From 2337072ac18b66e523818702ba6dce6b462472b1 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <tlenz@iaik.tugraz.at>
Date: Thu, 8 Aug 2013 15:50:28 +0200
Subject: MOA-ID Configuration Tool Beta

---
 .../moa/id/configuration/Constants.java            |   3 +
 .../id/configuration/auth/AuthenticatedUser.java   |  18 +-
 .../id/configuration/data/UserDatabaseFrom.java    | 237 +++++++++++++
 .../id/configuration/data/oa/OAGeneralConfig.java  |   3 +
 .../configuration/filter/AuthenticationFilter.java |   4 +-
 .../configuration/helper/AuthenticationHelper.java |  35 ++
 .../struts/action/ImportExportAction.java          | 353 ++++++++++++++++++++
 .../configuration/struts/action/IndexAction.java   | 141 +++++++-
 .../struts/action/UserManagementAction.java        | 368 ++++++++++++++++++++-
 .../validation/UserDatabaseFormValidator.java      | 147 ++++++++
 10 files changed, 1289 insertions(+), 20 deletions(-)
 create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
 create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java
 create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
 create mode 100644 id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java

(limited to 'id/ConfigWebTool/src/main/java/at/gv/egovernment')

diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
index 8ef3ec2f0..d088edf34 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/Constants.java
@@ -23,4 +23,7 @@ public class Constants {
 	
 	public static final String MOA_CONFIG_PROTOCOL_SAML1 = "id_saml1";
 	public static final String MOA_CONFIG_PROTOCOL_PVP2 = "id_pvp2x";
+	
+	public static final String DEFAULT_LOCALBKU_URL = "https://127.0.0.1:3496/https-security-layer-request";
+	public static final String DEFAULT_HANDYBKU_URL = "https://www.handy-signatur.at/mobile/https-security-layer-request/default.aspx";
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
index 3ff48e92b..8f75a357c 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/auth/AuthenticatedUser.java
@@ -10,17 +10,19 @@ public class AuthenticatedUser {
 	private long userID;
 	private String givenName;
 	private String familyName;
+	private String userName;
 	private Date lastLogin;
 
 	public AuthenticatedUser() {
 		
 	}
 	
-	public AuthenticatedUser(long userID, String givenName, String familyName,
+	public AuthenticatedUser(long userID, String givenName, String familyName, String userName,
 			boolean isAuthenticated, boolean isAdmin) {
 		
 		this.familyName = familyName;
 		this.givenName = givenName;
+		this.userName = userName;
 		this.userID = userID;
 		this.isAdmin = isAdmin;
 		this.isAuthenticated = isAuthenticated;
@@ -110,6 +112,20 @@ public class AuthenticatedUser {
 	public void setLastLogin(Date lastLogin) {
 		this.lastLogin = lastLogin;
 	}
+
+	/**
+	 * @return the userName
+	 */
+	public String getUserName() {
+		return userName;
+	}
+
+	/**
+	 * @param userName the userName to set
+	 */
+	public void setUserName(String userName) {
+		this.userName = userName;
+	}
 	
 	
 	
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
new file mode 100644
index 000000000..e62160285
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/UserDatabaseFrom.java
@@ -0,0 +1,237 @@
+package at.gv.egovernment.moa.id.configuration.data;
+
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.util.MiscUtil;
+import at.gv.util.data.BPK;
+
+public class UserDatabaseFrom {
+	
+	private String bpk;
+	private String familyName;
+	private String givenName;
+	private String institut;
+	private String mail;
+	private String phone;
+	private String username;
+	private String password;
+	private boolean active = false;
+	private boolean admin = false;
+	private boolean passwordActive;
+	private String userID = null;
+	
+	public UserDatabaseFrom() {
+		
+	}
+	
+	public UserDatabaseFrom(UserDatabase db) {
+		bpk = db.getBpk();
+		familyName = db.getFamilyname();
+		givenName = db.getGivenname();
+		institut = db.getInstitut();
+		mail = db.getMail();
+		phone = db.getPhone();
+		username = db.getUsername();
+		
+		if (MiscUtil.isNotEmpty(db.getPassword()))
+			passwordActive = true;
+		else
+			passwordActive = false;
+		
+		active = db.isIsActive();
+		admin = db.isIsAdmin();
+		
+		userID = String.valueOf(db.getHjid());
+	}
+
+
+	/**
+	 * @return the bpk
+	 */
+	public String getBpk() {
+		return bpk;
+	}
+
+
+	/**
+	 * @param bpk the bpk to set
+	 */
+	public void setBpk(String bpk) {
+		this.bpk = bpk;
+	}
+
+
+	/**
+	 * @return the familyName
+	 */
+	public String getFamilyName() {
+		return familyName;
+	}
+
+
+	/**
+	 * @param familyName the familyName to set
+	 */
+	public void setFamilyName(String familyName) {
+		this.familyName = familyName;
+	}
+
+
+	/**
+	 * @return the givenName
+	 */
+	public String getGivenName() {
+		return givenName;
+	}
+
+
+	/**
+	 * @param givenName the givenName to set
+	 */
+	public void setGivenName(String givenName) {
+		this.givenName = givenName;
+	}
+
+
+	/**
+	 * @return the institut
+	 */
+	public String getInstitut() {
+		return institut;
+	}
+
+
+	/**
+	 * @param institut the institut to set
+	 */
+	public void setInstitut(String institut) {
+		this.institut = institut;
+	}
+
+
+	/**
+	 * @return the mail
+	 */
+	public String getMail() {
+		return mail;
+	}
+
+
+	/**
+	 * @param mail the mail to set
+	 */
+	public void setMail(String mail) {
+		this.mail = mail;
+	}
+
+
+	/**
+	 * @return the phone
+	 */
+	public String getPhone() {
+		return phone;
+	}
+
+
+	/**
+	 * @param phone the phone to set
+	 */
+	public void setPhone(String phone) {
+		this.phone = phone;
+	}
+
+
+	/**
+	 * @return the username
+	 */
+	public String getUsername() {
+		return username;
+	}
+
+
+	/**
+	 * @param username the username to set
+	 */
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+
+	/**
+	 * @return the password
+	 */
+	public String getPassword() {
+		return password;
+	}
+
+
+	/**
+	 * @param password the password to set
+	 */
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+
+	/**
+	 * @return the active
+	 */
+	public boolean isActive() {
+		return active;
+	}
+
+
+	/**
+	 * @param active the active to set
+	 */
+	public void setActive(boolean active) {
+		this.active = active;
+	}
+
+
+	/**
+	 * @return the admin
+	 */
+	public boolean isAdmin() {
+		return admin;
+	}
+
+
+	/**
+	 * @param admin the admin to set
+	 */
+	public void setAdmin(boolean admin) {
+		this.admin = admin;
+	}
+
+
+	/**
+	 * @return the passwordActive
+	 */
+	public boolean isPasswordActive() {
+		return passwordActive;
+	}
+
+
+	/**
+	 * @param passwordActive the passwordActive to set
+	 */
+	public void setPasswordActive(boolean passwordActive) {
+		this.passwordActive = passwordActive;
+	}
+
+	/**
+	 * @return the userID
+	 */
+	public String getUserID() {
+		return userID;
+	}
+
+	/**
+	 * @param userID the userID to set
+	 */
+	public void setUserID(String userID) {
+		this.userID = userID;
+	}
+	
+	
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
index f3b513019..129d62346 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/data/oa/OAGeneralConfig.java
@@ -67,6 +67,9 @@ public class OAGeneralConfig {
 		 for (int i=0; i<values.length; i++) {
 			 keyBoxIdentifierList.put(values[i].value(), values[i].value());
 		 }
+		 
+		 bkuLocalURL = Constants.DEFAULT_LOCALBKU_URL;
+		 bkuHandyURL = Constants.DEFAULT_HANDYBKU_URL;
 	}
 	
 	
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
index 4eccfdf5d..a58b20214 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/filter/AuthenticationFilter.java
@@ -128,7 +128,7 @@ public class AuthenticationFilter implements Filter{
 							
 				if (authuser == null) {
 
-					authuser = new AuthenticatedUser(1, "Max", "TestUser", true, true);
+					authuser = new AuthenticatedUser(0, "Max", "TestUser", "maxtestuser", true, true);
 					//authuser = new AuthenticatedUser(1, "Max", "TestUser", true, false);
 					httpServletRequest.getSession().setAttribute(Constants.SESSION_AUTH, authuser);
 				}
@@ -150,6 +150,8 @@ public class AuthenticationFilter implements Filter{
 	            if (MiscUtil.isNotEmpty(getAuthenticatedPage())) {
 	                log.debug("Unable to find authentication data. Authenticated page is given so there is no need to save original request url. " + (loginPageForward ? "Forwarding" : "Redirecting") + " to login page \"" + loginPage + "\".");
 	                
+	                
+	                
 	            } 
 	            else {
 	            	log.debug("Unable to find authentication data. Storing request url and " + (loginPageForward ? "forwarding" : "redirecting") + " to login page \"" + loginPage + "\".");
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java
new file mode 100644
index 000000000..b2f1b106f
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/helper/AuthenticationHelper.java
@@ -0,0 +1,35 @@
+package at.gv.egovernment.moa.id.configuration.helper;
+
+import java.security.spec.KeySpec;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.util.Base64Utils;
+
+public class AuthenticationHelper {
+	
+	private static final Logger log = Logger.getLogger(AuthenticationHelper.class);
+	
+	public static String generateKeyFormPassword(String password) {
+		SecretKeyFactory factory;
+
+		try {
+			factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+			KeySpec spec = new PBEKeySpec(password.toCharArray(), "TestSALT".getBytes(), 1024, 128);
+			SecretKey tmp = factory.generateSecret(spec);
+			SecretKeySpec secret = new SecretKeySpec(tmp.getEncoded(), "AES");
+			return Base64Utils.encode(secret.getEncoded());
+			
+		} catch (Exception e) {
+			log.info("Key generation form password failed.");
+			return null;
+		}
+		
+	}
+
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
new file mode 100644
index 000000000..a8992e6b8
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/ImportExportAction.java
@@ -0,0 +1,353 @@
+package at.gv.egovernment.moa.id.configuration.struts.action;
+
+import java.io.File;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.io.StringReader;
+import java.io.StringWriter;
+import java.util.List;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.Result;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.log4j.Logger;
+import org.apache.struts2.interceptor.ServletRequestAware;
+import org.apache.struts2.interceptor.ServletResponseAware;
+import org.hibernate.lob.ReaderInputStream;
+import org.w3c.dom.Node;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.MOAIDConfiguration;
+import at.gv.egovernment.moa.id.commons.db.dao.config.OnlineApplication;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.legacy.BuildFromLegacyConfig;
+import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.iaik.commons.util.IOUtil;
+
+import com.opensymphony.xwork2.ActionSupport;
+
+import eu.stork.vidp.messages.common.STORKBootstrap;
+
+public class ImportExportAction extends ActionSupport 
+implements ServletRequestAware, ServletResponseAware {
+	
+	private static final Logger log = Logger.getLogger(ImportExportAction.class);
+
+	private static final long serialVersionUID = 1L;
+	private HttpServletRequest request;
+	private HttpServletResponse response;
+	
+	private AuthenticatedUser authUser; 
+	
+	private File fileUpload = null;
+	private String fileUploadContentType = null;
+	private String fileUploadFileName = null;
+	
+	private InputStream fileInputStream;
+	
+	public String init() {
+		
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+								
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+				addActionError(LanguageHelper.getErrorString("errors.notallowed"));
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
+	
+	public String importLegacyConfig() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+			
+				//load legacy config if it is configured
+			
+				if (fileUpload == null) {
+					addActionError(LanguageHelper.getErrorString("errors.importexport.nofile"));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				
+				//Initialize OpenSAML for STORK
+				log.info("Starting initialization of OpenSAML...");
+				try {
+					STORKBootstrap.bootstrap();
+					
+				} catch (org.opensaml.xml.ConfigurationException e1) {
+					log.info("Legacy configuration has an Import Error", e1);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e1.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				log.debug("OpenSAML successfully initialized");
+				
+			
+				MOAIDConfiguration moaconfig;
+				try {
+					log.warn("WARNING! The legacy import deletes the hole old config");
+					
+					List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
+					if (oas != null && oas.size() > 0) {
+						for (OnlineApplication oa : oas)
+							ConfigurationDBUtils.delete(oa);
+					}
+					
+
+					moaconfig = BuildFromLegacyConfig.build(fileUpload, "");
+					
+				} catch (ConfigurationException e) {
+					log.info("Legacy configuration has an Import Error", e);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.legacyimport", new Object[] {e.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+					
+				//check if XML config should be use
+				log.warn("WARNING! MOA-ID 2.0 is started with XML configuration. This setup overstrike the actual configuration in the Database!");
+				try {
+					MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+					if (moaidconfig != null)
+						ConfigurationDBUtils.delete(moaidconfig);
+			
+					ConfigurationDBUtils.save(moaconfig);
+					
+				} catch (MOADatabaseException e) {
+					log.warn("General MOA-ID config can not be stored in Database");
+					addActionError(e.getMessage());
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				
+				finally {
+					ConfigurationDBUtils.closeSession();
+				}
+				
+				log.info("Legacy Configuration load is completed.");
+				addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success"));
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+				addActionError(LanguageHelper.getErrorString("errors.notallowed"));
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+	}
+	
+	public String downloadXMLConfig() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+							
+				log.info("Write MOA-ID 2.x xml config");
+				JAXBContext jc;
+				try {
+					jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+		
+					Marshaller m = jc.createMarshaller();
+					m.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, true);
+//					File test = new File(xmlconfigout);
+//					m.marshal(moaidconfig, test);
+					MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+					
+					if (moaidconfig == null) {
+						log.info("No MOA-ID 2.x configruation available");
+						addActionError(LanguageHelper.getErrorString("errors.importexport.export.noconfig"));
+						return Constants.STRUTS_ERROR_VALIDATION;
+					}
+					
+					List<OnlineApplication> oaconfigs = ConfigurationDBRead.getAllOnlineApplications();
+					moaidconfig.setOnlineApplication(oaconfigs);
+					
+					StringWriter writer = new StringWriter();
+					m.marshal(moaidconfig, writer);
+					fileInputStream = IOUtils.toInputStream(writer.toString(), "UTF-8"); 
+					
+				} catch (JAXBException e) {
+					log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.export",
+							new Object[]{e.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				} catch (IOException e) {
+					log.info("MOA-ID 2.x configruation could not be exported into a XML file.", e);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.export",
+							new Object[]{e.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				
+				finally {
+					ConfigurationDBUtils.closeSession();
+				}
+				
+				return Constants.STRUTS_SUCCESS;
+			} else {
+				log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+				addActionError(LanguageHelper.getErrorString("errors.notallowed"));
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+	}
+	
+	
+	public String importXMLConfig() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+				
+				if (fileUpload == null) {
+					addActionError(LanguageHelper.getErrorString("errors.importexport.nofile"));
+					return Constants.STRUTS_ERROR_VALIDATION;
+				}
+				
+				log.warn("WARNING! The XML import deletes the hole old config");
+				
+				List<OnlineApplication> oas = ConfigurationDBRead.getAllOnlineApplications();
+				if (oas != null && oas.size() > 0) {
+					for (OnlineApplication oa : oas)
+						ConfigurationDBUtils.delete(oa);
+				}				
+				MOAIDConfiguration moaidconfig = ConfigurationDBRead.getMOAIDConfiguration();
+				if (moaidconfig != null)
+					ConfigurationDBUtils.delete(moaidconfig);
+				
+
+				log.info("Load configuration from MOA-ID 2.x XML configuration");
+				
+				try {
+					JAXBContext jc = JAXBContext.newInstance("at.gv.egovernment.moa.id.commons.db.dao.config");
+					Unmarshaller m = jc.createUnmarshaller(); 
+					MOAIDConfiguration moaconfig = (MOAIDConfiguration) m.unmarshal(fileUpload);
+
+					List<OnlineApplication> importoas = moaconfig.getOnlineApplication();
+					for (OnlineApplication importoa : importoas) {
+						ConfigurationDBUtils.saveOrUpdate(importoa);
+					}
+					
+					moaconfig.setOnlineApplication(null);
+					ConfigurationDBUtils.saveOrUpdate(moaconfig);
+					
+				} catch (Exception e) {
+					log.warn("MOA-ID XML configuration can not be loaded from File.", e);
+					addActionError(LanguageHelper.getErrorString("errors.importexport.import",
+							new Object[]{e.getMessage()}));
+					return Constants.STRUTS_ERROR_VALIDATION;
+					
+				}
+				
+				finally {
+					ConfigurationDBUtils.closeSession();
+				}
+				
+				log.info("XML Configuration load is completed.");
+				addActionMessage(LanguageHelper.getGUIString("webpages.inportexport.success"));
+				return Constants.STRUTS_SUCCESS;
+			
+			} else {
+				log.info("No access to Import/Export for User with ID" + authUser.getUserID());
+				addActionError(LanguageHelper.getErrorString("errors.notallowed"));
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+			
+	}
+	
+	/**
+	 * @return the fileUpload
+	 */
+	public File getFileUpload() {
+		return fileUpload;
+	}
+
+
+
+	/**
+	 * @param fileUpload the fileUpload to set
+	 */
+	public void setFileUpload(File fileUpload) {
+		this.fileUpload = fileUpload;
+	}
+
+
+
+	/**
+	 * @return the fileUploadContentType
+	 */
+	public String getFileUploadContentType() {
+		return fileUploadContentType;
+	}
+
+
+
+	/**
+	 * @param fileUploadContentType the fileUploadContentType to set
+	 */
+	public void setFileUploadContentType(String fileUploadContentType) {
+		this.fileUploadContentType = fileUploadContentType;
+	}
+
+
+
+	/**
+	 * @return the fileUploadFileName
+	 */
+	public String getFileUploadFileName() {
+		return fileUploadFileName;
+	}
+
+
+
+	/**
+	 * @param fileUploadFileName the fileUploadFileName to set
+	 */
+	public void setFileUploadFileName(String fileUploadFileName) {
+		this.fileUploadFileName = fileUploadFileName;
+	}
+
+	/**
+	 * @return the authUser
+	 */
+	public AuthenticatedUser getAuthUser() {
+		return authUser;
+	}
+
+	public void setServletResponse(HttpServletResponse response) {
+		this.response = response;
+	}
+	public void setServletRequest(HttpServletRequest request) {
+		this.request = request;
+	}
+	
+	public InputStream getFileInputStream() {
+		return fileInputStream;
+	}
+}
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
index 4e8e44007..6aeebcf7b 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/IndexAction.java
@@ -1,32 +1,169 @@
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
+import java.util.Date;
+
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
+import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
 import org.apache.struts2.interceptor.ServletResponseAware;
 
+import com.opensymphony.xwork2.ActionSupport;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.configuration.Constants;
+import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
 import at.gv.egovernment.moa.id.configuration.config.ConfigurationProvider;
 import at.gv.egovernment.moa.id.configuration.exception.ConfigurationException;
+import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
 
-public class IndexAction implements ServletRequestAware,
+public class IndexAction extends ActionSupport implements ServletRequestAware,
 	ServletResponseAware {
 	
+	private static final Logger log = Logger.getLogger(IndexAction.class);
+	
 	private HttpServletRequest request;
 	private HttpServletResponse response;
 	
+	private String password;
+	private String username;
+	
 	public String start() {
 				
 		return Constants.STRUTS_SUCCESS;
 	}
 	
+	public String authenticate() {
+		
+		String key = null;
+		
+		if (MiscUtil.isNotEmpty(username)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(username, false)) {
+				log.warn("Username contains potentail XSS characters: " + username);
+				addActionError(LanguageHelper.getErrorString("validation.edituser.username.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+				return Constants.STRUTS_ERROR;
+			}
+		} else {
+			log.warn("Username is empty");
+			addActionError(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+			return Constants.STRUTS_ERROR;
+		}
+		
+		if (MiscUtil.isEmpty(password)) {
+			log.warn("Password is empty");
+			addActionError(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+			return Constants.STRUTS_ERROR;
+			
+		} else {
+			key = AuthenticationHelper.generateKeyFormPassword(password);
+			if (key == null) {
+				addActionError(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+				return Constants.STRUTS_ERROR;
+			}
+		}
+		
+		UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(username);
+		if (dbuser == null) {
+			log.warn("Unknown Username");
+			addActionError(LanguageHelper.getErrorString("webpages.index.username.unkown"));
+			return Constants.STRUTS_ERROR;
+			
+		} else {
+			if (!dbuser.isIsActive()) {
+				log.warn("Username " + dbuser.getUsername() + " is not active");
+				addActionError(LanguageHelper.getErrorString("webpages.index.username.notactive"));
+				return Constants.STRUTS_ERROR;
+			}
+			
+			if (!dbuser.getPassword().equals(key)) {
+				log.warn("Username " + dbuser.getUsername() + " use a false password");
+				addActionError(LanguageHelper.getErrorString("webpages.index.password.false"));
+				return Constants.STRUTS_ERROR;
+			}
+			
+			AuthenticatedUser authuser = new AuthenticatedUser(
+					dbuser.getHjid(), 
+					dbuser.getGivenname(), 
+					dbuser.getFamilyname(), 
+					dbuser.getUsername(), 
+					true, 
+					dbuser.isIsAdmin());
+			
+			authuser.setLastLogin(dbuser.getLastLoginItem());
+			
+			dbuser.setLastLoginItem(new Date());
+			
+			try {
+				ConfigurationDBUtils.saveOrUpdate(dbuser);
+				
+			} catch (MOADatabaseException e) {
+				log.warn("UserDatabase communicaton error", e);
+				addActionError(LanguageHelper.getErrorString("error.login"));
+				return Constants.STRUTS_ERROR;
+			}
+			finally {
+				ConfigurationDBUtils.closeSession();
+			}
+			request.getSession().setAttribute(Constants.SESSION_AUTH, authuser);
+			return Constants.STRUTS_SUCCESS;	
+		}
+	}
+	
+	public String logout() {
+		
+		HttpSession session = request.getSession();
+		
+		if (session != null)
+			session.invalidate();
+		
+		return Constants.STRUTS_SUCCESS;
+	}
 	
 	public void setServletResponse(HttpServletResponse arg0) {
 		this.response = arg0;
 	}
 	public void setServletRequest(HttpServletRequest arg0) {
 		this.request =  arg0;
-	}	
+	}
+
+	/**
+	 * @return the password
+	 */
+	public String getPassword() {
+		return password;
+	}
+
+	/**
+	 * @param password the password to set
+	 */
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	/**
+	 * @return the username
+	 */
+	public String getUsername() {
+		return username;
+	}
+
+	/**
+	 * @param username the username to set
+	 */
+	public void setUsername(String username) {
+		this.username = username;
+	}
+	
+	
 
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
index 3f4b21fdd..c022d0057 100644
--- a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/struts/action/UserManagementAction.java
@@ -1,51 +1,331 @@
 package at.gv.egovernment.moa.id.configuration.struts.action;
 
+import java.util.ArrayList;
 import java.util.Date;
+import java.util.List;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.apache.log4j.Logger;
 import org.apache.struts2.interceptor.ServletRequestAware;
 import org.apache.struts2.interceptor.ServletResponseAware;
 
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
 import at.gv.egovernment.moa.id.commons.db.ConfigurationDBUtils;
 import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.configuration.Constants;
 import at.gv.egovernment.moa.id.configuration.auth.AuthenticatedUser;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.id.configuration.validation.UserDatabaseFormValidator;
+import at.gv.egovernment.moa.id.configuration.validation.ValidationHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
 
 import com.opensymphony.xwork2.ActionSupport;
 
 public class UserManagementAction extends ActionSupport 
 	implements ServletRequestAware, ServletResponseAware {
 	
+	private static final Logger log = Logger.getLogger(UserManagementAction.class);
+	
 	private static final long serialVersionUID = 1L;
 
 	private HttpServletRequest request;
 	private HttpServletResponse response;
+
+	private AuthenticatedUser authUser = null; 
+
+	private List<AuthenticatedUser> userlist = null;
+	private UserDatabaseFrom user = null;
+	
+	private String useridobj = null;
+	private static boolean newUser = false;
 	
-	private AuthenticatedUser authUser; 
+	public String init() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+				
+				log.info("Show UserList");
+				
+				List<UserDatabase> dbuserlist = ConfigurationDBRead.getAllUsers();
+				if (dbuserlist != null) {
+					userlist = new ArrayList<AuthenticatedUser>();
+					
+					for (UserDatabase dbuser : dbuserlist) {
+						userlist.add(new AuthenticatedUser(
+								dbuser.getHjid(), 
+								dbuser.getGivenname(), 
+								dbuser.getFamilyname(),
+								dbuser.getUsername(),
+								dbuser.isIsActive(), 
+								dbuser.isIsAdmin()));
+					}
+				}
+				
+				ConfigurationDBUtils.closeSession();
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				log.info("User with ID " + authUser.getUserID() + " is not admin. Show only EditUser Frame");
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+				if (dbuser == null) {
+					return Constants.STRUTS_REAUTHENTICATE;
+				}
+				user = new UserDatabaseFrom(dbuser);
+				ConfigurationDBUtils.closeSession();
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
 	
+	public String createuser() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+								
+				user = new UserDatabaseFrom();
+				
+				newUser = true;
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				return Constants.STRUTS_NOTALLOWED;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
+	
+	public String edituser() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+			
+			if (authUser.isAdmin()) {
+				long userid = -1;
+				
+				if (!ValidationHelper.validateOAID(useridobj)) {
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request));
+					return Constants.STRUTS_ERROR;
+				}
+				userid = Long.valueOf(useridobj);
+				
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userid);
+				if (dbuser == null) {
+					log.info("No User with ID " + userid + " in Database");;
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.userid", request));
+					return Constants.STRUTS_ERROR;
+				}
+				user = new UserDatabaseFrom(dbuser);
+				
+				newUser = false;
+				
+				ConfigurationDBUtils.closeSession();
+				
+				return Constants.STRUTS_SUCCESS;
+				
+			} else {
+				log.info("User with ID " + authUser.getUserID() + " is not admin. Show his own EditUser Frame");
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(authUser.getUserID());
+				user = new UserDatabaseFrom(dbuser);
+				return Constants.STRUTS_SUCCESS;
+			}
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
+	
+	public String saveuser() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+
+			String useridobj = user.getUserID();
+			long userID = -1;
+			if (MiscUtil.isEmpty(useridobj)) {
+				userID = -1;
+				
+			} else {
+				if (!ValidationHelper.validateOAID(useridobj)){
+					log.warn("User with ID " + authUser.getUserID() 
+							+ " would access UserDatabase ID " + useridobj);
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+					return Constants.STRUTS_ERROR;
+				}	
+				userID = Long.valueOf(useridobj);
+			}
+			
+			List<String> errors;
+			UserDatabaseFormValidator validator = new UserDatabaseFormValidator();
+			errors = validator.validate(user, userID);
+
+			if (errors.size() > 0) {
+				log.info("UserDataForm has some erros.");
+				for (String el : errors)
+					addActionError(el);	
+				user.setPassword("");
+				
+				if (MiscUtil.isEmpty(user.getUsername()))
+					newUser = true;
+				
+				return Constants.STRUTS_ERROR_VALIDATION;
+			}
+			
+			if (!authUser.isAdmin()) {
+				if (authUser.getUserID() != userID) {
+					log.warn("User with ID " + authUser.getUserID() 
+							+ " would access UserDatabase Entry " + user.getUsername());
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+					return Constants.STRUTS_ERROR;
+				}
+								
+			}
+
+			String error = saveFormToDB();
+			if (error != null) {
+				log.warn("UserData can not be stored in Database");
+				addActionError(error);
+				return Constants.STRUTS_SUCCESS;
+			}
+			
+			ConfigurationDBUtils.closeSession();
+			return Constants.STRUTS_SUCCESS;
+				
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
+	
+	public String deleteuser() {
+		Object authUserObj = request.getSession().getAttribute(Constants.SESSION_AUTH);
+		
+		if (authUserObj != null && authUserObj instanceof AuthenticatedUser) {
+			authUser = (AuthenticatedUser) authUserObj;
+								
+			String useridobj = user.getUserID();
+			long userID = -1;
+			if (MiscUtil.isEmpty(useridobj)) {
+				userID = -1;
+				
+			} else {
+				if (!ValidationHelper.validateOAID(useridobj)){
+					log.warn("User with ID " + authUser.getUserID() 
+							+ " would access UserDatabase ID " + useridobj);
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+					return Constants.STRUTS_ERROR;
+				}	
+				userID = Long.valueOf(useridobj);
+			}
+						
+			if (!authUser.isAdmin()) {
+				if (authUser.getUserID() != userID) {
+					log.warn("User with ID " + authUser.getUserID() 
+							+ " would access UserDatabase Entry " + user.getUsername());
+					addActionError(LanguageHelper.getErrorString("errors.edit.user.notallowed", request));
+					return Constants.STRUTS_ERROR;
+				}
+			}
+			
+			UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+			if (dbuser != null) {
+				dbuser.setOnlineApplication(null);
+				
+				try {
+					ConfigurationDBUtils.saveOrUpdate(dbuser);
+					ConfigurationDBUtils.delete(dbuser);
+					
+				} catch (MOADatabaseException e) {
+					log.warn("UserData can not be deleted from Database");
+					addActionError(e.getMessage());
+					return Constants.STRUTS_SUCCESS;
+				}
+				
+				finally {
+					ConfigurationDBUtils.closeSession();
+				}
+			}
+			
+			ConfigurationDBUtils.closeSession();
+			return Constants.STRUTS_SUCCESS;
+
+		}
+		return Constants.STRUTS_REAUTHENTICATE;
+		
+	}
 	
-	public String createTestUser() throws MOADatabaseException {
+	private String saveFormToDB() {
+		
+		UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(user.getUsername());
 		
-		UserDatabase user = new UserDatabase();
-		user.setBpk("");
-		user.setFamilyname("Max");
-		user.setGivenname("Mustermann");
-		user.setIsActive(true);
-		user.setIsAdmin(false);
-		user.setInstitut("EGIZ");
-		user.setLastLoginItem(new Date());
-		user.setMail("masdf@amfasdf.com");
-		user.setPhone("00660011542");
-		user.setUsername("testuser");
+		if( dbuser == null) {
+			dbuser = new UserDatabase();
+		}
 		
-		ConfigurationDBUtils.save(user);
+		dbuser.setBpk(user.getBpk());
+		dbuser.setFamilyname(user.getFamilyName());
+		dbuser.setGivenname(user.getGivenName());
+		dbuser.setInstitut(user.getInstitut());
+		dbuser.setMail(user.getMail());
+		dbuser.setPhone(user.getPhone());
+		dbuser.setUsername(user.getUsername());
 		
-		return Constants.STRUTS_SUCCESS;
+		if (authUser.isAdmin()) {
+			dbuser.setIsActive(user.isActive());
+			dbuser.setIsAdmin(user.isAdmin());
+		}
+		
+		if (MiscUtil.isNotEmpty(user.getPassword())) {
+			String key = AuthenticationHelper.generateKeyFormPassword(user.getPassword());
+			if (key == null) {
+				return LanguageHelper.getErrorString("errors.edit.user.save");
+			}
+			dbuser.setPassword(key);			
+		}
+
+		
+		try {
+			ConfigurationDBUtils.saveOrUpdate(dbuser);
+		} catch (MOADatabaseException e) {
+			log.warn("User information can not be stored in Database.", e);
+			return LanguageHelper.getErrorString("errors.edit.user.save");
+		}
+		
+		return null;
 	}
 	
+//	public String createTestUser() throws MOADatabaseException {
+//		
+//		UserDatabase user = new UserDatabase();
+//		user.setBpk("");
+//		user.setFamilyname("Max");
+//		user.setGivenname("Mustermann");
+//		user.setIsActive(true);
+//		user.setIsAdmin(false);
+//		user.setInstitut("EGIZ");
+//		user.setLastLoginItem(new Date());
+//		user.setMail("masdf@amfasdf.com");
+//		user.setPhone("00660011542");
+//		user.setUsername("testuser");
+//		
+//		ConfigurationDBUtils.save(user);
+//		
+//		return Constants.STRUTS_SUCCESS;
+//	}
+	
 	
 	public void setServletResponse(HttpServletResponse response) {
 		this.response = response;
@@ -56,7 +336,63 @@ public class UserManagementAction extends ActionSupport
 		this.request = request;
 		
 	}
+
+	/**
+	 * @return the userlist
+	 */
+	public List<AuthenticatedUser> getUserlist() {
+		return userlist;
+	}
+
+	/**
+	 * @param userlist the userlist to set
+	 */
+	public void setUserlist(List<AuthenticatedUser> userlist) {
+		this.userlist = userlist;
+	}
+
+	/**
+	 * @return the user
+	 */
+	public UserDatabaseFrom getUser() {
+		return user;
+	}
+
+	/**
+	 * @param user the user to set
+	 */
+	public void setUser(UserDatabaseFrom user) {
+		this.user = user;
+	}
+
+	/**
+	 * @return the useridobj
+	 */
+	public String getUseridobj() {
+		return useridobj;
+	}
+
+	/**
+	 * @param useridobj the useridobj to set
+	 */
+	public void setUseridobj(String useridobj) {
+		this.useridobj = useridobj;
+	}
+
+	/**
+	 * @return the authUser
+	 */
+	public AuthenticatedUser getAuthUser() {
+		return authUser;
+	}
+
+	/**
+	 * @return the newUser
+	 */
+	public boolean isNewUser() {
+		return newUser;
+	}
+	
 	
 	
-
 }
diff --git a/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
new file mode 100644
index 000000000..8e6edf52a
--- /dev/null
+++ b/id/ConfigWebTool/src/main/java/at/gv/egovernment/moa/id/configuration/validation/UserDatabaseFormValidator.java
@@ -0,0 +1,147 @@
+package at.gv.egovernment.moa.id.configuration.validation;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.apache.log4j.Logger;
+
+import at.gv.egovernment.moa.id.commons.db.ConfigurationDBRead;
+import at.gv.egovernment.moa.id.commons.db.dao.config.UserDatabase;
+import at.gv.egovernment.moa.id.configuration.data.UserDatabaseFrom;
+import at.gv.egovernment.moa.id.configuration.helper.AuthenticationHelper;
+import at.gv.egovernment.moa.id.configuration.helper.LanguageHelper;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+public class UserDatabaseFormValidator {
+
+	private static final Logger log = Logger.getLogger(UserDatabaseFormValidator.class);
+	
+	public List<String> validate(UserDatabaseFrom form, long userID) {
+		List<String> errors = new ArrayList<String>();
+				
+		String check = form.getGivenName();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("GivenName contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("GivenName is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.givenname.empty"));			
+		}
+		
+		
+		check = form.getFamilyName();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("FamilyName contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("FamilyName is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.familyname.empty"));			
+		}
+
+		check = form.getInstitut();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("Organisation contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.institut.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("Organisation is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.institut.empty"));			
+		}
+		
+		check = form.getMail();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (!ValidationHelper.isEmailAddressFormat(check)) {
+				log.warn("Mailaddress is not valid: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.mail.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("Mailaddress is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.mail.empty"));			
+		}
+		
+		check = form.getPhone();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("Phonenumber contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.phone.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		} else {
+			log.warn("Phonenumber is empty");
+			errors.add(LanguageHelper.getErrorString("validation.edituser.phone.empty"));			
+		}
+		
+		check = form.getUsername();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("Username contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.username.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+				
+			} else {
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithUserName(check);
+				if (dbuser != null && userID != dbuser.getHjid()) {
+					log.warn("Username " + check + " exists in UserDatabase");
+					errors.add(LanguageHelper.getErrorString("validation.edituser.username.duplicate"));
+					form.setUsername("");
+				}	
+			}
+		} else {
+			if (userID == -1) {
+				log.warn("Username is empty");
+				errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+			} else {
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+				if (dbuser == null) {
+					log.warn("Username is empty");
+					errors.add(LanguageHelper.getErrorString("validation.edituser.username.empty"));
+				} else {
+					form.setUsername(dbuser.getUsername());
+				}
+			}
+		}
+		
+		check = form.getPassword();
+		if (MiscUtil.isEmpty(check)) {
+			if (userID == -1) {
+				log.warn("Password is empty");
+				errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+			} else {
+				UserDatabase dbuser = ConfigurationDBRead.getUserWithID(userID);
+				if (dbuser == null || MiscUtil.isEmpty(dbuser.getPassword())) {
+					log.warn("Password is empty");
+					errors.add(LanguageHelper.getErrorString("validation.edituser.password.empty"));
+				}
+			}
+			
+		} else {
+			String key = AuthenticationHelper.generateKeyFormPassword(check);
+			if (key == null) {
+				errors.add(LanguageHelper.getErrorString("validation.edituser.password.valid"));
+			}
+		}
+		
+		
+		
+		check = form.getBpk();
+		if (MiscUtil.isNotEmpty(check)) {
+			if (ValidationHelper.containsPotentialCSSCharacter(check, false)) {
+				log.warn("BPK contains potentail XSS characters: " + check);
+				errors.add(LanguageHelper.getErrorString("validation.edituser.bpk.valid", 
+						new Object[] {ValidationHelper.getPotentialCSSCharacter(false)} ));
+			}
+		}
+		
+		return errors;
+		
+	}
+}
-- 
cgit v1.2.3