum_constant=16
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_explicit_constructor_call=16
-org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=16
+org.eclipse.jdt.core.formatter.alignment_for_arguments_in_method_invocation=1
 org.eclipse.jdt.core.formatter.alignment_for_arguments_in_qualified_allocation_expression=16
 org.eclipse.jdt.core.formatter.alignment_for_assignment=0
 org.eclipse.jdt.core.formatter.alignment_for_binary_expression=16
@@ -17,6 +18,7 @@ org.eclipse.jdt.core.formatter.alignment_for_compact_if=16
 org.eclipse.jdt.core.formatter.alignment_for_conditional_expression=80
 org.eclipse.jdt.core.formatter.alignment_for_enum_constants=0
 org.eclipse.jdt.core.formatter.alignment_for_expressions_in_array_initializer=16
+org.eclipse.jdt.core.formatter.alignment_for_method_declaration=0
 org.eclipse.jdt.core.formatter.alignment_for_multiple_fields=16
 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_constructor_declaration=16
 org.eclipse.jdt.core.formatter.alignment_for_parameters_in_method_declaration=16
@@ -61,10 +63,15 @@ org.eclipse.jdt.core.formatter.comment.indent_root_tags=true
 org.eclipse.jdt.core.formatter.comment.insert_new_line_before_root_tags=insert
 org.eclipse.jdt.core.formatter.comment.insert_new_line_for_parameter=insert
 org.eclipse.jdt.core.formatter.comment.line_length=80
+org.eclipse.jdt.core.formatter.comment.new_lines_at_block_boundaries=true
+org.eclipse.jdt.core.formatter.comment.new_lines_at_javadoc_boundaries=true
 org.eclipse.jdt.core.formatter.compact_else_if=true
 org.eclipse.jdt.core.formatter.continuation_indentation=2
 org.eclipse.jdt.core.formatter.continuation_indentation_for_array_initializer=2
+org.eclipse.jdt.core.formatter.disabling_tag=@formatter\:off
+org.eclipse.jdt.core.formatter.enabling_tag=@formatter\:on
 org.eclipse.jdt.core.formatter.format_guardian_clause_on_one_line=false
+org.eclipse.jdt.core.formatter.format_line_comment_starting_on_first_column=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_annotation_declaration_header=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_constant_header=true
 org.eclipse.jdt.core.formatter.indent_body_declarations_compare_to_enum_declaration_header=true
@@ -79,6 +86,7 @@ org.eclipse.jdt.core.formatter.indentation.size=8
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_local_variable=insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_member=insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_annotation_on_parameter=do not insert
+org.eclipse.jdt.core.formatter.insert_new_line_after_label=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_after_opening_brace_in_array_initializer=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_at_end_of_file_if_missing=do not insert
 org.eclipse.jdt.core.formatter.insert_new_line_before_catch_in_try_statement=do not insert
@@ -261,5 +269,7 @@ org.eclipse.jdt.core.formatter.number_of_empty_lines_to_preserve=1
 org.eclipse.jdt.core.formatter.put_empty_statement_on_new_line=true
 org.eclipse.jdt.core.formatter.tabulation.char=space
 org.eclipse.jdt.core.formatter.tabulation.size=4
+org.eclipse.jdt.core.formatter.use_on_off_tags=false
 org.eclipse.jdt.core.formatter.use_tabs_only_for_leading_indentations=false
 org.eclipse.jdt.core.formatter.wrap_before_binary_operator=true
+org.eclipse.jdt.core.formatter.wrap_outer_expressions_when_nested=true
--- a/code/LanBortalWeb/.settings/org.eclipse.wst.common.project.facet.core.xml
+++ b/code/LanBortalWeb/.settings/org.eclipse.wst.common.project.facet.core.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <faceted-project>
+  <runtime name="GlassFish v3 Java EE 6"/>
  <fixed facet="jst.web"/>
  <fixed facet="jst.java"/>
  <installed facet="jst.java" version="6.0"/>

--- a/code/LanBortalWeb/.settings/org.eclipse.wst.xsl.core.prefs
+++ b/code/LanBortalWeb/.settings/org.eclipse.wst.xsl.core.prefs
+#Thu Jun 10 02:02:19 EEST 2010
+CHECK_CALL_TEMPLATES=2
+CHECK_XPATHS=2
+CIRCULAR_REF=2
+DUPLICATE_PARAMETER=2
+EMPTY_PARAM=1
+MISSING_INCLUDE=2
+MISSING_PARAM=1
+NAME_ATTRIBUTE_EMPTY=2
+NAME_ATTRIBUTE_MISSING=2
+TEMPLATE_CONFLICT=2
+eclipse.preferences.version=1
--- a/code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
+++ b/code/LanBortalWeb/WebContent/WEB-INF/sun-web.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 Servlet 2.5//EN" "http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
-<sun-web-app error-url="">
+<sun-web-app error-url="/auth/login.jsf">
 	<context-root>/LanBortalWeb</context-root>
 	<security-role-mapping>
-		<role-name>admin</role-name>
+		<role-name>SUPERADMIN</role-name>
-		<group-name>admin</group-name>
+		<group-name>SUPERADMIN</group-name>
 	</security-role-mapping>
 	<security-role-mapping>
-		<role-name>user</role-name>
+		<role-name>ADMIN_BASE</role-name>
-		<group-name>user</group-name>
+		<group-name>ADMIN_BASE</group-name>
 	</security-role-mapping>
+	<security-role-mapping>
+		<role-name>USER_BASE</role-name>
+		<group-name>USER_BASE</group-name>
+	</security-role-mapping>
 	<class-loader delegate="true" />
 	<jsp-config>
 		<property name="keepgenerated" value="true">

--- a/code/LanBortalWeb/WebContent/WEB-INF/web.xml
+++ b/code/LanBortalWeb/WebContent/WEB-INF/web.xml
 <?xml version="1.0" encoding="UTF-8"?>
 <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
 	<display-name>LanBortalWeb</display-name>
+	<session-config>
+		<session-timeout>30</session-timeout>
+	</session-config>
 	<context-param>
 		<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
 		<param-value>true</param-value>
@@ -44,10 +47,13 @@
 		</form-login-config>
 	</login-config>
 	<security-role>
-		<role-name>admin</role-name>
+		<role-name>SUPERADMIN</role-name>
 	</security-role>
 	<security-role>
-		<role-name>user</role-name>
+		<role-name>USER_BASE</role-name>
+	</security-role>
+	<security-role>
+		<role-name>ADMIN_BASE</role-name>
 	</security-role>
 	<security-constraint>
 		<web-resource-collection>
@@ -68,4 +74,13 @@
 		<servlet-name>PrintBill</servlet-name>
 		<url-pattern>/PrintBill</url-pattern>
 	</servlet-mapping>
+	<error-page>
+		<error-code>401</error-code>
+		<location>/auth/notauthorized.jsf</location>
+	</error-page>
+	<error-page>
+		<error-code>403</error-code>
+		<location>/auth/notauthorized.jsf</location>
+	</error-page>
 </web-app>
\ No newline at end of file
--- a/code/LanBortalWeb/WebContent/auth/login.xhtml
+++ b/code/LanBortalWeb/WebContent/auth/login.xhtml
@@ -5,7 +5,7 @@
 xmlns:ui="http://java.sun.com/jsf/facelets" 
 xmlns:h="http://java.sun.com/jsf/html"
 xmlns:f="http://java.sun.com/jsf/core" 
-xmlns:tools="http://java.sun.com/jsf/composite/tools" 
+xmlns:login="http://java.sun.com/jsf/composite/tools/login" 
 xmlns:c="http://java.sun.com/jsp/jstl/core">
 <h:head>
 	<title></title>
@@ -16,7 +16,7 @@ xmlns:c="http://java.sun.com/jsp/jstl/core">
 		<ui:define name="header">Add new user</ui:define>
 		<ui:define name="content">
-		<tools:login />
+		<login:login />
 		</ui:define>
 		<ui:define name="footer">footer</ui:define>
 	</ui:composition>

--- a/code/LanBortalWeb/WebContent/auth/loginError.xhtml
+++ b/code/LanBortalWeb/WebContent/auth/loginError.xhtml
 <!DOCTYPE html 
     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xmlns:ui="http://java.sun.com/jsf/facelets" xmlns:h="http://java.sun.com/jsf/html" xmlns:f="http://java.sun.com/jsf/core" xmlns:tools="http://java.sun.com/jsf/composite/tools" xmlns:c="http://java.sun.com/jsp/jstl/core">
+<html xmlns="http://www.w3.org/1999/xhtml" 
+xmlns:ui="http://java.sun.com/jsf/facelets" 
+xmlns:h="http://java.sun.com/jsf/html" 
+xmlns:f="http://java.sun.com/jsf/core" 
+xmlns:tools="http://java.sun.com/jsf/composite/tools/auth" 
+xmlns:c="http://java.sun.com/jsp/jstl/core">
 <h:head>
 	<title></title>
 </h:head>

--- a/code/LanBortalWeb/WebContent/auth/logout.xhtml
+++ b/code/LanBortalWeb/WebContent/auth/logout.xhtml
@@ -11,7 +11,7 @@
 		<ui:define name="header">Add new user</ui:define>
 		<ui:define name="content">
 			<h:outputText value="#{i18n['logoutmessage'] }" />
-			${userView.logout() }
+			${sessionHandler.logout() }
 		</ui:define>
 		<ui:define name="footer">footer</ui:define>
 	</ui:composition>

--- a/code/LanBortalWeb/WebContent/auth/notauthorized.jsf
+++ b/code/LanBortalWeb/WebContent/auth/notauthorized.jsf
+<!DOCTYPE html 
+     PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" 
+xmlns:ui="http://java.sun.com/jsf/facelets" 
+xmlns:h="http://java.sun.com/jsf/html" 
+xmlns:f="http://java.sun.com/jsf/core" 
+xmlns:login="http://java.sun.com/jsf/composite/tools/login" 
+xmlns:tools="http://java.sun.com/jsf/composite/tools" 
+xmlns:c="http://java.sun.com/jsp/jstl/core">
+<h:head>
+	<title></title>
+</h:head>
+<h:body>
+	<ui:composition template="/layout/default-template.xhtml">
+		<ui:define name="title">Not authorized!</ui:define>
+		<ui:define name="header">Not authorized!</ui:define>
+		<ui:define name="content">
+			<h:outputText value="#{i18n['notauth.notauthorized'] }" />
+		</ui:define>
+		<ui:define name="footer">footer</ui:define>
+	</ui:composition>
+</h:body>
+</html>
\ No newline at end of file
--- a/code/LanBortalWeb/WebContent/generateTestData.xhtml
+++ b/code/LanBortalWeb/WebContent/generateTestData.xhtml
@@ -14,7 +14,8 @@
            <br />
            <br />
            <h:commandButton value="print places debug info" action="#{TestDataView.printPlacesInfo}" />
-        </h:form>
+             <br />
+             </h:form>
    </h:body>
 </html>
--- a/code/LanBortalWeb/WebContent/resources/tools/canExecute.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/canExecute.xhtml
@@ -17,7 +17,7 @@
 <composite:implementation>
 	<c:choose>
-		<c:when test='#{sessionHandler.canExecute(target) }'>
+		<c:when test='#{sessionHandler.canExecute(cc.attrs.target) }'>
 			<composite:insertChildren />
 		</c:when>
 		<c:otherwise>

--- a/code/LanBortalWeb/WebContent/resources/tools/canWrite.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/canWrite.xhtml
@@ -17,7 +17,7 @@
 <composite:implementation>
 	<c:choose>
-		<c:when test='#{sessionHandler.canWrite(target) }'>
+		<c:when test='#{sessionHandler.canWrite(cc.attrs.target) }'>
 			<composite:insertChildren />
 		</c:when>
 		<c:otherwise>

--- a/code/LanBortalWeb/WebContent/resources/tools/login/login.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/login/login.xhtml
@@ -14,7 +14,7 @@
    </composite:interface>
    <composite:implementation>
-        <form>
+        <form action="j_security_check" method="post">
            <c:choose>
                <c:when test="#{not empty cc.attrs.isOneliner}">

--- a/code/LanBortalWeb/WebContent/resources/tools/user/list.xhtml
+++ b/code/LanBortalWeb/WebContent/resources/tools/user/list.xhtml
@@ -16,7 +16,7 @@
    <composite:implementation>
-        <tools:canRead target="userManagement" >
+        <tools:canRead target="USER_MANAGEMENT" >
            <h:form>
                <h:dataTable
                    border="1"
@@ -66,7 +66,7 @@
                        <h:outputText value="#{user.female}" />
                    </h:column>
-                    <tools:canWrite target="userManagement" >
+                    <tools:canWrite target="USER_MANAGEMENT" >
                        <h:column>
                            <f:facet name="header">
                                <h:outputText value="Edit" />
@@ -81,6 +81,7 @@
            </h:form>
        </tools:canRead>
    </composite:implementation>

--- a/code/LanBortalWeb/WebContent/user/list.xhtml
+++ b/code/LanBortalWeb/WebContent/user/list.xhtml
@@ -16,7 +16,7 @@
 		<ui:define name="header">Edit user</ui:define>
 		<ui:define name="content">
-			<h:outputText value="productlist"/>
+			<h:outputText value="${i18n['userlist.title']}"/>
 			<users:list />	
 		</ui:define>

--- a/code/LanBortalWeb/src/fi/insomnia/bortal/HostnameFilter.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/HostnameFilter.java
 package fi.insomnia.bortal;
 import java.io.IOException;
+import java.security.AccessController;
+import javax.ejb.AccessLocalException;
+import javax.ejb.EJBAccessException;
+import javax.security.auth.Subject;
 import javax.servlet.Filter;
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -8,6 +13,7 @@ import javax.servlet.ServletException;
 import javax.servlet.ServletRequest;
 import javax.servlet.ServletResponse;
 import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import org.slf4j.Logger;
@@ -39,16 +45,18 @@ public class HostnameFilter implements Filter {
     * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
     */
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
+        HttpServletRequest httpRequest = null;
        if (request != null && request instanceof HttpServletRequest) {
-            HttpServletRequest httpRequest = ((HttpServletRequest) request);
+            httpRequest = ((HttpServletRequest) request);
            StringBuffer url = httpRequest.getRequestURL();
+            Subject subj = Subject.getSubject(AccessController.getContext());
            logger.warn("request URL: {}", url);
            int beginindex = 7; // Let's skip http://
-            int slashindex = url.indexOf("/", beginindex); // Find the first
+            int slashindex = url.indexOf("/", beginindex);
-                                                           // / from URL
+            // Find the first / from URL after http://
-                                                           // after http://
            int colonindex = url.indexOf(":", beginindex);
            int lastindex = slashindex;
            if (slashindex > colonindex) {
@@ -60,12 +68,22 @@ public class HostnameFilter implements Filter {
            logger.warn("begin: {}, last {}", beginindex, lastindex);
            String hostname = url.substring(beginindex, lastindex);
            logger.info("Setting hostname to {} ", hostname);
-            httpRequest.getSession().setAttribute(HTTP_URL_HOSTNAME, hostname);
+            httpRequest.getSession().setAttribute(
+                    HTTP_URL_HOSTNAME, hostname);
        }
        // pass the request along the filter chain
        chain.doFilter(request, response);
    }
+    private void error401(ServletResponse response) throws IOException {
+        if (response instanceof HttpServletResponse) {
+            ((HttpServletResponse) response).sendError(401);
+        } else {
+            logger.warn("Error sending errorcode! response not http but {}" + response.getClass());
+        }
+    }
    /**
     * @see Filter#init(FilterConfig)
     */
@@ -82,6 +100,5 @@ public class HostnameFilter implements Filter {
        }
        return ret;
    }
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/handler/SessionHandler.java
@@ -11,6 +11,9 @@ import javax.faces.bean.SessionScoped;
 import javax.faces.context.FacesContext;
 import javax.servlet.http.HttpSession;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.HostnameFilter;
 import fi.insomnia.bortal.beans.EventBeanLocal;
 import fi.insomnia.bortal.beans.SecurityBeanLocal;
@@ -29,9 +32,11 @@ import fi.insomnia.bortal.model.User;
 @SessionScoped
 public class SessionHandler {
+    private static final Logger logger = LoggerFactory.getLogger(SessionHandler.class);
    @EJB
    private JaasBeanLocal handlerbean;
-    private User user = null;
+    private User thisuser = null;
    @EJB
    private SecurityBeanLocal secubean;
    @EJB
@@ -80,8 +85,6 @@ public class SessionHandler {
        if (target == null || target.isEmpty()) {
            throw new RuntimeException("Empty target");
        }
        return userbean.hasPermission(Permission.getPermission(target), getUser(), permission);
    }
@@ -98,13 +101,15 @@ public class SessionHandler {
        return hasPermission(target, RolePermission.EXECUTE);
    }
-    public void setUser(User user) {
+    private boolean impersonating = false;
+    public void impersonateUser(User user) {
        if (user == null) {
-            this.user = getUser();
+            this.thisuser = getUser();
+            impersonating = false;
        } else if (canExecute("user")) {
            secubean.logMessage(userbean.getCurrentUser(getCurrentEvent()), "Successfully impersonating user id: " + user.getId() + " and login: " + user.getLogin());
-            this.user = user;
+            this.thisuser = user;
+            impersonating = true;
        } else {
            secubean.logMessage(userbean.getCurrentUser(getCurrentEvent()), "User tried to impersonate as id: " + user.getId() + " login: " + user.getLogin() + " but did not have enough rights");
        }
@@ -112,21 +117,24 @@ public class SessionHandler {
    public User getUser() {
-        if (user == null) {
+        boolean iscurruser = userbean.isCurrentUser(thisuser);
-            user = userbean.getCurrentUser(getCurrentEvent());
+        logger.debug("Current user {}", (thisuser == null)?"null":thisuser.getNick() );
+        if (thisuser == null || (!impersonating && !iscurruser)) {
+            thisuser = userbean.getCurrentUser(getCurrentEvent());
        }
-        return user;
+        return thisuser;
    }
    public String logout() {
-        user = null;
        FacesContext ctx = FacesContext.getCurrentInstance();
        HttpSession sess = (HttpSession) ctx.getExternalContext().getSession(false);
        if (sess != null) {
            sess.invalidate();
        }
+        thisuser = null;
        return "logout";
    }
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/view/TestDataView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/view/TestDataView.java
@@ -10,6 +10,7 @@ import javax.faces.bean.ManagedProperty;
 import javax.faces.bean.RequestScoped;
 import fi.insomnia.bortal.beans.TestDataBeanLocal;
+import fi.insomnia.bortal.beans.UserBeanLocal;
 import fi.insomnia.bortal.handler.SessionHandler;
 import fi.insomnia.bortal.model.Event;
 import fi.insomnia.bortal.model.EventMap;
@@ -25,6 +26,8 @@ public class TestDataView {
    @EJB
    private TestDataBeanLocal testdatabean;
+    @EJB
+    private UserBeanLocal userbean;
    @ManagedProperty("#{sessionHandler}")
    private SessionHandler sessionhandler;
@@ -33,6 +36,8 @@ public class TestDataView {
        Event event = getSessionhandler().getCurrentEvent();
        User user = testdatabean.createUser();
+        User admin = testdatabean.createAdmin();
        testdatabean.createBill(event, user);
        EventMap map = testdatabean.generateTestMap(event);
        testdatabean.generateTestPlaces(map);
@@ -57,5 +62,6 @@ public class TestDataView {
        return null;
    }
 }
--- a/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
+++ b/code/LanBortalWeb/src/fi/insomnia/bortal/view/UserView.java
@@ -14,6 +14,7 @@ import org.slf4j.LoggerFactory;
 import fi.insomnia.bortal.beans.SecurityBeanLocal;
 import fi.insomnia.bortal.beans.JaasBeanLocal;
 import fi.insomnia.bortal.beans.UserBeanLocal;
+import fi.insomnia.bortal.enums.Permission;
 import fi.insomnia.bortal.exceptions.PermissionDeniedException;
 import fi.insomnia.bortal.handler.SessionHandler;
 import fi.insomnia.bortal.model.User;
@@ -48,7 +49,7 @@ public class UserView {
    }
    public String createUser() {
-        if (!getSessionhandler().canWrite("userManagement")) {
+        if (!getSessionhandler().canWrite(Permission.USER_MANAGEMENT.name())) {
            // Give message to administration what happened here.
            throw new PermissionDeniedException(securitybean, getSessionhandler().getUser(), "User " + getSessionhandler().getUser() + " does not have permission to create user!");
        }
@@ -86,6 +87,7 @@ public class UserView {
    public String getLogin() {
        return login;
    }
    public void setLogin(String login) {
        this.login = login;