map conversion bug fix
diff --git a/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java b/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
index 5b961f8..ba271f0 100644
--- a/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
+++ b/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
@@ -26,10 +26,10 @@
 @Getter
 public class KustvaktConfiguration {
 
-    public static final Map<String, String> KUSTVAKT_USER = new HashMap<>();
+    public static final Map<String, Object> KUSTVAKT_USER = new HashMap<>();
 
     static {
-        KUSTVAKT_USER.put(Attributes.ID, "1");
+        KUSTVAKT_USER.put(Attributes.ID, 1);
         KUSTVAKT_USER.put(Attributes.USERNAME, "kustvakt");
         KUSTVAKT_USER.put(Attributes.PASSWORD, "kustvakt2015");
         KUSTVAKT_USER.put(Attributes.EMAIL, "kustvakt@ids-mannheim.de");
diff --git a/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java b/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
index bb2753b..c44888f 100644
--- a/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
+++ b/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
@@ -47,7 +47,6 @@
     public static final Integer CLIENT_REMOVAL_FAILURE = 215;
     public static final Integer CLIENT_AUTHORIZATION_FAILURE = 216;
 
-
     /**
      * 500 status codes for access control related components (also policy rewrite)
      */
@@ -66,6 +65,7 @@
     public static final Integer MISSING_POLICY_TARGET = 412;
     public static final Integer MISSING_POLICY_CONDITIONS = 413;
     public static final Integer MISSING_POLICY_PERMISSION = 414;
+    public static final Integer RESOURCE_NOT_FOUND = 415;
 
     // todo: extend according to policy rewrite possible!
     // policy errors
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java b/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
index 03d1b87..38e0834 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
@@ -176,7 +176,6 @@
                     e);
             throw new dbException(userid, "userDetails",
                     StatusCodes.DB_GET_FAILED, userid.toString());
-            //            throw new KorAPException(e, StatusCodes.CONNECTION_ERROR);
         }
     }
 
@@ -196,7 +195,6 @@
         }catch (DataAccessException e) {
             jlog.error("Could not retrieve user details for user: " + details
                     .getUserID(), e);
-            //            throw new KorAPException(e, StatusCodes.CONNECTION_ERROR);
             throw new dbException(details.getUserID(), "userDetails",
                     StatusCodes.DB_UPDATE_FAILED, details.toString());
         }
diff --git a/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java b/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
index 1d2f9cd..ccc79d8 100644
--- a/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
+++ b/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
@@ -54,10 +54,10 @@
 
     public abstract void lockAccount(User user) throws KustvaktException;
 
-    public abstract User createUserAccount(Map<String, String> attributes,
-            boolean conf_required) throws KustvaktException;
+    public abstract User createUserAccount(Map attributes,
+            boolean confirmation_required) throws KustvaktException;
 
-    public abstract boolean updateAccount(User user) throws KustvaktException;
+//    public abstract boolean updateAccount(User user) throws KustvaktException;
 
     public abstract boolean deleteAccount(User user) throws KustvaktException;
 
diff --git a/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java b/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
index 6101861..3b035b4 100644
--- a/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
+++ b/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
@@ -64,17 +64,12 @@
 
     public String encodeBase();
 
-    public String validateIPAddress(String ipaddress) throws KustvaktException;
+    public Map validateMap(Map map) throws KustvaktException;
 
-    public String validateEmail(String email) throws KustvaktException;
-
-    public Map<String, String> validateMap(Map<String, String> map)
+    public String validateEntry(String input, String type)
             throws KustvaktException;
 
-    public String validateString(String input) throws KustvaktException;
 
-    public void validate(Object instance) throws KustvaktException;
-
-    public String validatePassphrase(String pw) throws KustvaktException;
+//    public void validate(Object instance) throws KustvaktException;
 
 }
diff --git a/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java b/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java
index f5679c8..2232c01 100644
--- a/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java
+++ b/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java
@@ -86,33 +86,14 @@
     }
 
     @Override
-    public String validateIPAddress(String ipaddress) throws KustvaktException {
+    public Map validateMap(Map map) throws KustvaktException {
         return null;
     }
 
     @Override
-    public String validateEmail(String email) throws KustvaktException {
-        return null;
-    }
-
-    @Override
-    public Map<String, String> validateMap(Map<String, String> map)
+    public String validateEntry(String input, String type)
             throws KustvaktException {
-        return null;
+        return input;
     }
 
-    @Override
-    public String validateString(String input) throws KustvaktException {
-        return null;
-    }
-
-    @Override
-    public void validate(Object instance) throws KustvaktException {
-
-    }
-
-    @Override
-    public String validatePassphrase(String pw) throws KustvaktException {
-        return null;
-    }
 }
diff --git a/src/main/java/de/ids_mannheim/korap/interfaces/defaults/KustvaktEncryption.java b/src/main/java/de/ids_mannheim/korap/interfaces/defaults/KustvaktEncryption.java
index ee8b49b..2a1cde8 100644
--- a/src/main/java/de/ids_mannheim/korap/interfaces/defaults/KustvaktEncryption.java
+++ b/src/main/java/de/ids_mannheim/korap/interfaces/defaults/KustvaktEncryption.java
@@ -4,7 +4,9 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.interfaces.EncryptionIface;
+import de.ids_mannheim.korap.user.Attributes;
 import de.ids_mannheim.korap.user.User;
+import de.ids_mannheim.korap.web.utils.KustvaktMap;
 import edu.emory.mathcs.backport.java.util.Collections;
 import org.apache.commons.codec.EncoderException;
 import org.apache.commons.codec.binary.Base64;
@@ -25,6 +27,7 @@
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 
 public class KustvaktEncryption implements EncryptionIface {
@@ -278,37 +281,46 @@
         return null;
     }
 
+    // todo: where applied?
     @Override
-    public Map<String, String> validateMap(Map<String, String> map)
-            throws KustvaktException {
-        Map<String, String> safeMap = new HashMap<>();
-        if (map != null) {
-            for (Map.Entry<String, String> entry : map.entrySet()) {
-                //                String value = null;
-                //                if (entry.getValue() instanceof String) {
-                String value = validateString(entry.getValue());
+    public Map validateMap(Map map) throws KustvaktException {
+        Map<String, Object> safeMap = new HashMap<>();
+        KustvaktMap kmap = new KustvaktMap(map);
 
-                //                }else if (entry.getValue() instanceof List) {
-                //                    List list = (List) entry.getValue();
-                //                    for (Object v : list) {
-                //                        if (v instanceof String)
-                //                            validateString((String) v);
-                //                    }
-                //
-                //                    if (((List) entry.getValue()).size() == 1)
-                //                        value = list.get(0);
-                //                    else
-                //                        value = list;
-                //                }
-                safeMap.put(entry.getKey(), value);
+        if (map != null) {
+            if (!kmap.isGeneric()) {
+                for (String key : kmap.keySet()) {
+                    String value = validateEntry(kmap.get(key), key);
+                    safeMap.put(key, value);
+                }
+            }else {
+                for (String key : kmap.keySet()) {
+                    Object value = kmap.getRaw(key);
+                    if (value instanceof String) {
+                        value = validateEntry((String) value, key);
+
+                    }else if (value instanceof List) {
+                        List list = (List) value;
+                        for (Object v : list) {
+                            if (v instanceof String)
+                                validateEntry((String) v, key);
+                        }
+
+                        if (list.size() == 1)
+                            value = list.get(0);
+                        else
+                            value = list;
+                    }
+                    safeMap.put(key, value);
+                }
             }
         }
         return safeMap;
     }
 
+    @Deprecated
     private String validateString(String descr, String input, String type,
             int length, boolean nullable) throws KustvaktException {
-        jlog.debug("validating string entry '{}'", input);
         String s;
         try {
             s = validator.getValidInput(descr, input, type, length, nullable);
@@ -323,29 +335,49 @@
     }
 
     @Override
-    public String validateString(String input) throws KustvaktException {
-        if (input.contains("@")) {
-            return validateEmail(input);
-        }else
-            return validateString("Safe String", input, "SafeString",
+    public String validateEntry(String input, String type)
+            throws KustvaktException {
+        try {
+            if (type != null) {
+                type = type.toLowerCase();
+                if (type.equals(Attributes.EMAIL)) {
+                    jlog.debug("validating email entry '{}'", input.hashCode());
+                    return validator.getValidInput("Email", input, "email",
+                            config.getValidationEmaillength(), false);
+                }else if (type.equals(Attributes.USERNAME)) {
+                    jlog.debug("validating username entry '{}'",
+                            input.hashCode());
+                    return validator
+                            .getValidInput("Username", input, "username",
+                                    config.getValidationEmaillength(), false);
+                }else if (type.equals(Attributes.IP_RANG)) {
+                    jlog.debug("validating ip address entry '{}'",
+                            input.hashCode());
+                    return validator
+                            .getValidInput("IP Address", input, "ipaddress",
+                                    config.getValidationStringLength(),
+                                    nullable);
+                }else if (type.equals(Attributes.PASSWORD)) {
+                    jlog.debug("validating password entry '{}'",
+                            input.hashCode());
+                    return validator
+                            .getValidInput("Password", input, "password",
+                                    config.getValidationStringLength(),
+                                    nullable);
+                }
+            }
+            jlog.debug("validating string entry '{}'", input.hashCode());
+            return validator.getValidInput("Safe String", input, "SafeString",
                     config.getValidationStringLength(), nullable);
+        }catch (ValidationException ex) {
+            jlog.error("Validation failed! Value '{}' with type '{}'",
+                    new Object[] { input, type, ex.getMessage() });
+            throw new KustvaktException(StatusCodes.PARAMETER_VALIDATION_ERROR,
+                    "invalid value of type " + type, input);
+        }
     }
 
-    @Override
-    public String validateEmail(String email) throws KustvaktException {
-        jlog.debug("validating email entry '{}'", email);
-        return validateString("Email", email, "Email",
-                config.getValidationEmaillength(), nullable);
-    }
 
-    @Override
-    public String validateIPAddress(String ipaddress) throws KustvaktException {
-        jlog.debug("validating IP address entry '{}'", ipaddress);
-        return validateString("IP Address", ipaddress, "IPAddress",
-                config.getValidationStringLength(), nullable);
-    }
-
-    @Override
     public void validate(Object instance) throws KustvaktException {
         if (instance == null)
             return;
@@ -362,26 +394,9 @@
         }
     }
 
-    //fixme: fix validation algorithm
-    @Override
-    public String validatePassphrase(String pw) throws KustvaktException {
-        String safe_string = validateString(pw);
-        return safe_string;
-        //        String pw_conf;
-        //        try {
-        //            pw_conf = validator
-        //                    .getValidInput("User Password", safe_string, "Password", 20,
-        //                            false);
-        //        }catch (ValidationException e) {
-        //            jlog.error("password value did not validate", e.getMessage());
-        //            throw new KustvaktException(StatusCodes.PARAMETER_VALIDATION_ERROR,
-        //                    "password did not validate", "password");
-        //        }
-        //        return pw_conf;
-    }
-
     //FIXME: currently all sets are skipped during validation (since users should not be allowed to edit those sets anyway,
     //I think we will be safe here
+    @Deprecated
     private void validateStringField(Field[] fields, Object instance)
             throws KustvaktException, IllegalAccessException {
         for (Field field : fields) {
diff --git a/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java b/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
index 4576435..d34f968 100644
--- a/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
+++ b/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
@@ -1,7 +1,6 @@
 package de.ids_mannheim.korap.security.auth;
 
 import de.ids_mannheim.korap.auditing.AuditRecord;
-import de.ids_mannheim.korap.config.BeanConfiguration;
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.config.URIParam;
 import de.ids_mannheim.korap.exceptions.*;
@@ -13,6 +12,7 @@
 import de.ids_mannheim.korap.user.*;
 import de.ids_mannheim.korap.utils.StringUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
+import de.ids_mannheim.korap.web.utils.KustvaktMap;
 import net.sf.ehcache.Cache;
 import net.sf.ehcache.CacheManager;
 import net.sf.ehcache.Element;
@@ -40,6 +40,7 @@
     private EncryptionIface crypto;
     private EntityHandlerIface entHandler;
     private AuditingIface auditing;
+    private KustvaktConfiguration config;
     private final LoginCounter counter;
     private Cache user_cache;
 
@@ -47,6 +48,7 @@
             EncryptionIface crypto, KustvaktConfiguration config,
             AuditingIface auditer) {
         this.entHandler = userdb;
+        this.config = config;
         this.crypto = crypto;
         this.auditing = auditer;
         this.counter = new LoginCounter(config);
@@ -181,7 +183,7 @@
             throw new KustvaktException(StatusCodes.REQUEST_INVALID);
 
         if (!attributes.containsKey(Attributes.EMAIL)
-                && crypto.validateEmail(eppn) != null)
+                && crypto.validateEntry(eppn, Attributes.EMAIL) != null)
             attributes.put(Attributes.EMAIL, eppn);
 
         // fixme?!
@@ -200,7 +202,7 @@
         // just to make sure that the plain password does not appear anywhere in the logs!
 
         try {
-            safeUS = crypto.validateString(username);
+            safeUS = crypto.validateEntry(username, Attributes.USERNAME);
         }catch (KustvaktException e) {
             throw new WrappedException(e, StatusCodes.LOGIN_FAILED, username);
         }
@@ -223,8 +225,7 @@
                         attributes.toString());
             }
         }
-        jlog.trace("Authentication: found user under name " + unknown
-                .getUsername());
+        jlog.trace("Authentication: found username " + unknown.getUsername());
         if (unknown instanceof KorAPUser) {
             if (password == null || password.isEmpty())
                 throw new WrappedException(
@@ -387,8 +388,8 @@
         String safeUser, safePass;
 
         try {
-            safeUser = crypto.validateString(username);
-            safePass = crypto.validatePassphrase(newPassphrase);
+            safeUser = crypto.validateEntry(username, Attributes.USERNAME);
+            safePass = crypto.validateEntry(newPassphrase, Attributes.PASSWORD);
         }catch (KustvaktException e) {
             jlog.error("Error", e);
             throw new WrappedException(new KustvaktException(username,
@@ -422,7 +423,7 @@
             throws KustvaktException {
         String safeUser;
         try {
-            safeUser = crypto.validateString(username);
+            safeUser = crypto.validateEntry(username, Attributes.USERNAME);
         }catch (KustvaktException e) {
             jlog.error("error", e);
             throw new WrappedException(e,
@@ -457,8 +458,10 @@
      * @throws KustvaktException
      */
     //fixme: remove clientinfo object (not needed), use json representation to get stuff
-    public User createUserAccount(Map<String, String> attributes,
-            boolean conf_required) throws KustvaktException {
+    public User createUserAccount(Map attributes, boolean confirmation_required)
+            throws KustvaktException {
+        KustvaktMap kmap = new KustvaktMap(attributes);
+
         Map<String, String> safeMap = crypto.validateMap(attributes);
         if (safeMap.get(Attributes.USERNAME) == null || ((String) safeMap
                 .get(Attributes.USERNAME)).isEmpty())
@@ -470,8 +473,10 @@
                     StatusCodes.ILLEGAL_ARGUMENT, "password must be set",
                     "password");
 
-        String safePass = crypto
-                .validatePassphrase((String) safeMap.get(Attributes.PASSWORD));
+        String username = crypto.validateEntry(safeMap.get(Attributes.USERNAME),
+                Attributes.USERNAME);
+        String safePass = crypto.validateEntry(safeMap.get(Attributes.PASSWORD),
+                Attributes.PASSWORD);
         String hash;
         try {
             hash = crypto.produceSecureHash(safePass);
@@ -480,16 +485,14 @@
             throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT);
         }
 
-        KorAPUser user = User.UserFactory
-                .getUser((String) safeMap.get(Attributes.USERNAME));
+        KorAPUser user = User.UserFactory.getUser(username);
         UserDetails det = UserDetails.newDetailsIterator(safeMap);
         user.setDetails(det);
         user.setSettings(new UserSettings());
-        if (conf_required) {
+        if (confirmation_required) {
             user.setAccountLocked(true);
-            URIParam param = new URIParam(crypto.createToken(), TimeUtils
-                    .plusSeconds(BeanConfiguration.getBeans().getConfiguration()
-                            .getExpiration()).getMillis());
+            URIParam param = new URIParam(crypto.createToken(),
+                    TimeUtils.plusSeconds(config.getExpiration()).getMillis());
             user.addField(param);
         }
         user.setPassword(hash);
@@ -566,7 +569,6 @@
         //        }
     }
 
-    @Override
     public boolean updateAccount(User user) throws KustvaktException {
         boolean result;
         String key = cache_key(user.getUsername());
@@ -575,7 +577,7 @@
                     StatusCodes.REQUEST_INVALID,
                     "account not updateable for demo user", user.getUsername());
         else {
-            crypto.validate(user);
+            //            crypto.validate(user);
             try {
                 result = entHandler.updateAccount(user) > 0;
             }catch (KustvaktException e) {
@@ -617,7 +619,7 @@
     public Object[] validateResetPasswordRequest(String username, String email)
             throws KustvaktException {
         String mail, uritoken;
-        mail = crypto.validateEmail(email);
+        mail = crypto.validateEntry(email, Attributes.EMAIL);
         User ident;
         try {
             ident = entHandler.getAccount(username);
@@ -660,7 +662,8 @@
         if (user instanceof DemoUser)
             return;
         else {
-            crypto.validate(settings);
+            Map map = crypto.validateMap(settings.toObjectMap());
+            settings = UserSettings.fromObjectMap(map);
             try {
                 entHandler.updateSettings(settings);
             }catch (KustvaktException e) {
@@ -676,9 +679,11 @@
         if (user instanceof DemoUser)
             return;
         else {
-            crypto.validate(details);
+            Map map = crypto.validateMap(details.toMap());
+
             try {
-                entHandler.updateUserDetails(details);
+                entHandler
+                        .updateUserDetails(UserDetails.newDetailsIterator(map));
             }catch (KustvaktException e) {
                 jlog.error("Error ", e);
                 throw new WrappedException(e,
diff --git a/src/main/java/de/ids_mannheim/korap/user/Attributes.java b/src/main/java/de/ids_mannheim/korap/user/Attributes.java
index cf10530..96a80fb 100644
--- a/src/main/java/de/ids_mannheim/korap/user/Attributes.java
+++ b/src/main/java/de/ids_mannheim/korap/user/Attributes.java
@@ -41,6 +41,7 @@
     public static final String EMAIL = "email";
     public static final String ADDRESS = "address";
     public static final String COUNTRY = "country";
+    public static final String IPADDRESS = "ipaddress";
     // deprcated, use created
     public static final String ACCOUNT_CREATION = "account_creation";
     public static final String ACCOUNTLOCK = "account_lock";
diff --git a/src/main/java/de/ids_mannheim/korap/user/User.java b/src/main/java/de/ids_mannheim/korap/user/User.java
index 3543570..5c4510e 100644
--- a/src/main/java/de/ids_mannheim/korap/user/User.java
+++ b/src/main/java/de/ids_mannheim/korap/user/User.java
@@ -4,6 +4,7 @@
 import de.ids_mannheim.korap.config.ParamFields;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
+import de.ids_mannheim.korap.web.utils.KustvaktMap;
 import lombok.Data;
 import org.joda.time.DateTime;
 
@@ -180,30 +181,31 @@
             return u;
         }
 
-        public static User toUser(Map map) {
+        public static User toUser(Map<String, Object> map) {
+            KustvaktMap kmap = new KustvaktMap(map);
             int type = map.get(Attributes.TYPE) == null ?
                     0 :
-                    (int) map.get(Attributes.TYPE);
+                    (Integer) kmap.get(Attributes.TYPE, Integer.class);
             User user;
             long created = -1;
             if (map.get(Attributes.ACCOUNT_CREATION) != null)
-                created = DateTime
-                        .parse((String) map.get(Attributes.ACCOUNT_CREATION))
+                created = DateTime.parse(kmap.get(Attributes.ACCOUNT_CREATION))
                         .getMillis();
             switch (type) {
                 case 0:
-                    user = UserFactory
-                            .getUser((String) map.get(Attributes.USERNAME));
-                    user.setId((Integer) map.get(Attributes.ID));
+                    user = UserFactory.getUser(kmap.get(Attributes.USERNAME));
+                    user.setId(
+                            (Integer) kmap.get(Attributes.ID, Integer.class));
                     user.setAccountLocked(
                             map.get(Attributes.ACCOUNTLOCK) == null ?
                                     false :
-                                    (Boolean) map.get(Attributes.ACCOUNTLOCK));
+                                    (Boolean) kmap.get(Attributes.ACCOUNTLOCK,
+                                            Boolean.class));
                     user.setAccountCreation(created);
                     break;
                 default:
-                    user = UserFactory
-                            .getDemoUser((Integer) map.get(Attributes.ID));
+                    user = UserFactory.getDemoUser(
+                            (Integer) kmap.get(Attributes.ID, Integer.class));
                     user.setAccountCreation(created);
             }
             return user;
diff --git a/src/main/java/de/ids_mannheim/korap/user/UserDetails.java b/src/main/java/de/ids_mannheim/korap/user/UserDetails.java
index 4051436..e9d74d0 100644
--- a/src/main/java/de/ids_mannheim/korap/user/UserDetails.java
+++ b/src/main/java/de/ids_mannheim/korap/user/UserDetails.java
@@ -12,6 +12,7 @@
  * Time: 10:32 AM
  */
 
+// todo: set certain fields required!
 @Data
 public class UserDetails {
 
@@ -26,6 +27,7 @@
     private String email;
     private String address;
     private String country;
+    @Deprecated
     private boolean privateUsage;
 
     public UserDetails() {
diff --git a/src/main/java/de/ids_mannheim/korap/user/UserSettings.java b/src/main/java/de/ids_mannheim/korap/user/UserSettings.java
index 7295505..046ef56 100644
--- a/src/main/java/de/ids_mannheim/korap/user/UserSettings.java
+++ b/src/main/java/de/ids_mannheim/korap/user/UserSettings.java
@@ -19,6 +19,16 @@
 @Setter
 public class UserSettings {
 
+    // todo: use simple map for settings, not all the parameter
+    //todo: --> use sqlbuilder to update settings
+
+
+    private Map<String, Object> values;
+    // those are the only important parameters!!
+//    private Integer id;
+//    private Integer userID;
+
+
     private Integer id;
     private Integer userID;
     private String fileNameForExport;
@@ -65,6 +75,7 @@
         setupDefaultSettings();
     }
 
+    @Deprecated
     public static UserSettings fromObjectMap(Map<String, Object> m) {
         UserSettings s = new UserSettings();
         s.setFileNameForExport((String) m.get(Attributes.FILENAME_FOR_EXPORT));
@@ -108,6 +119,7 @@
         return s;
     }
 
+    @Deprecated
     public static UserSettings fromMap(Map<String, String> m) {
         UserSettings s = new UserSettings();
         s.setFileNameForExport(m.get(Attributes.FILENAME_FOR_EXPORT));
@@ -195,6 +207,7 @@
         return s;
     }
 
+    @Deprecated
     public void updateStringSettings(Map<String, String> m) {
         if (m.get(Attributes.FILENAME_FOR_EXPORT) != null)
             this.setFileNameForExport(m.get(Attributes.FILENAME_FOR_EXPORT));
@@ -255,6 +268,7 @@
             this.setDefaultRelfoundry(m.get(Attributes.DEFAULT_REL_FOUNDRY));
     }
 
+    @Deprecated
     public void updateObjectSettings(Map<String, Object> m) {
         if (m.get(Attributes.FILENAME_FOR_EXPORT) != null)
             this.setFileNameForExport(
diff --git a/src/main/java/de/ids_mannheim/korap/web/service/CollectionLoader.java b/src/main/java/de/ids_mannheim/korap/web/service/CollectionLoader.java
index 2982c8a..82f3c36 100644
--- a/src/main/java/de/ids_mannheim/korap/web/service/CollectionLoader.java
+++ b/src/main/java/de/ids_mannheim/korap/web/service/CollectionLoader.java
@@ -24,8 +24,8 @@
             CollectionDao dao = new CollectionDao(
                     BeanConfiguration.getBeans().getPersistenceClient());
 
-            int uid = Integer.valueOf(
-                    KustvaktConfiguration.KUSTVAKT_USER.get(Attributes.ID));
+            int uid = (Integer) KustvaktConfiguration.KUSTVAKT_USER
+                    .get(Attributes.ID);
 
             User user = User.UserFactory
                     .toUser(KustvaktConfiguration.KUSTVAKT_USER);
@@ -52,10 +52,6 @@
                     .createCollection("Werther", bui.toJSON(), uid);
             c3.setDescription("Goethe - Die Leiden des jungen Werther");
 
-            dao.storeResource(c1, user);
-            dao.storeResource(c2, user);
-            dao.storeResource(c3, user);
-
             PolicyBuilder b = new PolicyBuilder(user);
             b.setPermissions(Permissions.PERMISSIONS.ALL);
             b.setResources(c1, c2, c3);
diff --git a/src/main/java/de/ids_mannheim/korap/web/service/full/ResourceService.java b/src/main/java/de/ids_mannheim/korap/web/service/full/ResourceService.java
index d97b3fa..93a3d9d 100644
--- a/src/main/java/de/ids_mannheim/korap/web/service/full/ResourceService.java
+++ b/src/main/java/de/ids_mannheim/korap/web/service/full/ResourceService.java
@@ -652,7 +652,7 @@
         id = StringUtils.decodeHTML(id);
 
         Class sl = ResourceFactory.getResourceClass(type);
-        if (!sl.equals(VirtualCollection.class) & !sl.equals(Corpus.class))
+        if (!VirtualCollection.class.equals(sl) & !Corpus.class.equals(sl))
             throw KustvaktResponseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
                     "Requested Resource type not supported", type);
 
@@ -675,10 +675,9 @@
             }
 
             // rewrite process
-            String qstr = this.processor.preProcess(query.toJSON(), user);
+            String qstr = processor.preProcess(query.toJSON(), user);
             return Response.ok(searchKrill.getStatistics(qstr)).build();
         }catch (KustvaktException e) {
-            e.printStackTrace();
             throw KustvaktResponseHandler.throwit(e);
         }
     }
diff --git a/src/main/java/de/ids_mannheim/korap/web/service/full/UserService.java b/src/main/java/de/ids_mannheim/korap/web/service/full/UserService.java
index 1b162dd..d76d02f 100644
--- a/src/main/java/de/ids_mannheim/korap/web/service/full/UserService.java
+++ b/src/main/java/de/ids_mannheim/korap/web/service/full/UserService.java
@@ -59,7 +59,8 @@
     public Response signUp(
             @HeaderParam(ContainerRequest.USER_AGENT) String agent,
             @HeaderParam(ContainerRequest.HOST) String host,
-            @Context Locale locale, MultivaluedMap<String, String> form_values) {
+            @Context Locale locale,
+            MultivaluedMap<String, String> form_values) {
         Map<String, String> wrapper = FormRequestWrapper
                 .toMap(form_values, true);
 
@@ -103,7 +104,7 @@
 
     }
 
-    //todo: password update in special function?
+    //todo: password update in special function? --> password reset only!
     @POST
     @Path("update")
     @Consumes(MediaType.APPLICATION_FORM_URLENCODED)
@@ -120,7 +121,7 @@
             //            user = controller
             //                    .checkPasswordAllowance(ident, values.getPassword(),
             //                            node.path("new_password").asText());
-            controller.updateAccount(user);
+            //            controller.updateAccount(user);
         }catch (KustvaktException e) {
             throw KustvaktResponseHandler.throwit(e);
         }
@@ -247,8 +248,10 @@
             jlog.error("Exception encountered!", e);
             throw KustvaktResponseHandler.throwit(e);
         }
-        return Response.ok(JsonUtils.toJSON(user.getSettings().toObjectMap()))
-                .build();
+
+        Map m = user.getSettings().toObjectMap();
+        m.put(Attributes.USERNAME, ctx.getUsername());
+        return Response.ok(JsonUtils.toJSON(m)).build();
     }
 
     // todo: test
@@ -300,7 +303,9 @@
             throw KustvaktResponseHandler.throwit(e);
         }
 
-        return Response.ok(JsonUtils.toJSON(user.getDetails().toMap())).build();
+        Map m = user.getDetails().toMap();
+        m.put(Attributes.USERNAME, ctx.getUsername());
+        return Response.ok(JsonUtils.toJSON(m)).build();
     }
 
     @POST
diff --git a/src/main/resources/validation.properties b/src/main/resources/validation.properties
index 9a0e0e5..1e9d896 100755
--- a/src/main/resources/validation.properties
+++ b/src/main/resources/validation.properties
@@ -21,10 +21,13 @@
 #    someObject.setEmail(ESAPI.validator().getValidInput("User Email", input, "Email", maxLength, allowNull));
 #
 #Validator.SafeString=^[.;:\\-\\p{Alnum}\\p{Space}]{0,1024}$
+Validator.username=^[;=\\*\/\/_()\\-0-9\\p{L}\\p{Space}]{0,15}$
+Validator.password_cap=((?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{8,20})
+Validator.password=((?=.*\\d)(?=.*[a-zA-Z]).{8,20})
 Validator.SafeString=^[.;:,=\\*\/\/_()\\-0-9\\p{L}\\p{Space}]{0,1024}$
-Validator.Email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
-Validator.IPAddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
-Validator.URL=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
+Validator.email=^[A-Za-z0-9._%'-]+@[A-Za-z0-9.-]+\\.[a-zA-Z]{2,4}$
+Validator.ipddress=^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$
+Validator.url=^(ht|f)tp(s?)\\:\\/\\/[0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*(:(0-9)*)*(\\/?)([a-zA-Z0-9\\-\\.\\?\\,\\:\\'\\/\\\\\\+=&amp;%\\$#_]*)?$
 Validator.CreditCard=^(\\d{4}[- ]?){3}\\d{4}$
 Validator.SSN=^(?!000)([0-6]\\d{2}|7([0-6]\\d|7[012]))([ -]?)(?!00)\\d\\d\\3(?!0000)\\d{4}$
-Validator.Password=((?=.*\\d)(?=.*[a-z])(?=.*[A-Z]).{8,20})
+