From b78e9bb064c348dd3887ae997298b244dcbff7a5 Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Sun, 29 Jul 2012 18:23:31 +0200
Subject: [PATCH] [New] added a new PrivilegeHandler.queryUser(UserRep) to
 query users

- The querying is done by passing a UserRep with all the fields set
which
need to be equal to select the user. Null fields are understood as not
required

- Performed further clean up in that all password variables have been
changed to type byte[].

- Cleaned up copyright notices in files

- fixed version of Privilege 0.1.0-SNAPSHOT in pom.xml
---
 MANIFEST.MF                                   |   7 -
 README                                        |  20 +-
 build.xml                                     |  77 -----
 pom.xml                                       |  17 +-
 .../handler/DefaultEncryptionHandler.java     |  24 +-
 .../handler/DefaultPrivilegeHandler.java      | 280 ++++++++++++++----
 .../privilege/handler/EncryptionHandler.java  |  17 +-
 .../privilege/handler/PersistenceHandler.java |   8 +-
 .../privilege/handler/PrivilegeHandler.java   |  28 +-
 .../handler/XmlPersistenceHandler.java        |   8 +-
 .../helper/BootstrapConfigurationHelper.java  |   8 +-
 .../privilege/helper/ClassHelper.java         |   8 +-
 .../eitchnet/privilege/helper/HashHelper.java |   8 +-
 .../helper/InitializationHelper.java          |  14 +-
 .../privilege/helper/PasswordCreaterUI.java   |   8 +-
 .../privilege/helper/PasswordCreator.java     |   8 +-
 .../privilege/helper/XmlConstants.java        |   8 +-
 .../eitchnet/privilege/helper/XmlHelper.java  |   8 +-
 .../privilege/i18n/AccessDeniedException.java |   8 +-
 .../privilege/i18n/PrivilegeException.java    |   8 +-
 .../eitchnet/privilege/model/Certificate.java |   8 +-
 .../privilege/model/PrivilegeRep.java         |   8 +-
 .../privilege/model/Restrictable.java         |   8 +-
 .../ch/eitchnet/privilege/model/RoleRep.java  |   8 +-
 .../ch/eitchnet/privilege/model/UserRep.java  |   8 +-
 .../eitchnet/privilege/model/UserState.java   |   8 +-
 .../privilege/model/internal/Privilege.java   |   8 +-
 .../privilege/model/internal/Role.java        |   8 +-
 .../privilege/model/internal/Session.java     |   8 +-
 .../privilege/model/internal/User.java        |   8 +-
 .../privilege/policy/DefaultPrivilege.java    |   8 +-
 .../privilege/policy/PrivilegePolicy.java     |   8 +-
 .../privilege/test/PrivilegeTest.java         |  68 ++---
 .../privilege/test/TestRestrictable.java      |   8 +-
 34 files changed, 346 insertions(+), 398 deletions(-)
 delete mode 100644 MANIFEST.MF
 delete mode 100644 build.xml

diff --git a/MANIFEST.MF b/MANIFEST.MF
deleted file mode 100644
index 8a69d98b1..000000000
--- a/MANIFEST.MF
+++ /dev/null
@@ -1,7 +0,0 @@
-Manifest-Version: 1.0
-Implementation-Vendor: eitchnet.ch
-Implementation-Title: eitchnet Java Privilege implementation
-Implementation-Version: 0.0.3
-Specification-Vendor: eitchnet.ch
-Specification-Title: eitchnet Java Privilege implementation
-Specification-Version: 0.1
diff --git a/README b/README
index c4c3ef642..73ec1b402 100644
--- a/README
+++ b/README
@@ -17,7 +17,7 @@ a LDAP repository with only the Privilege JAR.
 Privilege is distributed under the GNU Lesser General Public License on 
 Github.com and can be downloaded at 
 
-   https://github.com/eitch/Privilege
+   https://github.com/eitch/ch.eitchnet.privilege
 
 The main developer is Robert von Burg <eitch@eitchnet.ch> who also maintains the
 Github repository. He is available for all questions regarding Privilege
@@ -72,20 +72,10 @@ directory of the Repository
 Compiling
 ################################
 
-Since Privilege is a Java library, it is built using Apache Ant. The build.xml
-file is configured to build Privilege directly from the root directory by simply
-calling ant at the command line:
+Privilege is a Maven3 project and can be built by simply performing the
+following command:
 
-$ ant
-Buildfile: /data/src/apixxo_WS/Privilege/build.xml
-
-dist:
-    [mkdir] Created dir: /data/src/apixxo_WS/Privilege/dist
-    [copy] Copying 28 files to /data/src/apixxo_WS/Privilege/bin
-    [jar] Building jar: /data/src/apixxo_WS/Privilege/dist/Privilege.jar
-
-BUILD SUCCESSFUL
-Total time: 0 seconds
+$ mvn compile
 
 Using
 ################################
@@ -96,7 +86,7 @@ which contains a few test cases including showing how to load Privilege.
 This documentation is still in need of more work, but for any questions please
 don't hesitate to write an e-mail to the developer and we'll find a solution.
 
-	Switzerland, the 7. August 2011
+	Switzerland, the 29. July 2012
 	Robert von Burg
 
 
diff --git a/build.xml b/build.xml
deleted file mode 100644
index 34f371db8..000000000
--- a/build.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-
-<!--
-
-Copyright (c) 2010, 2011
-
-Robert von Burg <eitch@eitchnet.ch>
-
-This file is part of Privilege.
-
-Privilege is free software: you can redistribute it and/or modify
-it under the terms of the GNU Lesser General Public License as published by
-the Free Software Foundation, either version 3 of the License, or
-(at your option) any later version.
-
-Privilege is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU Lesser General Public License for more details.
-
-You should have received a copy of the GNU Lesser General Public License
-along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
-
--->
-
-<project name="Build Jar" default="dist">
-
-	<!-- define export names -->
-	<property name="projectName" value="Privilege" />
-	<property name="jar" value="${projectName}.jar" />
-
-	<!-- define locations -->
-	<property name="buildFolder" location="${basedir}/bin" />
-	<property name="distFolder" location="${basedir}/dist" />
-	<property name="distJar" location="${distFolder}/${jar}" />
-
-	<!-- define class path with eclipse plugins -->
-	<path id="project.class.path">
-		<pathelement path="${java.class.path}" />
-		<fileset dir="${basedir}/lib" includes="*.jar" />
-	</path>
-
-	<target name="dist" description="generate the distribution">
-
-		<!-- create dist directory if it does not exist -->
-		<mkdir dir="${distFolder}" />
-
-		<!-- compile classes -->
-		<javac srcdir="${basedir}/src" destdir="${buildFolder}" classpathref="project.class.path" debug="yes" source="1.6" target="1.6" />
-
-		<!-- copy resources -->
-		<copy todir="${buildFolder}">
-			<fileset dir="${basedir}/src" defaultexcludes="true" />
-			<!--fileset dir="${basedir}/i18n" defaultexcludes="true" /-->
-		</copy>
-
-		<!-- create the jar -->
-		<jar jarfile="${distJar}" basedir="${buildFolder}" manifest="${basedir}/MANIFEST.MF">
-			<fileset dir="${basedir}" defaultexcludes="true" includes="docs/" />
-			<fileset dir="${basedir}" defaultexcludes="true" includes="config/" />
-			<fileset dir="${basedir}" defaultexcludes="true" includes="COPYING*" />
-			<fileset dir="${basedir}" defaultexcludes="true" includes="README" />
-		</jar>
-
-	</target>
-
-	<target name="clean" description="generate the distribution">
-
-		<!-- clean up old data -->
-		<delete includeemptydirs="true" verbose="true">
-			<fileset dir="${distFolder}" includes="**/*" />
-			<fileset dir="${buildFolder}" includes="**/*" />
-		</delete>
-
-	</target>
-
-</project>
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 61b5d186c..5a7c18a40 100644
--- a/pom.xml
+++ b/pom.xml
@@ -4,7 +4,7 @@
   <groupId>ch.eitchnet</groupId>
   <artifactId>ch.eitchnet.privilege</artifactId>
   <packaging>jar</packaging>
-  <version>1.0-SNAPSHOT</version>
+  <version>0.1.0-SNAPSHOT</version>
   <name>ch.eitchnet.privilege</name>
   <url>https://github.com/eitch/ch.eitchnet.privilege</url>
 
@@ -156,6 +156,21 @@
           <target>1.6</target>
         </configuration>
       </plugin>
+      
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-source-plugin</artifactId>
+        <version>2.1.2</version>
+        <executions>
+          <execution>
+            <id>attach-sources</id>
+            <phase>verify</phase>
+            <goals>
+              <goal>jar-no-fork</goal>
+            </goals>
+          </execution>
+        </executions>
+      </plugin>
 
       <plugin>
         <groupId>org.apache.maven.plugins</groupId>
diff --git a/src/main/java/ch/eitchnet/privilege/handler/DefaultEncryptionHandler.java b/src/main/java/ch/eitchnet/privilege/handler/DefaultEncryptionHandler.java
index 10d02c49e..98a5609ba 100644
--- a/src/main/java/ch/eitchnet/privilege/handler/DefaultEncryptionHandler.java
+++ b/src/main/java/ch/eitchnet/privilege/handler/DefaultEncryptionHandler.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.handler;
 
 import java.io.UnsupportedEncodingException;
@@ -84,6 +78,22 @@ public class DefaultEncryptionHandler implements EncryptionHandler {
 		}
 	}
 
+	/**
+	 * @see ch.eitchnet.privilege.handler.EncryptionHandler#convertToHash(java.lang.String)
+	 */
+	@Override
+	public String convertToHash(byte[] bytes) {
+		try {
+
+			return HashHelper.stringToHash(this.hashAlgorithm, bytes);
+
+		} catch (NoSuchAlgorithmException e) {
+			throw new PrivilegeException("Algorithm " + this.hashAlgorithm + " was not found!", e);
+		} catch (UnsupportedEncodingException e) {
+			throw new PrivilegeException("Charset ASCII is not supported!", e);
+		}
+	}
+
 	/**
 	 * @see ch.eitchnet.privilege.handler.EncryptionHandler#nextToken()
 	 */
diff --git a/src/main/java/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java b/src/main/java/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
index 28442e470..748619a16 100644
--- a/src/main/java/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
+++ b/src/main/java/ch/eitchnet/privilege/handler/DefaultPrivilegeHandler.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,12 +17,13 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.handler;
 
+import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
@@ -112,7 +108,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 	public RoleRep getRole(String roleName) {
 		Role role = this.persistenceHandler.getRole(roleName);
 		if (role == null)
-			throw new PrivilegeException("Role " + roleName + " does not exist!");
+			return null;
 		return role.asRoleRep();
 	}
 
@@ -123,7 +119,7 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 	public UserRep getUser(String username) {
 		User user = this.persistenceHandler.getUser(username);
 		if (user == null)
-			throw new PrivilegeException("User " + username + " does not exist!");
+			return null;
 		return user.asUserRep();
 	}
 
@@ -162,6 +158,135 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 		return policy;
 	}
 
+	/**
+	 * @see ch.eitchnet.privilege.handler.PrivilegeHandler#queryUsers(ch.eitchnet.privilege.model.UserRep)
+	 */
+	@Override
+	public List<UserRep> queryUsers(UserRep selectorRep) {
+
+		String selUserId = selectorRep.getUserId();
+		String selUsername = selectorRep.getUsername();
+		String selFirstname = selectorRep.getFirstname();
+		String selSurname = selectorRep.getSurname();
+		UserState selUserState = selectorRep.getUserState();
+		Locale selLocale = selectorRep.getLocale();
+		Set<String> selRoles = selectorRep.getRoles();
+		Map<String, String> selPropertyMap = selectorRep.getProperties();
+
+		List<UserRep> result = new ArrayList<UserRep>();
+		List<User> allUsers = this.persistenceHandler.getAllUsers();
+		for (User user : allUsers) {
+
+			// selections
+			boolean userIdSelected;
+			boolean usernameSelected;
+			boolean firstnameSelected;
+			boolean surnameSelected;
+			boolean userStateSelected;
+			boolean localeSelected;
+			boolean roleSelected;
+			boolean propertySelected;
+
+			// userId
+			if (selUserId == null)
+				userIdSelected = true;
+			else if (selUserId.equals(user.getUserId()))
+				userIdSelected = true;
+			else
+				userIdSelected = false;
+
+			// username
+			if (selUsername == null)
+				usernameSelected = true;
+			else if (selUsername.equals(user.getUsername()))
+				usernameSelected = true;
+			else
+				usernameSelected = false;
+
+			// firstname
+			if (selFirstname == null)
+				firstnameSelected = true;
+			else if (selFirstname.equals(user.getFirstname()))
+				firstnameSelected = true;
+			else
+				firstnameSelected = false;
+
+			// surname
+			if (selSurname == null)
+				surnameSelected = true;
+			else if (selSurname.equals(user.getSurname()))
+				surnameSelected = true;
+			else
+				surnameSelected = false;
+
+			// user state
+			if (selUserState == null)
+				userStateSelected = true;
+			else if (selUserState.equals(user.getUserState()))
+				userStateSelected = true;
+			else
+				userStateSelected = false;
+
+			// locale
+			if (selLocale == null)
+				localeSelected = true;
+			else if (selLocale.equals(user.getLocale()))
+				localeSelected = true;
+			else
+				localeSelected = false;
+
+			// roles
+			roleSelected = isSelectedByRole(selRoles, user.getRoles());
+
+			// properties
+			propertySelected = isSelectedByProperty(selPropertyMap, user.getProperties());
+
+			boolean selected = userIdSelected && usernameSelected && firstnameSelected && surnameSelected
+					&& userStateSelected && localeSelected && roleSelected && propertySelected;
+
+			if (selected)
+				result.add(user.asUserRep());
+		}
+
+		return result;
+	}
+
+	/**
+	 * @param selPropertyMap
+	 * @param properties
+	 * @return
+	 */
+	private boolean isSelectedByProperty(Map<String, String> selPropertyMap, Map<String, String> properties) {
+
+		if (selPropertyMap == null)
+			return true;
+
+		if (selPropertyMap.isEmpty() && properties.isEmpty())
+			return true;
+
+		for (String selKey : selPropertyMap.keySet()) {
+
+			String value = properties.get(selKey);
+			if (value == null || !value.equals(selPropertyMap.get(selKey)))
+				return false;
+		}
+
+		return true;
+	}
+
+	/**
+	 * @param selRoles
+	 * @param roles
+	 * @return
+	 */
+	private boolean isSelectedByRole(Set<String> selRoles, Set<String> roles) {
+
+		if (selRoles == null)
+			return true;
+
+		return roles.containsAll(selRoles);
+	}
+
 	/**
 	 * @see ch.eitchnet.privilege.handler.PrivilegeHandler#addOrReplaceRole(ch.eitchnet.privilege.model.Certificate,
 	 *      ch.eitchnet.privilege.model.RoleRep)
@@ -187,29 +312,34 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 	 *      ch.eitchnet.privilege.model.UserRep, java.lang.String)
 	 */
 	@Override
-	public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password) {
+	public void addOrReplaceUser(Certificate certificate, UserRep userRep, byte[] password) {
+		try {
 
-		// validate who is doing this
-		validateIsPrivilegeAdmin(certificate);
+			// validate who is doing this
+			validateIsPrivilegeAdmin(certificate);
 
-		String passwordHash = null;
-		if (password != null) {
+			String passwordHash = null;
+			if (password != null) {
 
-			// validate password meets basic requirements
-			validatePassword(password);
+				// validate password meets basic requirements
+				validatePassword(password);
 
-			// hash password
-			passwordHash = this.encryptionHandler.convertToHash(password);
+				// hash password
+				passwordHash = this.encryptionHandler.convertToHash(password);
+			}
+
+			// create new user
+			// XXX should the collections be recreated and the getRoles() and getProperties() methods be removed?
+			User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(),
+					userRep.getSurname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale(),
+					userRep.getProperties());
+
+			// delegate to persistence handler
+			this.persistenceHandler.addOrReplaceUser(user);
+
+		} finally {
+			clearPassword(password);
 		}
-
-		// create new user
-		// XXX should the collections be recreated and the getRoles() and getProperties() methods be removed?
-		User user = new User(userRep.getUserId(), userRep.getUsername(), passwordHash, userRep.getFirstname(),
-				userRep.getSurname(), userRep.getUserState(), userRep.getRoles(), userRep.getLocale(),
-				userRep.getProperties());
-
-		// delegate to persistence handler
-		this.persistenceHandler.addOrReplaceUser(user);
 	}
 
 	/**
@@ -450,42 +580,47 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 	 *      java.lang.String, java.lang.String)
 	 */
 	@Override
-	public void setUserPassword(Certificate certificate, String username, String password) {
+	public void setUserPassword(Certificate certificate, String username, byte[] password) {
+		try {
 
-		// check if certificate is for same user, in which case user is changing their own password
-		if (certificate.getUsername().equals(username)) {
+			// check if certificate is for same user, in which case user is changing their own password
+			if (certificate.getUsername().equals(username)) {
 
-			// validate the certificate
-			isCertificateValid(certificate);
+				// validate the certificate
+				isCertificateValid(certificate);
 
-		} else {
+			} else {
 
-			// otherwise validate the the certificate is for a privilege admin
-			validateIsPrivilegeAdmin(certificate);
+				// otherwise validate the the certificate is for a privilege admin
+				validateIsPrivilegeAdmin(certificate);
+			}
+
+			// get User
+			User user = this.persistenceHandler.getUser(username);
+			if (user == null) {
+				throw new PrivilegeException("User " + username + " does not exist!");
+			}
+
+			String passwordHash = null;
+			if (password != null) {
+
+				// validate password meets basic requirements
+				validatePassword(password);
+
+				// hash password
+				passwordHash = this.encryptionHandler.convertToHash(password);
+			}
+
+			// create new user
+			User newUser = new User(user.getUserId(), user.getUsername(), passwordHash, user.getFirstname(),
+					user.getSurname(), user.getUserState(), user.getRoles(), user.getLocale(), user.getProperties());
+
+			// delegate user replacement to persistence handler
+			this.persistenceHandler.addOrReplaceUser(newUser);
+
+		} finally {
+			clearPassword(password);
 		}
-
-		// get User
-		User user = this.persistenceHandler.getUser(username);
-		if (user == null) {
-			throw new PrivilegeException("User " + username + " does not exist!");
-		}
-
-		String passwordHash = null;
-		if (password != null) {
-
-			// validate password meets basic requirements
-			validatePassword(password);
-
-			// hash password
-			passwordHash = this.encryptionHandler.convertToHash(password);
-		}
-
-		// create new user
-		User newUser = new User(user.getUserId(), user.getUsername(), passwordHash, user.getFirstname(),
-				user.getSurname(), user.getUserState(), user.getRoles(), user.getLocale(), user.getProperties());
-
-		// delegate user replacement to persistence handler
-		this.persistenceHandler.addOrReplaceUser(newUser);
 	}
 
 	/**
@@ -519,16 +654,17 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 	 *             if the user credentials are not valid
 	 */
 	@Override
-	public Certificate authenticate(String username, String password) {
+	public Certificate authenticate(String username, byte[] password) {
 
 		// create certificate
 		Certificate certificate;
 		try {
-			// both username and password must at least have 3 characters in length
+			// username must be at least 3 characters in length
 			if (username == null || username.length() < 3)
 				throw new PrivilegeException("The given username is shorter than 3 characters");
-			else if (password == null || password.length() < 3)
-				throw new PrivilegeException("The given password is shorter than 3 characters");
+
+			// and validate the password
+			validatePassword(password);
 
 			// we only work with hashed passwords
 			String passwordHash = this.encryptionHandler.convertToHash(password);
@@ -578,6 +714,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 		} catch (RuntimeException e) {
 			logger.error("User " + username + " Failed to authenticate: " + e.getLocalizedMessage());
 			throw e;
+		} finally {
+			clearPassword(password);
 		}
 
 		// return the certificate
@@ -801,11 +939,15 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 	 * @see ch.eitchnet.privilege.handler.PrivilegeHandler#validatePassword(java.lang.String)
 	 */
 	@Override
-	public void validatePassword(String password) throws PrivilegeException {
+	public void validatePassword(byte[] password) throws PrivilegeException {
 
-		if (password == null || password.isEmpty()) {
+		if (password == null || password.length == 0) {
 			throw new PrivilegeException("A password may not be empty!");
 		}
+
+		if (password.length < 3) {
+			throw new PrivilegeException("The given password is shorter than 3 characters");
+		}
 	}
 
 	/**
@@ -909,4 +1051,14 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 		}
 	}
 
+	/**
+	 * @param password
+	 */
+	private void clearPassword(byte[] password) {
+		if (password != null) {
+			for (int i = 0; i < password.length; i++) {
+				password[i] = 0;
+			}
+		}
+	}
 }
diff --git a/src/main/java/ch/eitchnet/privilege/handler/EncryptionHandler.java b/src/main/java/ch/eitchnet/privilege/handler/EncryptionHandler.java
index 50d758173..b25dbd82a 100644
--- a/src/main/java/ch/eitchnet/privilege/handler/EncryptionHandler.java
+++ b/src/main/java/ch/eitchnet/privilege/handler/EncryptionHandler.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.handler;
 
 import java.util.Map;
@@ -51,6 +45,15 @@ public interface EncryptionHandler {
 	 * @return the hash of the string after converting
 	 */
 	public String convertToHash(String string);
+	
+	/**
+	 * Converts a given byte array, e.g. a password to a hash which is defined by the concrete implementation
+	 * 
+	 * @param bytes
+	 *            the bytes to convert
+	 * @return the hash of the string after converting
+	 */
+	public String convertToHash(byte[] bytes);
 
 	/**
 	 * Initialize the concrete {@link EncryptionHandler}. The passed parameter map contains any configuration the
diff --git a/src/main/java/ch/eitchnet/privilege/handler/PersistenceHandler.java b/src/main/java/ch/eitchnet/privilege/handler/PersistenceHandler.java
index 29ad14fac..bba8f20c0 100644
--- a/src/main/java/ch/eitchnet/privilege/handler/PersistenceHandler.java
+++ b/src/main/java/ch/eitchnet/privilege/handler/PersistenceHandler.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.handler;
 
 import java.util.List;
diff --git a/src/main/java/ch/eitchnet/privilege/handler/PrivilegeHandler.java b/src/main/java/ch/eitchnet/privilege/handler/PrivilegeHandler.java
index 03bda0c84..c6577ea64 100644
--- a/src/main/java/ch/eitchnet/privilege/handler/PrivilegeHandler.java
+++ b/src/main/java/ch/eitchnet/privilege/handler/PrivilegeHandler.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,9 +17,9 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.handler;
 
+import java.util.List;
 import java.util.Locale;
 
 import ch.eitchnet.privilege.i18n.AccessDeniedException;
@@ -75,6 +70,17 @@ public interface PrivilegeHandler {
 	 */
 	public RoleRep getRole(String roleName);
 
+	/**
+	 * Method to query {@link UserRep} which meet the criteria set in the given {@link UserRep}. Null fields mean the
+	 * fields are not relevant.
+	 * 
+	 * @param selectorRep
+	 *            the {@link UserRep} to use as criteria selection
+	 * 
+	 * @return a list of {@link UserRep}s which fit the given criteria
+	 */
+	public List<UserRep> queryUsers(UserRep selectorRep);
+
 	/**
 	 * Removes the user with the given username
 	 * 
@@ -171,7 +177,7 @@ public interface PrivilegeHandler {
 	 * @throws PrivilegeException
 	 *             if there is anything wrong with this certificate
 	 */
-	public void addOrReplaceUser(Certificate certificate, UserRep userRep, String password)
+	public void addOrReplaceUser(Certificate certificate, UserRep userRep, byte[] password)
 			throws AccessDeniedException, PrivilegeException;
 
 	/**
@@ -251,7 +257,7 @@ public interface PrivilegeHandler {
 	 * @throws PrivilegeException
 	 *             if there is anything wrong with this certificate
 	 */
-	public void setUserPassword(Certificate certificate, String username, String password)
+	public void setUserPassword(Certificate certificate, String username, byte[] password)
 			throws AccessDeniedException, PrivilegeException;
 
 	/**
@@ -326,7 +332,7 @@ public interface PrivilegeHandler {
 	 * @throws AccessDeniedException
 	 *             if the user credentials are not valid
 	 */
-	public Certificate authenticate(String username, String password) throws AccessDeniedException;
+	public Certificate authenticate(String username, byte[] password) throws AccessDeniedException;
 
 	/**
 	 * Invalidates the {@link Session} for the given {@link Certificate}, effectively logging out the user who was
@@ -416,7 +422,7 @@ public interface PrivilegeHandler {
 	 * @throws PrivilegeException
 	 *             if the password does not implement the requirement of the concrete implementation
 	 */
-	public void validatePassword(String password) throws PrivilegeException;
+	public void validatePassword(byte[] password) throws PrivilegeException;
 
 	/**
 	 * Persists any changes to the privilege data model. Changes are thus not persisted immediately, but must be
diff --git a/src/main/java/ch/eitchnet/privilege/handler/XmlPersistenceHandler.java b/src/main/java/ch/eitchnet/privilege/handler/XmlPersistenceHandler.java
index 6910ad735..9e2608437 100644
--- a/src/main/java/ch/eitchnet/privilege/handler/XmlPersistenceHandler.java
+++ b/src/main/java/ch/eitchnet/privilege/handler/XmlPersistenceHandler.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.handler;
 
 import java.io.File;
diff --git a/src/main/java/ch/eitchnet/privilege/helper/BootstrapConfigurationHelper.java b/src/main/java/ch/eitchnet/privilege/helper/BootstrapConfigurationHelper.java
index 386ce8476..42677a198 100644
--- a/src/main/java/ch/eitchnet/privilege/helper/BootstrapConfigurationHelper.java
+++ b/src/main/java/ch/eitchnet/privilege/helper/BootstrapConfigurationHelper.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.helper;
 
 import java.io.File;
diff --git a/src/main/java/ch/eitchnet/privilege/helper/ClassHelper.java b/src/main/java/ch/eitchnet/privilege/helper/ClassHelper.java
index 7a741681f..41b10b775 100644
--- a/src/main/java/ch/eitchnet/privilege/helper/ClassHelper.java
+++ b/src/main/java/ch/eitchnet/privilege/helper/ClassHelper.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.helper;
 
 import ch.eitchnet.privilege.i18n.PrivilegeException;
diff --git a/src/main/java/ch/eitchnet/privilege/helper/HashHelper.java b/src/main/java/ch/eitchnet/privilege/helper/HashHelper.java
index 628ac518a..b0da71fee 100644
--- a/src/main/java/ch/eitchnet/privilege/helper/HashHelper.java
+++ b/src/main/java/ch/eitchnet/privilege/helper/HashHelper.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.helper;
 
 import java.io.UnsupportedEncodingException;
diff --git a/src/main/java/ch/eitchnet/privilege/helper/InitializationHelper.java b/src/main/java/ch/eitchnet/privilege/helper/InitializationHelper.java
index 9f2dda7ba..fad40de25 100644
--- a/src/main/java/ch/eitchnet/privilege/helper/InitializationHelper.java
+++ b/src/main/java/ch/eitchnet/privilege/helper/InitializationHelper.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.helper;
 
 import java.io.File;
@@ -40,6 +34,8 @@ import ch.eitchnet.privilege.handler.PersistenceHandler;
 import ch.eitchnet.privilege.handler.PrivilegeHandler;
 import ch.eitchnet.privilege.i18n.PrivilegeException;
 import ch.eitchnet.privilege.policy.PrivilegePolicy;
+import ch.eitchnet.utils.helper.StringHelper;
+import ch.eitchnet.utils.helper.SystemHelper;
 
 /**
  * This class implements the initializing of the {@link PrivilegeHandler} by loading an XML file containing the
@@ -163,6 +159,10 @@ public class InitializationHelper {
 		for (Element parameter : elements) {
 			String name = parameter.attributeValue(XmlConstants.XML_ATTR_NAME);
 			String value = parameter.attributeValue(XmlConstants.XML_ATTR_VALUE);
+			
+			// replace any defined system properties
+			value = StringHelper.replaceSystemPropertiesIn(value);
+			
 			parameterMap.put(name, value);
 		}
 
diff --git a/src/main/java/ch/eitchnet/privilege/helper/PasswordCreaterUI.java b/src/main/java/ch/eitchnet/privilege/helper/PasswordCreaterUI.java
index ad6aa9546..f2c4231c8 100644
--- a/src/main/java/ch/eitchnet/privilege/helper/PasswordCreaterUI.java
+++ b/src/main/java/ch/eitchnet/privilege/helper/PasswordCreaterUI.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.helper;
 
 import java.awt.Dimension;
diff --git a/src/main/java/ch/eitchnet/privilege/helper/PasswordCreator.java b/src/main/java/ch/eitchnet/privilege/helper/PasswordCreator.java
index f57a5615e..228cd529c 100644
--- a/src/main/java/ch/eitchnet/privilege/helper/PasswordCreator.java
+++ b/src/main/java/ch/eitchnet/privilege/helper/PasswordCreator.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.helper;
 
 import java.io.BufferedReader;
diff --git a/src/main/java/ch/eitchnet/privilege/helper/XmlConstants.java b/src/main/java/ch/eitchnet/privilege/helper/XmlConstants.java
index c554473a9..3a9a16bc3 100644
--- a/src/main/java/ch/eitchnet/privilege/helper/XmlConstants.java
+++ b/src/main/java/ch/eitchnet/privilege/helper/XmlConstants.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.helper;
 
 /**
diff --git a/src/main/java/ch/eitchnet/privilege/helper/XmlHelper.java b/src/main/java/ch/eitchnet/privilege/helper/XmlHelper.java
index 50433c212..9cb3786b7 100644
--- a/src/main/java/ch/eitchnet/privilege/helper/XmlHelper.java
+++ b/src/main/java/ch/eitchnet/privilege/helper/XmlHelper.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.helper;
 
 import java.io.File;
diff --git a/src/main/java/ch/eitchnet/privilege/i18n/AccessDeniedException.java b/src/main/java/ch/eitchnet/privilege/i18n/AccessDeniedException.java
index 5e9029717..818335103 100644
--- a/src/main/java/ch/eitchnet/privilege/i18n/AccessDeniedException.java
+++ b/src/main/java/ch/eitchnet/privilege/i18n/AccessDeniedException.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.i18n;
 
 /**
diff --git a/src/main/java/ch/eitchnet/privilege/i18n/PrivilegeException.java b/src/main/java/ch/eitchnet/privilege/i18n/PrivilegeException.java
index db281372a..0f9fe5111 100644
--- a/src/main/java/ch/eitchnet/privilege/i18n/PrivilegeException.java
+++ b/src/main/java/ch/eitchnet/privilege/i18n/PrivilegeException.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.i18n;
 
 /**
diff --git a/src/main/java/ch/eitchnet/privilege/model/Certificate.java b/src/main/java/ch/eitchnet/privilege/model/Certificate.java
index 762ff0606..87d30a3da 100644
--- a/src/main/java/ch/eitchnet/privilege/model/Certificate.java
+++ b/src/main/java/ch/eitchnet/privilege/model/Certificate.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model;
 
 import java.io.Serializable;
diff --git a/src/main/java/ch/eitchnet/privilege/model/PrivilegeRep.java b/src/main/java/ch/eitchnet/privilege/model/PrivilegeRep.java
index 6d39f685e..e13d6a1f4 100644
--- a/src/main/java/ch/eitchnet/privilege/model/PrivilegeRep.java
+++ b/src/main/java/ch/eitchnet/privilege/model/PrivilegeRep.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model;
 
 import java.io.Serializable;
diff --git a/src/main/java/ch/eitchnet/privilege/model/Restrictable.java b/src/main/java/ch/eitchnet/privilege/model/Restrictable.java
index d3d401a61..95ef2e3c4 100644
--- a/src/main/java/ch/eitchnet/privilege/model/Restrictable.java
+++ b/src/main/java/ch/eitchnet/privilege/model/Restrictable.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model;
 
 import ch.eitchnet.privilege.model.internal.Privilege;
diff --git a/src/main/java/ch/eitchnet/privilege/model/RoleRep.java b/src/main/java/ch/eitchnet/privilege/model/RoleRep.java
index 4af09ca17..f7a37a0f5 100644
--- a/src/main/java/ch/eitchnet/privilege/model/RoleRep.java
+++ b/src/main/java/ch/eitchnet/privilege/model/RoleRep.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model;
 
 import java.io.Serializable;
diff --git a/src/main/java/ch/eitchnet/privilege/model/UserRep.java b/src/main/java/ch/eitchnet/privilege/model/UserRep.java
index 38e3562e3..66b27284c 100644
--- a/src/main/java/ch/eitchnet/privilege/model/UserRep.java
+++ b/src/main/java/ch/eitchnet/privilege/model/UserRep.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model;
 
 import java.io.Serializable;
diff --git a/src/main/java/ch/eitchnet/privilege/model/UserState.java b/src/main/java/ch/eitchnet/privilege/model/UserState.java
index d98b9df14..4b451b66f 100644
--- a/src/main/java/ch/eitchnet/privilege/model/UserState.java
+++ b/src/main/java/ch/eitchnet/privilege/model/UserState.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model;
 
 import ch.eitchnet.privilege.model.internal.User;
diff --git a/src/main/java/ch/eitchnet/privilege/model/internal/Privilege.java b/src/main/java/ch/eitchnet/privilege/model/internal/Privilege.java
index 2ee6121f5..c62456fbd 100644
--- a/src/main/java/ch/eitchnet/privilege/model/internal/Privilege.java
+++ b/src/main/java/ch/eitchnet/privilege/model/internal/Privilege.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model.internal;
 
 import java.util.Collections;
diff --git a/src/main/java/ch/eitchnet/privilege/model/internal/Role.java b/src/main/java/ch/eitchnet/privilege/model/internal/Role.java
index aa76e6bd6..ab929ffde 100644
--- a/src/main/java/ch/eitchnet/privilege/model/internal/Role.java
+++ b/src/main/java/ch/eitchnet/privilege/model/internal/Role.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model.internal;
 
 import java.util.Collections;
diff --git a/src/main/java/ch/eitchnet/privilege/model/internal/Session.java b/src/main/java/ch/eitchnet/privilege/model/internal/Session.java
index 2210c8fc3..7e3bb8614 100644
--- a/src/main/java/ch/eitchnet/privilege/model/internal/Session.java
+++ b/src/main/java/ch/eitchnet/privilege/model/internal/Session.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model.internal;
 
 import ch.eitchnet.privilege.handler.PrivilegeHandler;
diff --git a/src/main/java/ch/eitchnet/privilege/model/internal/User.java b/src/main/java/ch/eitchnet/privilege/model/internal/User.java
index bdfc7a438..9e12026ac 100644
--- a/src/main/java/ch/eitchnet/privilege/model/internal/User.java
+++ b/src/main/java/ch/eitchnet/privilege/model/internal/User.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.model.internal;
 
 import java.util.Collections;
diff --git a/src/main/java/ch/eitchnet/privilege/policy/DefaultPrivilege.java b/src/main/java/ch/eitchnet/privilege/policy/DefaultPrivilege.java
index bd67adf0e..ebb061656 100644
--- a/src/main/java/ch/eitchnet/privilege/policy/DefaultPrivilege.java
+++ b/src/main/java/ch/eitchnet/privilege/policy/DefaultPrivilege.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.policy;
 
 import ch.eitchnet.privilege.i18n.AccessDeniedException;
diff --git a/src/main/java/ch/eitchnet/privilege/policy/PrivilegePolicy.java b/src/main/java/ch/eitchnet/privilege/policy/PrivilegePolicy.java
index 9c0d14bb0..50fc79837 100644
--- a/src/main/java/ch/eitchnet/privilege/policy/PrivilegePolicy.java
+++ b/src/main/java/ch/eitchnet/privilege/policy/PrivilegePolicy.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.policy;
 
 import ch.eitchnet.privilege.i18n.AccessDeniedException;
diff --git a/src/test/java/ch/eitchnet/privilege/test/PrivilegeTest.java b/src/test/java/ch/eitchnet/privilege/test/PrivilegeTest.java
index 859ff4415..2bd5c0a77 100644
--- a/src/test/java/ch/eitchnet/privilege/test/PrivilegeTest.java
+++ b/src/test/java/ch/eitchnet/privilege/test/PrivilegeTest.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.test;
 
 import java.io.File;
@@ -58,15 +52,15 @@ import ch.eitchnet.privilege.model.UserState;
 public class PrivilegeTest {
 
 	private static final String ADMIN = "admin";
-	private static final String PASS_ADMIN = "admin";
+	private static final byte[] PASS_ADMIN = "admin".getBytes();
 	private static final String BOB = "bob";
 	private static final String TED = "ted";
-	private static final String PASS_BOB = "admin1";
+	private static final byte[] PASS_BOB = "admin1".getBytes();
 	private static final String ROLE_FEATHERLITE_USER = "FeatherliteUser";
 	private static final String ROLE_USER = "user";
-	private static final String PASS_DEF = "def";
-	private static final String PASS_BAD = "123";
-	private static final String PASS_TED = "12345";
+	private static final byte[] PASS_DEF = "def".getBytes();
+	private static final byte[] PASS_BAD = "123".getBytes();
+	private static final byte[] PASS_TED = "12345".getBytes();
 
 	private static final Logger logger = Logger.getLogger(PrivilegeTest.class);
 
@@ -103,11 +97,17 @@ public class PrivilegeTest {
 	@Test
 	public void testAuthenticationOk() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 		privilegeHandler.invalidateSession(certificate);
 	}
 
+	private byte[] copyBytes(byte[] bytes) {
+		byte[] copy = new byte[bytes.length];
+		System.arraycopy(bytes, 0, copy, 0, bytes.length);
+		return copy;
+	}
+
 	/**
 	 * @throws Exception
 	 *             if something goes wrong
@@ -115,7 +115,7 @@ public class PrivilegeTest {
 	@Test(expected = AccessDeniedException.class)
 	public void testFailAuthenticationNOk() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_BAD);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_BAD));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 		privilegeHandler.invalidateSession(certificate);
 	}
@@ -139,7 +139,7 @@ public class PrivilegeTest {
 	@Test
 	public void testAddUserBobAsAdmin() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
 
 		// let's add a new user bob
 		UserRep userRep = new UserRep("1", BOB, "Bob", "Newman", UserState.NEW, new HashSet<String>(), null,
@@ -148,7 +148,7 @@ public class PrivilegeTest {
 		logger.info("Added user " + BOB);
 
 		// set bob's password
-		privilegeHandler.setUserPassword(certificate, BOB, PASS_BOB);
+		privilegeHandler.setUserPassword(certificate, BOB, copyBytes(PASS_BOB));
 		logger.info("Set Bob's password");
 		privilegeHandler.invalidateSession(certificate);
 	}
@@ -161,7 +161,7 @@ public class PrivilegeTest {
 	 */
 	@Test(expected = AccessDeniedException.class)
 	public void testFailAuthAsBob() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
+		Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
 		privilegeHandler.invalidateSession(certificate);
 	}
 
@@ -171,7 +171,7 @@ public class PrivilegeTest {
 	 */
 	@Test
 	public void testEnableUserBob() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
 		privilegeHandler.setUserState(certificate, BOB, UserState.ENABLED);
 		privilegeHandler.invalidateSession(certificate);
 	}
@@ -185,7 +185,7 @@ public class PrivilegeTest {
 	@Test(expected = PrivilegeException.class)
 	public void testFailAuthUserBob() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
+		Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 		privilegeHandler.invalidateSession(certificate);
 	}
@@ -196,7 +196,7 @@ public class PrivilegeTest {
 	 */
 	@Test
 	public void testAddRole() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
 
 		Map<String, PrivilegeRep> privilegeMap = new HashMap<String, PrivilegeRep>();
 		RoleRep roleRep = new RoleRep(ROLE_USER, privilegeMap);
@@ -211,7 +211,7 @@ public class PrivilegeTest {
 	 */
 	@Test
 	public void testAddRoleToBob() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
 		privilegeHandler.addRoleToUser(certificate, BOB, ROLE_USER);
 		privilegeHandler.invalidateSession(certificate);
 	}
@@ -222,7 +222,7 @@ public class PrivilegeTest {
 	 */
 	@Test
 	public void testAuthAsBob() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
+		Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
 		privilegeHandler.invalidateSession(certificate);
 	}
 
@@ -236,7 +236,7 @@ public class PrivilegeTest {
 	public void testFailAddUserTedAsBob() throws Exception {
 
 		// auth as Bog
-		Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
+		Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 
 		// let's add a new user Ted
@@ -254,7 +254,7 @@ public class PrivilegeTest {
 	@Test
 	public void testAddAdminRoleToBob() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
 		privilegeHandler.addRoleToUser(certificate, BOB, PrivilegeHandler.PRIVILEGE_ADMIN_ROLE);
 		logger.info("Added " + PrivilegeHandler.PRIVILEGE_ADMIN_ROLE + " to " + ADMIN);
 		privilegeHandler.invalidateSession(certificate);
@@ -267,7 +267,7 @@ public class PrivilegeTest {
 	@Test
 	public void testAddUserTedAsBob() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
+		Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 
 		// let's add a new user ted
@@ -288,11 +288,11 @@ public class PrivilegeTest {
 	@Test
 	public void testSetTedPwdAsBob() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
+		Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 
 		// set ted's password to default
-		privilegeHandler.setUserPassword(certificate, TED, PASS_DEF);
+		privilegeHandler.setUserPassword(certificate, TED, copyBytes(PASS_DEF));
 
 		privilegeHandler.invalidateSession(certificate);
 	}
@@ -303,8 +303,8 @@ public class PrivilegeTest {
 	 */
 	@Test
 	public void testTedChangesOwnPwd() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(TED, PASS_DEF);
-		privilegeHandler.setUserPassword(certificate, TED, PASS_TED);
+		Certificate certificate = privilegeHandler.authenticate(TED, copyBytes(PASS_DEF));
+		privilegeHandler.setUserPassword(certificate, TED, copyBytes(PASS_TED));
 		privilegeHandler.invalidateSession(certificate);
 	}
 
@@ -314,7 +314,7 @@ public class PrivilegeTest {
 	 */
 	@Test
 	public void testAuthAsTed() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(TED, PASS_TED);
+		Certificate certificate = privilegeHandler.authenticate(TED, copyBytes(PASS_TED));
 		privilegeHandler.invalidateSession(certificate);
 	}
 
@@ -325,7 +325,7 @@ public class PrivilegeTest {
 	@Test
 	public void testPerformRestrictableAsAdmin() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 
 		// see if eitch can perform restrictable
@@ -342,7 +342,7 @@ public class PrivilegeTest {
 	 */
 	@Test(expected = AccessDeniedException.class)
 	public void testFailPerformRestrictableAsBob() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
+		Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 
 		// see if bob can perform restrictable
@@ -361,7 +361,7 @@ public class PrivilegeTest {
 	@Test
 	public void testAddFeatherliteRoleToBob() throws Exception {
 
-		Certificate certificate = privilegeHandler.authenticate(ADMIN, PASS_ADMIN);
+		Certificate certificate = privilegeHandler.authenticate(ADMIN, copyBytes(PASS_ADMIN));
 		privilegeHandler.addRoleToUser(certificate, BOB, ROLE_FEATHERLITE_USER);
 		logger.info("Added " + ROLE_FEATHERLITE_USER + " to " + BOB);
 		privilegeHandler.invalidateSession(certificate);
@@ -375,7 +375,7 @@ public class PrivilegeTest {
 	 */
 	@Test
 	public void testPerformRestrictableAsBob() throws Exception {
-		Certificate certificate = privilegeHandler.authenticate(BOB, PASS_BOB);
+		Certificate certificate = privilegeHandler.authenticate(BOB, copyBytes(PASS_BOB));
 		org.junit.Assert.assertTrue("Certificate is null!", certificate != null);
 
 		// see if bob can perform restrictable
diff --git a/src/test/java/ch/eitchnet/privilege/test/TestRestrictable.java b/src/test/java/ch/eitchnet/privilege/test/TestRestrictable.java
index e384e89df..117103ee6 100644
--- a/src/test/java/ch/eitchnet/privilege/test/TestRestrictable.java
+++ b/src/test/java/ch/eitchnet/privilege/test/TestRestrictable.java
@@ -1,11 +1,6 @@
 /*
- * Copyright (c) 2010, 2011
+ * Copyright (c) 2010 - 2012
  * 
- * Robert von Burg <eitch@eitchnet.ch>
- * 
- */
-
-/*
  * This file is part of Privilege.
  *
  * Privilege is free software: you can redistribute it and/or modify
@@ -22,7 +17,6 @@
  * along with Privilege.  If not, see <http://www.gnu.org/licenses/>.
  * 
  */
-
 package ch.eitchnet.privilege.test;
 
 import ch.eitchnet.privilege.model.Restrictable;