[Major] Services now consider Arg realm or user realm

2016-09-22 21:52:36 +02:00 · 2016-09-22 21:52:36 +02:00 · 5cbbfebf06
parent b7b9d63e79
commit 5cbbfebf06
40 changed files with 157 additions and 68 deletions
--- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/DefaultStrolchPrivilegeHandler.java
@ -183,7 +183,12 @@ public class DefaultStrolchPrivilegeHandler extends StrolchComponent implements
 	}

 	@Override
-	public li.strolch.privilege.handler.PrivilegeHandler getPrivilegeHandler() throws PrivilegeException {
+	public <V extends SystemUserAction> V runPrivileged(V action) throws PrivilegeException {
+		return super.runPrivileged(action);
+	}
+
+	@Override
+	public li.strolch.privilege.handler.PrivilegeHandler getPrivilegeHandler() {
 		return this.privilegeHandler;
 	}
 }
--- a/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
+++ b/li.strolch.agent/src/main/java/li/strolch/runtime/privilege/PrivilegeHandler.java
@ -19,65 +19,116 @@ import li.strolch.privilege.base.PrivilegeException;
 import li.strolch.privilege.handler.SystemUserAction;
 import li.strolch.privilege.model.Certificate;
 import li.strolch.privilege.model.PrivilegeContext;
+import li.strolch.runtime.StrolchConstants;

 /**
+ * The privilege handler for authenticating users and performing actions as a system user
+ * 
 * @author Robert von Burg <eitch@eitchnet.ch>
 */
 public interface PrivilegeHandler {

 	/**
+	 * Authenticate a user
+	 * 
 	 * @param username
+	 *            the username
 	 * @param password
-	 * @return
+	 *            the password
+	 * 
+	 * @return the certificate
 	 * 
 	 * @see li.strolch.privilege.handler.PrivilegeHandler#authenticate(String, byte[])
 	 */
-	public abstract Certificate authenticate(String username, byte[] password);
+	public Certificate authenticate(String username, byte[] password);

 	/**
+	 * Validate that the certificate is still valid
+	 * 
 	 * @param certificate
+	 *            the certificate
+	 * 
 	 * @throws PrivilegeException
+	 *             if the certificate is not valid
+	 * 
 	 * @see li.strolch.privilege.handler.PrivilegeHandler#isCertificateValid(Certificate)
 	 */
-	public abstract void isCertificateValid(Certificate certificate) throws PrivilegeException;
+	public void isCertificateValid(Certificate certificate) throws PrivilegeException;

 	/**
+	 * Invalidates the given certificate
+	 * 
 	 * @param certificate
-	 * @return
+	 *            the certificate
+	 * 
+	 * @return true if the certificate was invalidated, or false if it was already invalidated
+	 * 
 	 * @see li.strolch.privilege.handler.PrivilegeHandler#invalidateSession(li.strolch.privilege.model.Certificate)
 	 */
-	public abstract boolean invalidateSession(Certificate certificate);
+	public boolean invalidateSession(Certificate certificate);

 	/**
+	 * Notifies that the session has timed out, i.e. the certificate must be invalidated
+	 * 
 	 * @param certificate
-	 * @return
+	 *            the certificate that has timed out
+	 * @return true if the certificate was invalidated, or false it was already invalidated
+	 * 
 	 * @see li.strolch.privilege.handler.PrivilegeHandler#invalidateSession(li.strolch.privilege.model.Certificate)
 	 */
-	public abstract boolean sessionTimeout(Certificate certificate);
+	public boolean sessionTimeout(Certificate certificate);

 	/**
+	 * Returns the {@link PrivilegeContext} for the given certificate
+	 * 
 	 * @param certificate
-	 * @return
+	 *            the certificate
+	 * 
+	 * @return the {@link PrivilegeContext} for the given certificate
+	 * 
 	 * @throws PrivilegeException
+	 *             if the certificate is not valid anymore
+	 * 
 	 * @see li.strolch.privilege.handler.PrivilegeHandler#getPrivilegeContext(li.strolch.privilege.model.Certificate)
 	 */
-	public abstract PrivilegeContext getPrivilegeContext(Certificate certificate) throws PrivilegeException;
+	public PrivilegeContext getPrivilegeContext(Certificate certificate) throws PrivilegeException;

 	/**
+	 * Run the given {@link SystemUserAction} as the given system user
+	 * 
 	 * @param systemUsername
+	 *            the system username
 	 * @param action
+	 *            the action to perform
+	 * 
+	 * @return the action after performing the action
+	 * 
 	 * @throws PrivilegeException
+	 *             if there is something wrong
+	 * 
 	 * @see li.strolch.privilege.handler.PrivilegeHandler#runAsSystem(java.lang.String,
 	 *      li.strolch.privilege.handler.SystemUserAction)
 	 */
-	public abstract <T extends SystemUserAction> T runAsSystem(String systemUsername, T action)
-			throws PrivilegeException;
+	public <T extends SystemUserAction> T runAsSystem(String systemUsername, T action) throws PrivilegeException;

 	/**
-	 * @param certificate
-	 * @return
+	 * Run the given {@link SystemUserAction} as the system user {@link StrolchConstants#PRIVILEGED_SYSTEM_USER}
+	 * 
+	 * @param action
+	 *            the action to perform
+	 * 
+	 * @return the action after performing the action
+	 * 
 	 * @throws PrivilegeException
+	 *             if there is something wrong
 	 */
-	public abstract li.strolch.privilege.handler.PrivilegeHandler getPrivilegeHandler() throws PrivilegeException;
+	public <V extends SystemUserAction> V runPrivileged(V action) throws PrivilegeException;
+
+	/**
+	 * Returns the {@link li.strolch.privilege.handler.PrivilegeHandler}
+	 * 
+	 * @return the {@link li.strolch.privilege.handler.PrivilegeHandler}
+	 */
+	public abstract li.strolch.privilege.handler.PrivilegeHandler getPrivilegeHandler();

 }
--- a/li.strolch.agent/src/main/java/li/strolch/service/api/AbstractService.java
+++ b/li.strolch.agent/src/main/java/li/strolch/service/api/AbstractService.java
@ -33,6 +33,7 @@ import li.strolch.runtime.StrolchConstants;
 import li.strolch.runtime.configuration.RuntimeConfiguration;
 import li.strolch.runtime.privilege.PrivilegeHandler;
 import li.strolch.utils.dbc.DBC;
+import li.strolch.utils.helper.StringHelper;

 /**
 * @author Robert von Burg <eitch@eitchnet.ch>
@ -149,7 +150,7 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
 	 * @param realm
 	 *            the name of the realm to return
 	 * 
-	 * @return the realm with the given name
+	 * @return the open {@link StrolchTransaction}
 	 * 
 	 * @throws StrolchException
 	 *             if the {@link StrolchRealm} does not exist with the given name
@ -158,16 +159,56 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
 		return this.container.getRealm(realm).openTx(getCertificate(), getClass());
 	}

+	/**
+	 * Opens a {@link StrolchTransaction} by evaluating if the given argument has a realm defined, if not, then the
+	 * realm from the user certificate is used. The action for the TX is this implementation's class name. This
+	 * transaction should be used in a try-with-resource clause so it is properly closed
+	 * 
+	 * @param arg
+	 *            the {@link ServiceArgument}
+	 * 
+	 * @return the open {@link StrolchTransaction}
+	 * 
+	 * @throws StrolchException
+	 *             if the {@link StrolchRealm} does not exist with the given name
+	 */
+	protected StrolchTransaction openArgOrUserTx(ServiceArgument arg) throws StrolchException {
+		if (StringHelper.isEmpty(arg.realm))
+			return openUserTx();
+		return openTx(arg.realm);
+	}
+
+	/**
+	 * Opens a {@link StrolchTransaction} by evaluating if the given argument has a realm defined, if not, then the
+	 * realm from the user certificate is used. The action for the TX is this implementation's class name. This
+	 * transaction should be used in a try-with-resource clause so it is properly closed
+	 * 
+	 * @param arg
+	 *            the {@link ServiceArgument}
+	 * @param action
+	 *            the action to use for the opened TX
+	 * 
+	 * @return the open {@link StrolchTransaction}
+	 * 
+	 * @throws StrolchException
+	 *             if the {@link StrolchRealm} does not exist with the given name
+	 */
+	protected StrolchTransaction openArgOrUserTx(ServiceArgument arg, String action) throws StrolchException {
+		if (StringHelper.isEmpty(arg.realm))
+			return openUserTx();
+		return openTx(arg.realm, action);
+	}
+
 	/**
 	 * Opens a {@link StrolchTransaction} for the given realm. This transaction should be used in a try-with-resource
 	 * clause so it is properly closed
 	 * 
 	 * @param realm
-	 *            the name of the realm to return
+	 *            the name of the realm
 	 * @param action
 	 *            the action to use for the opened TX
 	 * 
-	 * @return the realm with the given name
+	 * @return the open {@link StrolchTransaction}
 	 * 
 	 * @throws StrolchException
 	 *             if the {@link StrolchRealm} does not exist with the given name
@ -181,7 +222,7 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
 	 * {@link ComponentContainer#getRealm(Certificate)}, the action for the TX is this implementation's class name. This
 	 * transaction should be used in a try-with-resource clause so it is properly closed
 	 * 
-	 * @return the realm with the given name
+	 * @return the open {@link StrolchTransaction}
 	 * 
 	 * @throws StrolchException
 	 *             if the {@link StrolchRealm} does not exist with the given name
@ -195,12 +236,10 @@ public abstract class AbstractService<T extends ServiceArgument, U extends Servi
 	 * {@link ComponentContainer#getRealm(Certificate)}. This transaction should be used in a try-with-resource clause
 	 * so it is properly closed
 	 * 
-	 * @param realm
-	 *            the name of the realm to return
 	 * @param action
 	 *            the action to use for the opened TX
 	 * 
-	 * @return the realm with the given name
+	 * @return the open {@link StrolchTransaction}
 	 * 
 	 * @throws StrolchException
 	 *             if the {@link StrolchRealm} does not exist with the given name
--- a/li.strolch.agent/src/main/java/li/strolch/service/api/ServiceArgument.java
+++ b/li.strolch.agent/src/main/java/li/strolch/service/api/ServiceArgument.java
@ -17,12 +17,9 @@ package li.strolch.service.api;

 import java.io.Serializable;

-import li.strolch.runtime.StrolchConstants;
-
 /**
- * Base argument to be used when performing {@link Service Services}. The realm parameter is set to
- * {@link StrolchConstants#DEFAULT_REALM} and can be overridden when the caller of the service wants to perform the
- * service in a different realm
+ * Base argument to be used when performing {@link Service Services}. The realm parameter is null and can be overridden
+ * when the caller of the service wants to perform the service in a different realm
 * 
 * @author Robert von Burg <eitch@eitchnet.ch>
 */
@ -33,10 +30,6 @@ public class ServiceArgument implements Serializable {
 	 * <p>
 	 * Set this to the realm in which the service should operate
 	 * </p>
-	 * 
-	 * <p>
-	 * realm = StrolchConstants.DEFAULT_REALM
-	 * </p>
 	 */
-	public String realm = StrolchConstants.DEFAULT_REALM;
+	public String realm;
 }
--- a/li.strolch.performancetest/src/test/java/li/strolch/performance/PerformanceTestService.java
+++ b/li.strolch.performancetest/src/test/java/li/strolch/performance/PerformanceTestService.java
@ -25,6 +25,7 @@ import li.strolch.model.Resource;
 import li.strolch.persistence.api.StrolchTransaction;
 import li.strolch.service.api.AbstractService;
 import li.strolch.service.api.ServiceResult;
+import li.strolch.service.api.ServiceResultState;
 import li.strolch.utils.helper.SystemHelper;

 public class PerformanceTestService extends AbstractService<PerformanceTestArgument, ServiceResult> {
@ -35,7 +36,7 @@ public class PerformanceTestService extends AbstractService<PerformanceTestArgum

 	@Override
 	protected ServiceResult getResultInstance() {
-		return new ServiceResult();
+		return new ServiceResult(ServiceResultState.FAILED);
 	}

 	@Override
--- a/li.strolch.service/src/main/java/li/strolch/service/AddActivityService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/AddActivityService.java
@ -38,7 +38,7 @@ public class AddActivityService extends AbstractService<AddActivityService.AddAc
 	@Override
 	protected ServiceResult internalDoService(AddActivityArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			AddActivityCommand command = new AddActivityCommand(getContainer(), tx);
 			command.setActivity(arg.activity);
 			tx.addCommand(command);
--- a/li.strolch.service/src/main/java/li/strolch/service/AddOrderCollectionService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/AddOrderCollectionService.java
@ -40,7 +40,7 @@ public class AddOrderCollectionService extends
 	@Override
 	protected ServiceResult internalDoService(AddOrderCollectionArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			AddOrderCollectionCommand command = new AddOrderCollectionCommand(getContainer(), tx);
 			command.setOrders(arg.orders);
 			tx.addCommand(command);
--- a/li.strolch.service/src/main/java/li/strolch/service/AddOrderService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/AddOrderService.java
@ -38,7 +38,7 @@ public class AddOrderService extends AbstractService<AddOrderService.AddOrderArg
 	@Override
 	protected ServiceResult internalDoService(AddOrderArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			AddOrderCommand command = new AddOrderCommand(getContainer(), tx);
 			command.setOrder(arg.order);
 			tx.addCommand(command);
--- a/li.strolch.service/src/main/java/li/strolch/service/AddResourceCollectionService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/AddResourceCollectionService.java
@ -40,7 +40,7 @@ public class AddResourceCollectionService extends
 	@Override
 	protected ServiceResult internalDoService(AddResourceCollectionArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			AddResourceCollectionCommand command = new AddResourceCollectionCommand(getContainer(), tx);
 			command.setResources(arg.resources);
 			tx.addCommand(command);
--- a/li.strolch.service/src/main/java/li/strolch/service/AddResourceService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/AddResourceService.java
@ -38,7 +38,7 @@ public class AddResourceService extends AbstractService<AddResourceService.AddRe
 	@Override
 	protected ServiceResult internalDoService(AddResourceArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			AddResourceCommand command = new AddResourceCommand(getContainer(), tx);
 			command.setResource(arg.resource);
 			tx.addCommand(command);
--- a/li.strolch.service/src/main/java/li/strolch/service/ClearModelService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/ClearModelService.java
@ -41,7 +41,7 @@ public class ClearModelService extends AbstractService<ClearModelArgument, Servi
 	protected ServiceResult internalDoService(ClearModelArgument arg) {

 		ClearModelCommand command;
-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			command = new ClearModelCommand(getContainer(), tx);
 			command.setClearOrders(arg.clearOrders);
 			command.setClearResources(arg.clearResources);
--- a/li.strolch.service/src/main/java/li/strolch/service/RemoveActivityCollectionService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/RemoveActivityCollectionService.java
@ -40,7 +40,7 @@ public class RemoveActivityCollectionService extends AbstractService<LocatorList
 	@Override
 	protected ServiceResult internalDoService(LocatorListArgument arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			List<Activity> activities = new ArrayList<>(arg.locators.size());
 			for (Locator locator : arg.locators) {
--- a/li.strolch.service/src/main/java/li/strolch/service/RemoveActivityService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/RemoveActivityService.java
@ -37,7 +37,7 @@ public class RemoveActivityService extends AbstractService<LocatorArgument, Serv
 	@Override
 	protected ServiceResult internalDoService(LocatorArgument arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			Activity activity = tx.findElement(arg.locator);

--- a/li.strolch.service/src/main/java/li/strolch/service/RemoveOrderCollectionService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/RemoveOrderCollectionService.java
@ -40,7 +40,7 @@ public class RemoveOrderCollectionService extends AbstractService<LocatorListArg
 	@Override
 	protected ServiceResult internalDoService(LocatorListArgument arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			List<Order> orders = new ArrayList<>(arg.locators.size());
 			for (Locator locator : arg.locators) {
--- a/li.strolch.service/src/main/java/li/strolch/service/RemoveOrderService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/RemoveOrderService.java
@ -37,7 +37,7 @@ public class RemoveOrderService extends AbstractService<LocatorArgument, Service
 	@Override
 	protected ServiceResult internalDoService(LocatorArgument arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			Order order = tx.findElement(arg.locator);

--- a/li.strolch.service/src/main/java/li/strolch/service/RemoveResourceCollectionService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/RemoveResourceCollectionService.java
@ -40,7 +40,7 @@ public class RemoveResourceCollectionService extends AbstractService<LocatorList
 	@Override
 	protected ServiceResult internalDoService(LocatorListArgument arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			List<Resource> resources = new ArrayList<>(arg.locators.size());
 			for (Locator locator : arg.locators) {
--- a/li.strolch.service/src/main/java/li/strolch/service/RemoveResourceService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/RemoveResourceService.java
@ -37,7 +37,7 @@ public class RemoveResourceService extends AbstractService<LocatorArgument, Serv
 	@Override
 	protected ServiceResult internalDoService(LocatorArgument arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			Resource resource = tx.findElement(arg.locator);

--- a/li.strolch.service/src/main/java/li/strolch/service/UpdateActivityService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/UpdateActivityService.java
@ -38,7 +38,7 @@ public class UpdateActivityService extends AbstractService<UpdateActivityService
 	@Override
 	protected ServiceResult internalDoService(UpdateActivityArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			UpdateActivityCommand command = new UpdateActivityCommand(getContainer(), tx);
 			command.setActivity(arg.activity);

--- a/li.strolch.service/src/main/java/li/strolch/service/UpdateOrderCollectionService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/UpdateOrderCollectionService.java
@ -40,7 +40,7 @@ public class UpdateOrderCollectionService extends
 	@Override
 	protected ServiceResult internalDoService(UpdateOrderCollectionArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			UpdateOrderCollectionCommand command = new UpdateOrderCollectionCommand(getContainer(), tx);
 			command.setOrders(arg.orders);

--- a/li.strolch.service/src/main/java/li/strolch/service/UpdateOrderService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/UpdateOrderService.java
@ -38,7 +38,7 @@ public class UpdateOrderService extends AbstractService<UpdateOrderService.Updat
 	@Override
 	protected ServiceResult internalDoService(UpdateOrderArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			UpdateOrderCommand command = new UpdateOrderCommand(getContainer(), tx);
 			command.setOrder(arg.order);

--- a/li.strolch.service/src/main/java/li/strolch/service/UpdateResourceCollectionService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/UpdateResourceCollectionService.java
@ -40,7 +40,7 @@ public class UpdateResourceCollectionService extends
 	@Override
 	protected ServiceResult internalDoService(UpdateResourceCollectionArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			UpdateResourceCollectionCommand command = new UpdateResourceCollectionCommand(getContainer(), tx);
 			command.setResources(arg.resources);

--- a/li.strolch.service/src/main/java/li/strolch/service/UpdateResourceService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/UpdateResourceService.java
@ -38,7 +38,7 @@ public class UpdateResourceService extends AbstractService<UpdateResourceService
 	@Override
 	protected ServiceResult internalDoService(UpdateResourceArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {
 			UpdateResourceCommand command = new UpdateResourceCommand(getContainer(), tx);
 			command.setResource(arg.resource);

--- a/li.strolch.service/src/main/java/li/strolch/service/XmlExportModelService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/XmlExportModelService.java
@ -76,7 +76,7 @@ public class XmlExportModelService extends AbstractService<XmlExportModelArgumen
 		logger.info("Exporting model to real path: " + modelFile.getAbsolutePath());

 		XmlExportModelCommand command;
-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			command = new XmlExportModelCommand(getContainer(), tx);
 			command.setModelFile(modelFile);
--- a/li.strolch.service/src/main/java/li/strolch/service/XmlImportModelService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/XmlImportModelService.java
@ -69,7 +69,7 @@ public class XmlImportModelService extends AbstractService<XmlImportModelArgumen
 		}

 		XmlImportModelCommand command;
-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			command = new XmlImportModelCommand(getContainer(), tx);
 			command.setModelFile(modelFile);
--- a/li.strolch.service/src/main/java/li/strolch/service/parameter/AddParameterService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/parameter/AddParameterService.java
@ -40,7 +40,7 @@ public class AddParameterService extends AbstractService<AddParameterService.Add
 	@Override
 	protected ServiceResult internalDoService(AddParameterArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			ParameterizedElement element = tx.findElement(arg.locator);

--- a/li.strolch.service/src/main/java/li/strolch/service/parameter/RemoveParameterService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/parameter/RemoveParameterService.java
@ -38,7 +38,7 @@ public class RemoveParameterService extends AbstractService<LocatorArgument, Ser
 	@Override
 	protected ServiceResult internalDoService(LocatorArgument arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			Parameter<?> parameter = tx.findElement(arg.locator);

--- a/li.strolch.service/src/main/java/li/strolch/service/parameter/SetParameterService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/parameter/SetParameterService.java
@ -39,7 +39,7 @@ public class SetParameterService extends AbstractService<SetParameterService.Set
 	@Override
 	protected ServiceResult internalDoService(SetParameterArg arg) {

-		try (StrolchTransaction tx = openTx(arg.realm)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg)) {

 			Parameter<?> parameter = tx.findElement(arg.locator);

--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeAddOrReplacePrivilegeOnRoleService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeAddOrReplacePrivilegeOnRoleService.java
@ -45,7 +45,7 @@ public class PrivilegeAddOrReplacePrivilegeOnRoleService

 		RoleRep role = privilegeHandler.addOrReplacePrivilegeOnRole(getCertificate(), arg.roleName, arg.privilegeRep);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.ROLE, role.getName());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeAddRoleService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeAddRoleService.java
@ -43,7 +43,7 @@ public class PrivilegeAddRoleService extends AbstractService<PrivilegeRoleArgume

 		RoleRep role = privilegeHandler.addRole(getCertificate(), arg.role);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_ADD_ROLE)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.ROLE, role.getName());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeRemovePrivilegeFromRoleService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeRemovePrivilegeFromRoleService.java
@ -45,7 +45,7 @@ public class PrivilegeRemovePrivilegeFromRoleService

 		RoleRep role = privilegeHandler.removePrivilegeFromRole(getCertificate(), arg.roleName, arg.privilegeName);

-		try (StrolchTransaction tx = openUserTx(StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, StrolchPrivilegeConstants.PRIVILEGE_MODIFY_ROLE)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.ROLE, role.getName());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeRemoveRoleService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeRemoveRoleService.java
@ -44,7 +44,7 @@ public class PrivilegeRemoveRoleService extends AbstractService<PrivilegeRoleNam

 		RoleRep role = privilegeHandler.removeRole(getCertificate(), arg.roleName);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_REMOVE_ROLE)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.ROLE, role.getName());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeUpdateRoleService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/roles/PrivilegeUpdateRoleService.java
@ -44,7 +44,7 @@ public class PrivilegeUpdateRoleService extends AbstractService<PrivilegeRoleArg

 		RoleRep role = privilegeHandler.replaceRole(getCertificate(), arg.role);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_ROLE)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.ROLE, role.getName());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddRoleToUserService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddRoleToUserService.java
@ -45,7 +45,7 @@ public class PrivilegeAddRoleToUserService

 		UserRep user = privilegeHandler.addRoleToUser(getCertificate(), arg.username, arg.rolename);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_ROLE_TO_USER)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.USER, user.getUsername());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeAddUserService.java
@ -44,7 +44,7 @@ public class PrivilegeAddUserService extends AbstractService<PrivilegeUserArgume

 		UserRep user = privilegeHandler.addUser(getCertificate(), arg.user, null);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_ADD_USER)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_ADD_USER)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.CREATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.USER, user.getUsername());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeRemoveRoleFromUserService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeRemoveRoleFromUserService.java
@ -44,7 +44,7 @@ public class PrivilegeRemoveRoleFromUserService

 		UserRep user = privilegeHandler.removeRoleFromUser(getCertificate(), arg.username, arg.rolename);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_REMOVE_ROLE_FROM_USER)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_ROLE_FROM_USER)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.USER, user.getUsername());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeRemoveUserService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeRemoveUserService.java
@ -44,7 +44,7 @@ public class PrivilegeRemoveUserService extends AbstractService<PrivilegeUserNam

 		UserRep user = privilegeHandler.removeUser(getCertificate(), arg.username);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_REMOVE_USER)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_REMOVE_USER)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.DELETE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.USER, user.getUsername());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeSetUserLocaleService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeSetUserLocaleService.java
@ -45,7 +45,7 @@ public class PrivilegeSetUserLocaleService

 		UserRep user = privilegeHandler.setUserLocale(getCertificate(), arg.username, arg.locale);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_SET_USER_LOCALE)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_LOCALE)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.USER, user.getUsername());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeSetUserPasswordService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeSetUserPasswordService.java
@ -44,7 +44,7 @@ public class PrivilegeSetUserPasswordService extends AbstractService<PrivilegeSe

 		privilegeHandler.setUserPassword(getCertificate(), arg.username, arg.password);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_PASSWORD)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.USER, arg.username);
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeSetUserStateService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeSetUserStateService.java
@ -44,7 +44,7 @@ public class PrivilegeSetUserStateService extends AbstractService<PrivilegeSetUs

 		UserRep user = privilegeHandler.setUserState(getCertificate(), arg.username, arg.userState);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_SET_USER_STATE)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_SET_USER_STATE)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.USER, user.getUsername());
--- a/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeUpdateUserService.java
+++ b/li.strolch.service/src/main/java/li/strolch/service/privilege/users/PrivilegeUpdateUserService.java
@ -44,7 +44,7 @@ public class PrivilegeUpdateUserService extends AbstractService<PrivilegeUserArg

 		UserRep user = privilegeHandler.updateUser(getCertificate(), arg.user);

-		try (StrolchTransaction tx = openUserTx(PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
+		try (StrolchTransaction tx = openArgOrUserTx(arg, PrivilegeHandler.PRIVILEGE_MODIFY_USER)) {
 			tx.setSuppressAudits(true);
 			Audit audit = tx.auditFrom(AccessType.UPDATE, StrolchPrivilegeConstants.PRIVILEGE,
 					StrolchPrivilegeConstants.USER, user.getUsername());