stable version becomes master

hsarback/database/schema.sql

@@ -921,5 +921,3 @@ ALTER TABLE ONLY domain__domain_option
     ADD CONSTRAINT domain_id_fkey FOREIGN KEY (domain_id) 
     	REFERENCES domain(domain_id) DEFERRABLE;
 
-ALTER TABLE queue_task ADD COLUMN login_user character varying(48);
-ALTER TABLE queue_task ADD COLUMN runas_user character varying(48);

hsarback/src/main/java/de/hsadmin/remote/AbstractRemote.java

@@ -9,7 +9,6 @@ import java.util.List;
 import java.util.Map;
 
 import de.hsadmin.core.model.AbstractEntity;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthenticationException;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.GenericModuleImpl;
@@ -44,7 +43,7 @@ public abstract class AbstractRemote implements IRemote {
 		try {
 			if (transaction.login(user, ticket)) {
 				final ModuleInterface module = new GenericModuleImpl(transaction);
-				final AuthenticatedUser unixUser = transaction.getLoginUser();
+				final UnixUser unixUser = transaction.getLoginUser();
 				final List<AbstractEntity> list = module.search(getEntityClass(),
 						buildQueryCondition(whereParams), null);
 				if (list == null) {
@@ -106,7 +105,7 @@ public abstract class AbstractRemote implements IRemote {
 		try {
 			if (transaction.login(user, ticket)) {
 				final ModuleInterface module = new GenericModuleImpl(transaction);
-				final AuthenticatedUser authUser = transaction.getLoginUser();
+				final UnixUser unixUser = transaction.getLoginUser();
 				final String queryCondition = buildQueryCondition(whereParams);
 				if (queryCondition == null || queryCondition.length() == 0) {
 					throw new HSAdminException(
@@ -116,10 +115,10 @@ public abstract class AbstractRemote implements IRemote {
 						queryCondition, null);
 				transaction.beginTransaction();
 				for (AbstractEntity e : list) {
-					if (e.isWriteAllowedFor(authUser)) {
+					if (e.isWriteAllowedFor(unixUser)) {
 						module.delete(e);
 					} else {
-						throw new AuthorisationException(authUser, "delete", e);
+						throw new AuthorisationException(unixUser, "delete", e);
 					}
 				}
 				transaction.commitTransaction();
@@ -143,7 +142,7 @@ public abstract class AbstractRemote implements IRemote {
 		try {
 			if (transaction.login(user, ticket)) {
 				final ModuleInterface module = new GenericModuleImpl(transaction);
-				final AuthenticatedUser unixUser = transaction.getLoginUser();
+				final UnixUser unixUser = transaction.getLoginUser();
 				final ArrayList<Map<String, Object>> result = new ArrayList<Map<String, Object>>();
 				final String queryCondition = buildQueryCondition(whereParams);
 				if (queryCondition == null || queryCondition.length() == 0) {

hsarback/src/main/java/de/hsadmin/remote/RoleRemote.java

@@ -6,7 +6,6 @@ import java.util.List;
 import java.util.Map;
 
 import de.hsadmin.core.model.AbstractEntity;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthenticationException;
 import de.hsadmin.core.model.GenericModuleImpl;
 import de.hsadmin.core.model.Transaction;
@@ -14,7 +13,6 @@ import de.hsadmin.core.util.Config;
 import de.hsadmin.core.util.HSAdminException;
 import de.hsadmin.mods.dom.Domain;
 import de.hsadmin.mods.pac.Pac;
-import de.hsadmin.mods.user.UnixUser;
 
 public class RoleRemote implements IRemote {
 
@@ -27,25 +25,22 @@ public class RoleRemote implements IRemote {
 			String role = "USER";
 			String accoutPrefixCustomer = Config.getInstance().getProperty("accountprefix.customer");
 			String accoutPrefixHostmaster = Config.getInstance().getProperty("accountprefix.hostmaster");
-			final AuthenticatedUser loginUser = transaction.getLoginUser();
+			Pac pac = transaction.getLoginUser().getPac();
-			if (loginUser instanceof UnixUser) {
+			String pacName = pac.getName();
-				Pac pac = ((UnixUser) loginUser).getPac();
+			if (accoutPrefixCustomer.equals(pacName)) {
-				String pacName = pac.getName();
+				role = "CUSTOMER";
-				if (accoutPrefixCustomer.equals(pacName)) {
+			}
-					role = "CUSTOMER";
+			if (accoutPrefixHostmaster.equals(pacName)) {
-				}
+				role = "HOSTMASTER";
-				if (accoutPrefixHostmaster.equals(pacName)) {
+			}
-					role = "HOSTMASTER";
+			if (user.equals(pacName)) {
-				}
+				role = "PAC_ADMIN_DW";
-				if (user.equals(pacName)) {
+			}
-					role = "PAC_ADMIN_DW";
+			if (role.equals("USER")) {
-				}
+				GenericModuleImpl module = new GenericModuleImpl(transaction);
-				if (role.equals("USER")) {
+				List<AbstractEntity> list = module.search(Domain.class, "obj.user.name = '" + user + "'", null);
-					GenericModuleImpl module = new GenericModuleImpl(transaction);
+				if (list != null && list.size() > 0) {
-					List<AbstractEntity> list = module.search(Domain.class, "obj.user.name = '" + user + "'", null);
+					role = "DOM_ADMIN";
-					if (list != null && list.size() > 0) {
-						role = "DOM_ADMIN";
-					}
 				}
 			}
 			List<Map<String, Object>> result = new ArrayList<Map<String,Object>>();

hsarback/src/main/java/de/hsadmin/servlets/JsonPillarServlet.java

@@ -1,4 +1,4 @@
-package de.hsadmin.pillar;
+package de.hsadmin.servlets;
 
 import java.io.IOException;
 import java.io.PrintWriter;

hsarback/src/main/java/de/hsadmin/servlets/PacTasksServlet.java

@@ -132,8 +132,7 @@ public class PacTasksServlet extends HttpServlet
 			if ("pac.delete".equals(parts[0])) {
 				proc = factory.createDeleteProcessor(em, pac);
 			}
-			final String pacUser = pac.owningUser(em).getName();
+			transaction.enqueue(pac.getHiveName(), new QueueTask(pac.owningUser(em), parts[0] + ":" + parts[1], message, proc));
-			transaction.enqueue(pac.getHiveName(), new QueueTask(pacUser, pacUser, parts[0] + ":" + parts[1], message, proc));
 			em.clear();
 			em.flush();
 			transaction.commitTransaction();

hsarback/src/main/webapp/WEB-INF/web.xml

@@ -39,7 +39,7 @@
  
     <servlet>
         <servlet-name>PillarServlet</servlet-name>
-        <servlet-class>de.hsadmin.pillar.JsonPillarServlet</servlet-class>
+        <servlet-class>de.hsadmin.servlets.JsonPillarServlet</servlet-class>
     </servlet>
  
     <servlet-mapping>

qserv/src/main/java/de/hsadmin/core/model/AbstractEntity.java

@@ -82,7 +82,7 @@ public abstract class AbstractEntity {
 	 * 
 	 * @return a restricting JPA-QL expression to limit access to entities
 	 */
-	public static String restriction(Class<?> entityClass, AuthenticatedUser loginUser) {
+	public static String restriction(Class<?> entityClass, UnixUser loginUser) {
 		// hostmasters don't get any restriction
 		if (loginUser.hasHostmasterRole())
 			return null;
@@ -159,7 +159,7 @@ public abstract class AbstractEntity {
 	 * @param em
 	 * @param loginUser
 	 */
-	public void initialize(EntityManager em, AuthenticatedUser loginUser) {
+	public void initialize(EntityManager em, UnixUser loginUser) {
 	}
 
 	/**
@@ -167,7 +167,7 @@ public abstract class AbstractEntity {
 	 * @param em
 	 * @param loginUser
 	 */
-	public void complete(EntityManager em, AuthenticatedUser loginUser) {
+	public void complete(EntityManager em, UnixUser loginUser) {
 	}
 
 	/**
@@ -180,7 +180,7 @@ public abstract class AbstractEntity {
 	 * @param em
 	 * @param loginUser
 	 */
-	public AbstractEntity merge(EntityManager em, AuthenticatedUser loginUser) {
+	public AbstractEntity merge(EntityManager em, UnixUser loginUser) {
 		return em.merge(this);
 	}
 
@@ -190,7 +190,7 @@ public abstract class AbstractEntity {
 	 * @param loginUser
 	 * @return
 	 */
-	public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isReadAllowedFor(UnixUser loginUser) {
 		return loginUser.hasHostmasterRole();
 	}
 
@@ -200,7 +200,7 @@ public abstract class AbstractEntity {
 	 * @param loginUser
 	 * @return
 	 */
-	public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isWriteAllowedFor(UnixUser loginUser) {
 		return loginUser.hasHostmasterRole();
 	}
 
@@ -218,6 +218,6 @@ public abstract class AbstractEntity {
 	 * @param em
 	 * @return
 	 */
-	public abstract AuthenticatedUser owningUser(EntityManager em);
+	public abstract UnixUser owningUser(EntityManager em);
 
 }

qserv/src/main/java/de/hsadmin/core/model/AbstractModuleImpl.java

@@ -41,7 +41,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 	}
 
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		EntityManager entityManager = transaction.getEntityManager();
 		newEntity.complete(entityManager, loginUser);
 		entityManager.persist(newEntity);
@@ -58,7 +58,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 
 	public AbstractEntity find(Class<? extends AbstractEntity> entityClass, Object key) throws HSAdminException {
 		AbstractEntity entity = transaction.getEntityManager().find(entityClass, key);
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		if (!entity.isReadAllowedFor(loginUser)) {
 			throw new AuthorisationException(loginUser, "add", entity);
 		}
@@ -98,7 +98,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 	}
 
 	public List<AbstractEntity> search(Class<? extends AbstractEntity> entityClass, String condition, String orderBy, int limit) throws HSAdminException {
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		condition = restrict(entityClass, loginUser, condition);
 		Entity entityAnnot = entityClass.getAnnotation(Entity.class);
 		String queryString = "SELECT obj FROM " + entityAnnot.name() + " obj";
@@ -120,9 +120,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 		}
 		setQueryParameter(query, queryString, "loginUser", loginUser);
 		setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
-		if (loginUser instanceof UnixUser) {
+		setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac());
-			setQueryParameter(query, queryString, "loginUserPac", ((UnixUser)loginUser).getPac());
-		}
 		try {
 			List<?> res = query.getResultList();
 			List<AbstractEntity> ret = new LinkedList<AbstractEntity>();
@@ -142,7 +140,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 	}
 
 	public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		existingEntity = existingEntity.merge(transaction.getEntityManager(), loginUser);
 		if (!existingEntity.isWriteAllowedFor(loginUser)) {
 			throw new AuthorisationException(loginUser, "update", existingEntity);
@@ -156,7 +154,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 	}
 
 	public void delete(AbstractEntity existingEntity) throws HSAdminException {
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		EntityManager entityManager = transaction.getEntityManager();
 		existingEntity = entityManager.find(existingEntity.getClass(), existingEntity.id());
 		if (!existingEntity.isWriteAllowedFor(loginUser)) {
@@ -192,7 +190,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 		return procFact;
 	}
 
-	protected void queueProcessor(Processor proc, AuthenticatedUser authUser, AbstractEntity entity, String action) {
+	protected void queueProcessor(Processor proc, UnixUser user, AbstractEntity entity, String action) {
 		if (proc == null || proc instanceof NullProcessor) {
 			return;
 		}
@@ -200,7 +198,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 		String entityTypeName = entityInfo != null ? entityInfo.name() : entity.getClass().getSimpleName();
 		StringBuilder details = new StringBuilder();
 		String title = entityTypeName + " (" + entity.createStringKey() + ") " + action;
-		QueueTask task = new QueueTask(transaction.getLogin(), transaction.getRunas(), title, details.toString(), proc);
+		QueueTask task = new QueueTask(user, title, details.toString(), proc);
 		transaction.getEntityManager().persist(task);
 		transaction.enqueue(entity.getHiveName(), task);
 	}
@@ -216,7 +214,7 @@ public abstract class AbstractModuleImpl implements ModuleInterface {
 	/**
 	 *  apply access restriction to JPA-QL condition.
 	 */
-	private String restrict(Class<?> entityClass, AuthenticatedUser loginUser, String condition) {
+	private String restrict(Class<?> entityClass, UnixUser loginUser, String condition) {
 		String restriction = AbstractEntity.restriction(entityClass, loginUser);
 		if (restriction == null)
 			return condition;

qserv/src/main/java/de/hsadmin/core/model/AuthorisationException.java

@@ -7,12 +7,12 @@ public class AuthorisationException extends HSAdminException {
 	
 	private static final long serialVersionUID = -8125905071037488732L;
 
-	private AuthenticatedUser user;
+	private UnixUser user;
 	private String method;
 	private AbstractEntity entity;
 	private String field;
 
-	public AuthenticatedUser getUser() {
+	public UnixUser getUser() {
 		return user;
 	}
 
@@ -28,14 +28,14 @@ public class AuthorisationException extends HSAdminException {
 		return field;
 	}
 
-	public AuthorisationException(AuthenticatedUser user, String method) {
+	public AuthorisationException(UnixUser user, String method) {
 		super("nicht authorisiert fuer " + method + "()");
 
 		this.user = user;
 		this.method = method;
 	}
 
-	public AuthorisationException(AuthenticatedUser user, String method, AbstractEntity entity) {
+	public AuthorisationException(UnixUser user, String method, AbstractEntity entity) {
 		super("nicht authorisiert fuer " + method + "("
 				+ entity.createStringKey() + ")");
 
@@ -44,7 +44,7 @@ public class AuthorisationException extends HSAdminException {
 		this.entity = entity;
 	}
 
-	public AuthorisationException(AuthenticatedUser user, String method, AbstractEntity entity,
+	public AuthorisationException(UnixUser user, String method, AbstractEntity entity,
 			String field) {
 		super("nicht authorisiert fuer " + method + "("
 				+ entity.createStringKey() + "." + field + ")");

qserv/src/main/java/de/hsadmin/core/model/SecureDefaultModuleImpl.java

@@ -99,7 +99,7 @@ public class SecureDefaultModuleImpl extends AbstractModuleImpl {
 	public void delete(AbstractEntity detachedEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
 		EntityManager entityManager = transaction.getEntityManager();
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		AbstractEntity attachedEntity = entityManager.find(detachedEntity.getClass(), detachedEntity.id());
 		if (!attachedEntity.isWriteAllowedFor(loginUser)) {
 			throw new AuthorisationException(loginUser, "delete", detachedEntity);

qserv/src/main/java/de/hsadmin/core/model/Transaction.java

@@ -28,16 +28,15 @@ public class Transaction {
 
 	private EntityManager entityManager;
 	private QueueConnectionFactory queueConnectionFactory;
-	private String loginUser;
+	private String loginName;
-	private String runasUser;
 	private Map<String, QueueTaskStore> taskStores;
 	private boolean transactionActive;
 	private InitialContext ctx;
 	
-	public Transaction(String runasName) {
+	public Transaction(String loginName) {
 		transactionActive = false;
 		this.entityManager = PersistenceManager.getEntityManager("hsadmin");
-		this.runasUser = runasName;
+		this.loginName = loginName;
 		taskStores = new HashMap<String, QueueTaskStore>();
 		try {
 			ctx = new InitialContext();
@@ -68,12 +67,11 @@ public class Transaction {
 		return null;
 	}
 
-	public String getLogin() {
+	public String getLoginName() {
-		return loginUser;
+		if (loginName != null) {
-	}
+			return loginName;
-
+		}
-	public String getRunas() {
+		throw new TechnicalException("no login");
-		return runasUser;
 	}
 
 	public void enqueue(String hiveName, QueueTask task) {
@@ -90,6 +88,7 @@ public class Transaction {
 		for (String hive : taskStores.keySet()) {
 			QueueTaskStore store = taskStores.get(hive);
 			String queueName = "hsadminSystem-" + hive;
+//			queueName = "hsadminSystem-h99";  // FIXME nicht committen !!!
 			Queue jmsSystemQueue = lookupJMSQueue(queueName);
 			QueueClient qClient = null;
 			try {
@@ -172,15 +171,10 @@ public class Transaction {
 		}
 	}
 
-	public AuthenticatedUser getLoginUser() {
+	public UnixUser getLoginUser() {
-		String loginName = getRunas();
+		String loginName = getLoginName();
 		if (loginName != null && loginName.length() == 2) {
-			final LdapDAO ldapDAO = new LdapDAO();
+			loginName = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-" + loginName;
-			return ldapDAO.read(loginName);
-		}
-		if (loginName != null && loginName.length() > 4 && loginName.charAt(3) == '-') {
-			final LdapDAO ldapDAO = new LdapDAO();
-			return ldapDAO.read(loginName);
 		}
 		if (loginName != null && loginName.length() == 3) {
 			loginName = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-" + loginName;
@@ -191,44 +185,44 @@ public class Transaction {
 		return unixUser;
 	}
 
-	public boolean login(String runasUser, String ticket) throws AuthenticationException {
+	public boolean login(String user, String ticket) throws AuthenticationException {
-		loginUser = TicketValidator.getInstance().validateTicket(ticket);
+		String ticketUser = TicketValidator.getInstance().validateTicket(ticket);
-		if (runasUser != null && runasUser.equals(loginUser)) {
+		if (user != null && user.equals(ticketUser)) {
 			return true;		// user himself
 		}
-		if (loginUser != null && loginUser.length() == 2) {
+		if (ticketUser != null && ticketUser.length() == 2) {
 			return true;		// 2-letter hostmaster
 		}
 		String hostmasterAccountPrefix = Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-";
-		if (loginUser != null && loginUser.startsWith(hostmasterAccountPrefix) && loginUser.length() == 8) {
+		if (ticketUser != null && ticketUser.startsWith(hostmasterAccountPrefix) && ticketUser.length() == 8) {
 			return true;		// hsh01 hostmaster
 		}
-		if (loginUser != null && loginUser.length() == 5) {
+		if (ticketUser != null && ticketUser.length() == 5) {
 			Query userQuery = getEntityManager().createQuery("SELECT u FROM UnixUsers u WHERE u.name = :username");
-			userQuery.setParameter("username", runasUser);
+			userQuery.setParameter("username", user);
 			UnixUser unixUser = (UnixUser) userQuery.getSingleResult();
 			String pacName = unixUser.getPac().getName();
-			return loginUser.equals(pacName);  // pac-admin
+			return ticketUser.equals(pacName);  // pac-admin
 		}
 		String memberAccountPrefix = Config.getInstance().getProperty("accountprefix.customer", "hsh00") + "-";
-		if (loginUser != null && (loginUser.length() == 3 || (loginUser.length() >= 9 && loginUser.startsWith(memberAccountPrefix)))) {
+		if (ticketUser != null && (ticketUser.length() == 3 || (ticketUser.length() >= 9 && ticketUser.startsWith(memberAccountPrefix)))) {
 			Query memberQuery = getEntityManager().createQuery("SELECT c FROM Customers c WHERE c.name = :membername");
-			memberQuery.setParameter("membername", loginUser.length() == 3 ? (memberAccountPrefix + loginUser) : loginUser);
+			memberQuery.setParameter("membername", ticketUser.length() == 3 ? (memberAccountPrefix + ticketUser) : ticketUser);
 			Customer member = (Customer) memberQuery.getSingleResult();
 			Set<Pac> pacs = member.getPacs();
 			for (Pac p : pacs) {
-				if (p.getName().equals(runasUser)) {
+				if (p.getName().equals(user)) {
 					return true;  // member as pac-admin
 				}
 				Set<UnixUser> users = p.getUnixUser();
 				for (UnixUser u : users) {
-					if (u.getName().equals(runasUser)) {
+					if (u.getName().equals(user)) {
 						return true; // member as pac-user
 					}
 				}
 			}
 		}
-		throw new AuthenticationException("User " + loginUser + " is not allowed to run as " + runasUser);
+		throw new AuthenticationException("User " + ticketUser + " is not allowed to run as " + user);
 	}
 
 }

qserv/src/main/java/de/hsadmin/core/qserv/QueueTask.java

@@ -20,7 +20,6 @@ import javax.persistence.Transient;
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AnnFieldIO;
 import de.hsadmin.core.model.AnnModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.ReadWriteAccess;
 import de.hsadmin.mods.qstat.QTaskModuleImpl;
 import de.hsadmin.mods.user.UnixUser;
@@ -43,14 +42,6 @@ public class QueueTask extends AbstractEntity implements Serializable {
 	@ManyToOne(fetch=FetchType.EAGER)
 	private UnixUser user;
 
-	@AnnFieldIO(rw=ReadWriteAccess.READONLY)
-	@Column(name = "runas_user", columnDefinition = "character varying(48)", nullable = true)
-	private String runasUser;
-
-	@AnnFieldIO(rw=ReadWriteAccess.READONLY)
-	@Column(name = "login_user", columnDefinition = "character varying(48)", nullable = true)
-	private String loginUser;
-
 	@AnnFieldIO(rw=ReadWriteAccess.READONLY)
 	@Column(name = "started", columnDefinition = "date")
 	@Temporal(javax.persistence.TemporalType.TIMESTAMP)
@@ -78,9 +69,8 @@ public class QueueTask extends AbstractEntity implements Serializable {
 	public QueueTask() {
 	}
 
-	public QueueTask(String loginUser, String runasUser, String title, String details, Processor proc) {
+	public QueueTask(UnixUser user, String title, String details, Processor proc) {
-		this.loginUser = loginUser;
+		this.user = user;
-		this.runasUser = runasUser;
 		this.title = title;
 		this.details = details;
 		this.started = new Date();
@@ -99,7 +89,7 @@ public class QueueTask extends AbstractEntity implements Serializable {
 	 *  on all merged fields of this entity
 	 */
 	@Override
-	public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isReadAllowedFor(UnixUser loginUser) {
 		return loginUser.hasHostmasterRole()
 			|| loginUser.hasPacAdminRoleFor(getUser().getPac())
 			|| loginUser.id() == getUser().id();
@@ -146,22 +136,6 @@ public class QueueTask extends AbstractEntity implements Serializable {
 		this.user = user;
 	}
 
-	public String getRunasUser() {
-		return runasUser;
-	}
-
-	public void setRunasUser(String runasUser) {
-		this.runasUser = runasUser;
-	}
-
-	public String getLoginUser() {
-		return loginUser;
-	}
-
-	public void setLoginUser(String loginUser) {
-		this.loginUser = loginUser;
-	}
-
 	public Date getStarted() {
 		return started;
 	}

qserv/src/main/java/de/hsadmin/core/qserv/WaitingTasksProcessor.java

@@ -28,7 +28,7 @@ public class WaitingTasksProcessor extends AbstractProcessor {
 		if (task.getException() == null) {
 			for (WaitingProcessor p : waitingTasks) {
 				QueueTask wTask = 
-					new QueueTask(transaction.getLogin(), transaction.getRunas(), task.getTitle() + " / " + p.getTitle(), task.getTitle() + " / " + p.getTitle(), p.getProc());
+					new QueueTask(task.getUser(), task.getTitle() + " / " + p.getTitle(), task.getTitle() + " / " + p.getTitle(), p.getProc());
 				transaction.getEntityManager().persist(wTask);
 				transaction.enqueue(p.getHost(), wTask);
 			}

qserv/src/main/java/de/hsadmin/mods/cust/Customer.java

@@ -25,7 +25,6 @@ import javax.persistence.Temporal;
 import javax.persistence.Transient;
 
 import de.hsadmin.core.model.AbstractEntity;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.mods.pac.Pac;
 import de.hsadmin.mods.user.UnixUser;
 
@@ -235,12 +234,12 @@ public class Customer extends AbstractEntity implements Serializable {
 	}
 
 	@Override
-	public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isReadAllowedFor(UnixUser loginUser) {
 		return loginUser.hasCustomerRoleFor(this);
 	}
 
 	@Override
-	public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isWriteAllowedFor(UnixUser loginUser) {
 		return loginUser.hasCustomerRoleFor(this);
 	}
 	

qserv/src/main/java/de/hsadmin/mods/db/Database.java

@@ -24,7 +24,6 @@ import javax.persistence.Table;
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
 import de.hsadmin.core.model.AnnFieldIO;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.ReadWriteAccess;
 import de.hsadmin.mods.pac.Pac;
 import de.hsadmin.mods.user.UnixUser;
@@ -78,10 +77,8 @@ public abstract class Database extends AbstractEntity implements Serializable {
 	}
 
 	@Override
-	public void initialize(EntityManager em, AuthenticatedUser loginUser) {
+	public void initialize(EntityManager em, UnixUser loginUser) {
-		if (loginUser instanceof UnixUser) {
+		pac = loginUser.getPac(); // a default useful for the pac admin
-			pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin
-		}
 	}
 
 	public void complete(EntityManager em, UnixUser loginUser) {
@@ -141,7 +138,7 @@ public abstract class Database extends AbstractEntity implements Serializable {
 	 * determines whether the given user has full read access on all merged fields of this entity
 	 */
 	@Override
-	public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isReadAllowedFor(UnixUser loginUser) {
 		return loginUser.hasPacAdminRoleFor(getPac());
 	}
 
@@ -149,7 +146,7 @@ public abstract class Database extends AbstractEntity implements Serializable {
 	 * determines whether the given user has full write access on all merged fields of this entity
 	 */
 	@Override
-	public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isWriteAllowedFor(UnixUser loginUser) {
 		String pacName = pac.getName();
 		if (!name.equals(pacName) && !name.startsWith(pacName + "_"))
 			return false;

qserv/src/main/java/de/hsadmin/mods/db/DatabaseUser.java

@@ -25,7 +25,6 @@ import javax.persistence.Transient;
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
 import de.hsadmin.core.model.AnnFieldIO;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.ReadWriteAccess;
 import de.hsadmin.mods.pac.Pac;
 import de.hsadmin.mods.user.UnixUser;
@@ -73,10 +72,8 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
 	}
 
 	@Override
-	public void initialize(EntityManager em, AuthenticatedUser loginUser) {
+	public void initialize(EntityManager em, UnixUser loginUser) {
-		if (loginUser instanceof UnixUser) {
+		pac = loginUser.getPac(); // a default useful for the pac admin
-			pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin
-		}
 	}
 
 	public void complete(EntityManager em, UnixUser loginUser) {
@@ -159,7 +156,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
 	}
 
 	@Override
-	public DatabaseUser merge(EntityManager em, AuthenticatedUser loginUser) {
+	public DatabaseUser merge(EntityManager em, UnixUser loginUser) {
 		DatabaseUser dbEntity = (DatabaseUser) super.merge(em, loginUser);
 		dbEntity.setPassword(this.getPassword());
 		return dbEntity;
@@ -183,7 +180,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
 	 * fields of this entity
 	 */
 	@Override
-	public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isReadAllowedFor(UnixUser loginUser) {
 		return loginUser.hasPacAdminRoleFor(getPac());
 	}
 
@@ -192,7 +189,7 @@ public abstract class DatabaseUser extends AbstractEntity implements Serializabl
 	 * fields of this entity
 	 */
 	@Override
-	public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isWriteAllowedFor(UnixUser loginUser) {
 		String pacName = pac.getName();
 		if (!name.equals(pacName) && !name.startsWith(pacName + "_"))
 			return false;

qserv/src/main/java/de/hsadmin/mods/db/MySqlDatabaseModuleImpl.java

@@ -7,13 +7,13 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.core.util.HSAdminException;
 import de.hsadmin.hostsharing.BasePacType;
 import de.hsadmin.hostsharing.MultiOption;
 import de.hsadmin.mods.pac.Pac;
+import de.hsadmin.mods.user.UnixUser;
 
 public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
 
@@ -29,7 +29,7 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
 	@Override
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		MySqlDatabase database = (MySqlDatabase) newEntity;
 		String name = database.getName();
 		String pacPrefix = name.substring(0, 5);
@@ -75,7 +75,7 @@ public class MySqlDatabaseModuleImpl extends AbstractModuleImpl {
 	public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
 		EntityManager em = transaction.getEntityManager();
-		AuthenticatedUser unixUser = transaction.getLoginUser();
+		UnixUser unixUser = transaction.getLoginUser();
 		MySqlDatabase detachtedDB = (MySqlDatabase) existingEntity;
 		MySqlDatabase attachedDB = em.find(MySqlDatabase.class, detachtedDB.getId());
 		if (!attachedDB.getName().equals(detachtedDB.getName())) {

qserv/src/main/java/de/hsadmin/mods/db/MySqlUserModuleImpl.java

@@ -7,20 +7,20 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.core.util.HSAdminException;
 import de.hsadmin.hostsharing.BasePacType;
 import de.hsadmin.hostsharing.MultiOption;
 import de.hsadmin.mods.pac.Pac;
+import de.hsadmin.mods.user.UnixUser;
 
 public class MySqlUserModuleImpl extends AbstractModuleImpl {
 
 	@Override
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		MySqlUser user = (MySqlUser) newEntity;
 		String name = user.getName();
 		if (name.length() < 7 || name.charAt(5) != '_') {

qserv/src/main/java/de/hsadmin/mods/db/PgSqlDatabaseModuleImpl.java

@@ -7,13 +7,13 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.core.util.HSAdminException;
 import de.hsadmin.hostsharing.BasePacType;
 import de.hsadmin.hostsharing.MultiOption;
 import de.hsadmin.mods.pac.Pac;
+import de.hsadmin.mods.user.UnixUser;
 
 public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
 
@@ -27,7 +27,7 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
 
 	@Override
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		PgSqlDatabase database = (PgSqlDatabase) newEntity;
 		String name = database.getName();
 		String pacPrefix = name.substring(0, 5);
@@ -74,17 +74,17 @@ public class PgSqlDatabaseModuleImpl extends AbstractModuleImpl {
 	public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
 		EntityManager em = transaction.getEntityManager();
-		AuthenticatedUser user = transaction.getLoginUser();
+		UnixUser unixUser = transaction.getLoginUser();
 		PgSqlDatabase detachtedDB = (PgSqlDatabase) existingEntity;
 		PgSqlDatabase attachedDB = em.find(PgSqlDatabase.class, detachtedDB.getId());
 		if (!attachedDB.getName().equals(detachtedDB.getName())) {
-			throw new AuthorisationException(user, "update", existingEntity, "name");
+			throw new AuthorisationException(unixUser, "update", existingEntity, "name");
 		}
 		if (!attachedDB.getEncoding().equals(detachtedDB.getEncoding())) {
-			throw new AuthorisationException(user, "update", existingEntity, "encoding");
+			throw new AuthorisationException(unixUser, "update", existingEntity, "encoding");
 		}
 		if (!attachedDB.getInstance().equals(detachtedDB.getInstance())) {
-			throw new AuthorisationException(user, "update", existingEntity, "instance");
+			throw new AuthorisationException(unixUser, "update", existingEntity, "instance");
 		}
 		return super.update(existingEntity);
 	}

qserv/src/main/java/de/hsadmin/mods/db/PgSqlUserModuleImpl.java

@@ -7,18 +7,18 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.util.HSAdminException;
 import de.hsadmin.hostsharing.BasePacType;
 import de.hsadmin.hostsharing.MultiOption;
 import de.hsadmin.mods.pac.Pac;
+import de.hsadmin.mods.user.UnixUser;
 
 public class PgSqlUserModuleImpl extends AbstractModuleImpl {
 
 	@Override
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		PgSqlUser user = (PgSqlUser) newEntity;
 		String name = user.getName();
 		if (name.length() < 7 || name.charAt(5) != '_') {

qserv/src/main/java/de/hsadmin/mods/dom/DomainModuleImpl.java

@@ -11,7 +11,6 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.GenericModuleImpl;
 import de.hsadmin.core.util.HSAdminException;
@@ -59,9 +58,8 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 	@Override
 	public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
 		AbstractEntity newDom = super.initialize(newEntity);
-		final AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		if (newDom instanceof Domain) {
-		if (newDom instanceof Domain && loginUser instanceof UnixUser) {
+			((Domain) newDom).setUser(getTransaction().getLoginUser());
-			((Domain) newDom).setUser((UnixUser) loginUser);
 			return newDom;
 		}
 		return null;
@@ -141,7 +139,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 		final String hiveName = pac.getHive().getHiveName();
 		dom.setDnsMaster(hiveName + ".hostsharing.net");
 		// Standard domainoptions setzen. TODO: Alle defaults über eigene Klasse aus der Datenbank holen. 
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		if (!loginUser.hasHostmasterRole()) {
 			boolean usersDomain = false;
 			boolean otherUserDomain = false;
@@ -213,7 +211,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 		if (updatedDom.getName() == null || updatedDom.getName().length() == 0) {
 			throw new HSAdminException("domain name required");
 		}
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		EntityManager em = getTransaction().getEntityManager();
 		Domain oldDom = em.find(Domain.class, updatedDom.getId());
 		UnixUser admin = updatedDom.getUser();
@@ -277,7 +275,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 	}
 
 	private void needsReadAccessOn(AbstractEntity ent, String method) throws AuthorisationException {
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		if (ent instanceof Domain) {
 			Domain dom = (Domain) ent;
 			String aLoginUserName = loginUser.getName();
@@ -296,7 +294,7 @@ public class DomainModuleImpl extends AbstractModuleImpl {
 	}
 
 	private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		if (entity instanceof Domain) {
 			Domain dom = (Domain) entity;
 			String aLoginUserName = loginUser.getName();

qserv/src/main/java/de/hsadmin/mods/email/EMailAddress.java

@@ -192,12 +192,12 @@ public class EMailAddress extends AbstractEntity implements Serializable {
 	}
 
 	@Override
-	public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isReadAllowedFor(UnixUser loginUser) {
 		return getDomain().isReadAllowedFor(loginUser);
 	}
 
 	@Override
-	public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isWriteAllowedFor(UnixUser loginUser) {
 		return getDomain().isWriteAllowedFor(loginUser);
 	}
 

qserv/src/main/java/de/hsadmin/mods/email/EMailAddressModuleImpl.java

@@ -7,13 +7,13 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.core.util.HSAdminException;
 import de.hsadmin.hostsharing.BasePacType;
 import de.hsadmin.mods.dom.Domain;
 import de.hsadmin.mods.dom.DomainOption;
+import de.hsadmin.mods.user.UnixUser;
 
 public class EMailAddressModuleImpl extends AbstractModuleImpl {
 
@@ -51,7 +51,7 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl {
 		qDomain.setParameter("domName", adr.getDomain().getName());
 		Domain dom = (Domain) qDomain.getSingleResult();
 		adr.setDomain(dom);
-		AuthenticatedUser loginUser = tx.getLoginUser();
+		UnixUser loginUser = tx.getLoginUser();
 		if (dom.isPacDomain() && !loginUser.hasHostmasterRole()) {
 			throw new AuthorisationException(loginUser, "add", adr);
 		}
@@ -79,7 +79,7 @@ public class EMailAddressModuleImpl extends AbstractModuleImpl {
 	@Override
 	public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		EMailAddress detachedAddr = (EMailAddress) existingEntity;
 		EntityManager em = transaction.getEntityManager();
 		EMailAddress attachedAddr = em.find(EMailAddress.class, detachedAddr.getId());

qserv/src/main/java/de/hsadmin/mods/email/EMailAlias.java

@@ -20,7 +20,6 @@ import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
 import de.hsadmin.core.model.AnnFieldIO;
 import de.hsadmin.core.model.AnnModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.ReadWriteAccess;
 import de.hsadmin.core.model.SearchFilter;
 import de.hsadmin.mods.pac.Pac;
@@ -67,18 +66,14 @@ public class EMailAlias extends AbstractEntity implements Serializable {
 	}
 
 	@Override
-	public void initialize(EntityManager em, AuthenticatedUser loginUser) {
+	public void initialize(EntityManager em, UnixUser loginUser) {
-		pac = null;
+		pac = loginUser.getPac();
-		name = "";
+		name = pac.getName() + "-";
-		if (loginUser instanceof UnixUser) {
-			pac = ((UnixUser)loginUser).getPac();
-			name = pac.getName() + "-";
-		}
 		target = "";
 	}
 
 	@Override
-	public void complete(EntityManager em, AuthenticatedUser loginUser) {
+	public void complete(EntityManager em, UnixUser loginUser) {
 		if (pac == null && name != null && name.length() > 0) {
 			String pacName = name.substring(0, 5);
 			try {
@@ -87,9 +82,7 @@ public class EMailAlias extends AbstractEntity implements Serializable {
 				Query query = em.createQuery(queryString);
 				AbstractModuleImpl.setQueryParameter(query, queryString, "loginUser", loginUser);
 				AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserName", loginUser.getName());
-				if (loginUser instanceof UnixUser) {
+				AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", loginUser.getPac());
-					AbstractModuleImpl.setQueryParameter(query, queryString, "loginUserPac", ((UnixUser)loginUser).getPac());
-				}
 				pac = (Pac) query.getSingleResult();
 			} catch (NoResultException exc) {
 				throw new SecurityException("packet '" + pacName + "' not found or access denied");
@@ -178,12 +171,12 @@ public class EMailAlias extends AbstractEntity implements Serializable {
 	}
 
 	@Override
-	public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isReadAllowedFor(UnixUser loginUser) {
 		return loginUser.hasPacAdminRoleFor(getPac());
 	}
 
 	@Override
-	public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isWriteAllowedFor(UnixUser loginUser) {
 		String pacName = pac.getName();
 		if (!name.equals(pacName) && !name.startsWith(pacName + "-"))
 			return false;

qserv/src/main/java/de/hsadmin/mods/email/EMailAliasModuleImpl.java

@@ -7,13 +7,13 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.core.util.HSAdminException;
 import de.hsadmin.hostsharing.BasePacType;
 import de.hsadmin.hostsharing.MultiOption;
 import de.hsadmin.mods.pac.Pac;
+import de.hsadmin.mods.user.UnixUser;
 
 public class EMailAliasModuleImpl extends AbstractModuleImpl {
 
@@ -29,7 +29,7 @@ public class EMailAliasModuleImpl extends AbstractModuleImpl {
 	@Override
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		EMailAlias alias = (EMailAlias) newEntity;
 		String name = alias.getName();
 		if (name.length() > 5 && (name.charAt(5) != '-') || name.length() == 6) {

qserv/src/main/java/de/hsadmin/mods/pac/Pac.java

@@ -27,7 +27,6 @@ import javax.persistence.TemporalType;
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AnnFieldIO;
 import de.hsadmin.core.model.AnnModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.ReadWriteAccess;
 import de.hsadmin.hostsharing.BasePacType;
 import de.hsadmin.mods.cust.Customer;
@@ -114,7 +113,7 @@ public class Pac extends AbstractEntity implements Serializable {
 	}
 
 	@Override
-	public void initialize(EntityManager em, AuthenticatedUser loginUser) {
+	public void initialize(EntityManager em, UnixUser loginUser) {
 		super.initialize(em, loginUser);
 	}
 

qserv/src/main/java/de/hsadmin/mods/pac/PacModuleImpl.java

@@ -12,7 +12,6 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.GenericModuleImpl;
 import de.hsadmin.core.util.HSAdminException;
@@ -132,7 +131,7 @@ public class PacModuleImpl extends AbstractModuleImpl {
 
 	@Override
 	public AbstractEntity update(AbstractEntity entity) throws HSAdminException {
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		if (!(entity instanceof Pac)) {
 			throw new AuthorisationException(loginUser, "update", entity);
 		}
@@ -240,7 +239,7 @@ public class PacModuleImpl extends AbstractModuleImpl {
 	}
 	
 	private void needsWriteAccessOn(AbstractEntity entity, String method) throws AuthorisationException {
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		if (entity instanceof Pac) {
 			Pac pac = (Pac) entity;
 			String aLoginUserName = loginUser.getName();

qserv/src/main/java/de/hsadmin/mods/user/UnixUser.java

@@ -19,17 +19,15 @@ import javax.persistence.Transient;
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AnnFieldIO;
 import de.hsadmin.core.model.AnnModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.ReadWriteAccess;
 import de.hsadmin.core.util.Config;
-import de.hsadmin.mods.cust.Customer;
 import de.hsadmin.mods.pac.Pac;
 
 @Entity(name = "UnixUsers")
 @Table(name = "unixuser")
 @SequenceGenerator(name = "UnixUsersSeqGen", sequenceName = "unixuser_unixuser_id_seq")
 @AnnModuleImpl(de.hsadmin.mods.user.UnixUserModuleImpl.class)
-public class UnixUser extends AbstractEntity implements Serializable, AuthenticatedUser {
+public class UnixUser extends AbstractEntity implements Serializable {
 	
 	private static final long serialVersionUID = 7823071611805642906L;
 
@@ -266,16 +264,14 @@ public class UnixUser extends AbstractEntity implements Serializable, Authentica
 	}
 
 	@Override
-	public void initialize(EntityManager em, AuthenticatedUser loginUser) {
+	public void initialize(EntityManager em, UnixUser loginUser) {
-		if (loginUser instanceof UnixUser) {
+		pac = loginUser.getPac(); // a default useful for the pac admin
-			pac = ((UnixUser)loginUser).getPac(); // a default useful for the pac admin
+		// TODO should not be hardcoded, but how?
-			// TODO should not be hardcoded, but how?
+		homedir = "/home/pacs/" + pac.getName() + "/users/..."; 
-			homedir = "/home/pacs/" + pac.getName() + "/users/...";
-		}
 	}
 
 	@Override
-	public UnixUser merge(EntityManager em, AuthenticatedUser loginUser) {
+	public UnixUser merge(EntityManager em, UnixUser loginUser) {
 		if (homedir == null)
 			homedir = "/home/pacs/" + pac.getName() + "/users/"
 					+ getName().substring(6); // TODO: Hack
@@ -304,40 +300,31 @@ public class UnixUser extends AbstractEntity implements Serializable, Authentica
 		return login.length() == 2 || ((login.startsWith(Config.getInstance().getProperty("accountprefix.hostmaster", "hsh01") + "-") && login.length() == 8));
 	}
 
-	public boolean hasCustomerRoleFor(AbstractEntity custEntity) {
+	public boolean hasCustomerRoleFor(de.hsadmin.mods.cust.Customer cust) {
-		if (custEntity instanceof Customer) {
+		return getName().equals(cust.getName()) || hasHostmasterRole();
-			Customer cust = (Customer) custEntity;
-			return getName().equals(cust.getName()) || hasHostmasterRole();
-			
-		}
-		return false;
 	}
 
-	public boolean hasPacAdminRoleFor(AbstractEntity pacEntity) {
+	public boolean hasPacAdminRoleFor(Pac pac) {
-		if (pacEntity instanceof Pac) {
+		return pac != null && 
-			Pac pac = (Pac) pacEntity;
+			(pac.getName().equals(getName())
-			return pac != null && 
+				|| hasCustomerRoleFor(pac.getCustomer()) );
-					(pac.getName().equals(getName())
-						|| hasCustomerRoleFor(pac.getCustomer()) );
-		}
-		return false;
 	}
 
 	@Override
-	public boolean isWriteAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isWriteAllowedFor(UnixUser loginUser) {
 		String pacName = pac.getName();
 		if (!name.equals(pacName) && !name.startsWith(pacName + "-"))
 			return false;
 		if (super.isWriteAllowedFor(loginUser))
 			return true;
-		return (loginUser instanceof UnixUser && this.getId() == ((UnixUser)loginUser).getId()) || loginUser.hasPacAdminRoleFor(getPac());
+		return this.getId() == loginUser.getId() || loginUser.hasPacAdminRoleFor(getPac());
 	}
 
 	@Override
-	public boolean isReadAllowedFor(AuthenticatedUser loginUser) {
+	public boolean isReadAllowedFor(UnixUser loginUser) {
 		if (super.isReadAllowedFor(loginUser))
 			return true;
-		return (loginUser instanceof UnixUser && this.getId() == ((UnixUser)loginUser).getId()) || loginUser.hasPacAdminRoleFor(getPac());
+		return this.getId() == loginUser.getId() || loginUser.hasPacAdminRoleFor(getPac());
 	}
 
 	/**

qserv/src/main/java/de/hsadmin/mods/user/UnixUserModuleImpl.java

@@ -8,7 +8,6 @@ import javax.persistence.Query;
 
 import de.hsadmin.core.model.AbstractEntity;
 import de.hsadmin.core.model.AbstractModuleImpl;
-import de.hsadmin.core.model.AuthenticatedUser;
 import de.hsadmin.core.model.AuthorisationException;
 import de.hsadmin.core.model.Transaction;
 import de.hsadmin.core.util.HSAdminException;
@@ -25,10 +24,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
 	@Override
 	public AbstractEntity initialize(AbstractEntity newEntity) throws AuthorisationException {
 		UnixUser newUnixUser = (UnixUser) super.initialize(newEntity);
-		final AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		newUnixUser.setName(getTransaction().getLoginUser().getPac().getName() + '-');
-		if (loginUser instanceof UnixUser) {
-			newUnixUser.setName(((UnixUser)loginUser).getPac().getName() + '-');
-		}
 		return newUnixUser;
 	}
 
@@ -78,7 +74,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
 	public AbstractEntity add(AbstractEntity newEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
 		EntityManager em = transaction.getEntityManager();
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		// only allow pac which matches the username (TODO: hard coded
 		// Hostsharing convention)
 		UnixUser newUnixUser = (UnixUser) newEntity;
@@ -162,7 +158,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
 	@Override
 	public AbstractEntity update(AbstractEntity existingEntity) throws HSAdminException {
 		Transaction transaction = getTransaction();
-		AuthenticatedUser loginUser = transaction.getLoginUser();
+		UnixUser loginUser = transaction.getLoginUser();
 		EntityManager em = transaction.getEntityManager();
 		UnixUser detachedUnixUser = (UnixUser) existingEntity;
 		UnixUser attachedUnixUser = em.find(detachedUnixUser.getClass(), detachedUnixUser.getId());
@@ -255,7 +251,7 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
 	// throws an AuthorisationException if the login user has no write acess
 	// on the pac of the given UnixUser
 	private boolean hasFullAccessOnPacOf(UnixUser user) {
-		AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		UnixUser loginUser = getTransaction().getLoginUser();
 		String loginUserName = loginUser.getName();
 		return loginUser.hasHostmasterRole()
 			|| loginUserName.equals(user.getPac().getName()) 
@@ -264,33 +260,22 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
 
 	// throws an AuthorisationException if the login user has no write acess
 	// on the pac of the given UnixUser
-	private void needsFullAccessOnPacOf(UnixUser user, String method) throws AuthorisationException {
+	private void needsFullAccessOnPacOf(UnixUser user, String method)
+			throws AuthorisationException {
 		if (!hasFullAccessOnPacOf(user))
 			throw new AuthorisationException(getTransaction().getLoginUser(), method, user);
 	}
 
 	private void needsPartialAccessOnPacOf(UnixUser user, String method) throws AuthorisationException {
-		if (!hasFullAccessOnPacOf(user)) {
+		UnixUser loginUser = getTransaction().getLoginUser();
-			AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		if (!hasFullAccessOnPacOf(user) && loginUser.getPac().id() != user.getPac().id()) {
-			if (loginUser instanceof UnixUser) {
-				UnixUser uxUser = (UnixUser) loginUser;
-				if (uxUser.getPac().id() == user.getPac().id()) {
-					return;
-				}
-			}
 			throw new AuthorisationException(loginUser, method, user);
 		}
 	}
 
 	private void needsFullAccessOnUser(UnixUser user, String method) throws AuthorisationException {
-		if (!hasFullAccessOnPacOf(user)) {
+		UnixUser loginUser = getTransaction().getLoginUser();
-			AuthenticatedUser loginUser = getTransaction().getLoginUser();
+		if (!hasFullAccessOnPacOf(user) && !loginUser.sameIdAs(user)) {
-			if (loginUser instanceof UnixUser) {
-				UnixUser uxUser = (UnixUser) loginUser;
-				if (uxUser.sameIdAs(user)) {
-					return;
-				}
-			}
 			throw new AuthorisationException(loginUser, method, user);
 		}
 	}
@@ -300,8 +285,6 @@ public class UnixUserModuleImpl extends AbstractModuleImpl {
 			return true;
 		if (shell.equals("/bin/bash"))
 			return true;
-		if (shell.equals("/bin/dash"))
-			return true;
 		if (shell.equals("/bin/csh"))
 			return true;
 		if (shell.equals("/bin/tcsh"))