CCM NG:

- Login now works - CdiUtil now uses JNDI to lookup CDI BeanManager because that works more reliable. git-svn-id: https://svn.libreccm.org/ccm/ccm_ng@3862 8810af33-2d31-482b-a856-94f89814c4df
2016-02-15 16:51:19 +00:00 · 2016-02-15 16:51:19 +00:00 · dd1556afbb
parent 3ac09f8510
commit dd1556afbb
43 changed files with 219 additions and 271 deletions
--- a/ccm-core/src/main/java/com/arsdigita/bebop/page/BebopApplicationServlet.java
+++ b/ccm-core/src/main/java/com/arsdigita/bebop/page/BebopApplicationServlet.java
@ -37,6 +37,7 @@ import java.util.Map;
 import java.util.Set;
 import javax.enterprise.inject.spi.CDI;
 import javax.inject.Inject;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@ -67,6 +68,9 @@ public class BebopApplicationServlet extends BaseApplicationServlet {
    private static final Logger LOGGER = LogManager.getLogger(
        BebopApplicationServlet.class);
    @Inject
    private Subject subject;
    /**
     * URL (pathinfo) -> Page object mapping. Based on it (and the http request
     * url) the doService method to selects a page to display
@ -152,7 +156,7 @@ public class BebopApplicationServlet extends BaseApplicationServlet {
        final String pathInfo = sreq.getPathInfo();
        Assert.exists(pathInfo, "String pathInfo");
-        final Subject subject = CDI.current().select(Subject.class).get();
+        //final Subject subject = CDI.current().select(Subject.class).get();
        LOGGER.debug("Current session is: {}", sreq.getSession().getId());
        LOGGER.debug("Current Shiro session is {}", 
                     subject.getSession().getId().toString());
--- a/ccm-core/src/main/java/com/arsdigita/dispatcher/DispatcherConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/dispatcher/DispatcherConfig.java
@ -44,9 +44,8 @@ public final class DispatcherConfig {
    private String defaultPageClass = "com.arsdigita.bebop.Page";
    public static DispatcherConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
                ConfigurationManager.class);
        return confManager.findConfiguration(DispatcherConfig.class);
    }
@ -130,4 +129,5 @@ public final class DispatcherConfig {
                             staticUrlPrefix,
                             defaultPageClass);
    }
 }
--- a/ccm-core/src/main/java/com/arsdigita/formbuilder/FormBuilderConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/formbuilder/FormBuilderConfig.java
@ -43,9 +43,8 @@ public final class FormBuilderConfig {
    private Boolean interpolateEmailActions;
    public static FormBuilderConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
            ConfigurationManager.class);
        return confManager.findConfiguration(FormBuilderConfig.class);
    }
--- a/ccm-core/src/main/java/com/arsdigita/globalization/GlobalizationConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/globalization/GlobalizationConfig.java
@ -37,9 +37,8 @@ public class GlobalizationConfig {
    private String defaultCharset = "UTF-8";
    public static GlobalizationConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
                ConfigurationManager.class);
        return confManager.findConfiguration(GlobalizationConfig.class);
    }
@ -81,4 +80,5 @@ public class GlobalizationConfig {
                             super.toString(),
                             defaultCharset);
    }
 }
--- a/ccm-core/src/main/java/com/arsdigita/kernel/KernelConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/kernel/KernelConfig.java
@ -70,9 +70,6 @@ public final class KernelConfig {
    private String defaultLanguage = "en";
    public static KernelConfig getConfig() {
 //        final CdiUtil cdiUtil = new CdiUtil();
 //        final ConfigurationManager confManager = cdiUtil.findBean(
 //            ConfigurationManager.class);
        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
            .findBean(ConfigurationManager.class);
        return confManager.findConfiguration(KernelConfig.class);
--- a/ccm-core/src/main/java/com/arsdigita/mail/MailConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/mail/MailConfig.java
@ -50,9 +50,8 @@ public final class MailConfig {
    private Boolean sendHtml = false;
    public static MailConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
            ConfigurationManager.class);
        return confManager.findConfiguration(MailConfig.class);
    }
--- a/ccm-core/src/main/java/com/arsdigita/notification/NotificationConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/notification/NotificationConfig.java
@ -51,9 +51,8 @@ public final class NotificationConfig {
    private Integer simpleQueuePeriod = 900;
    public static NotificationConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
            ConfigurationManager.class);
        return confManager.findConfiguration(NotificationConfig.class);
    }
--- a/ccm-core/src/main/java/com/arsdigita/templating/TemplatingConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/templating/TemplatingConfig.java
@ -49,9 +49,8 @@ public final class TemplatingConfig {
    private Integer stylesheetCacheAge = 3600;
    public static TemplatingConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
            ConfigurationManager.class);
        return confManager.findConfiguration(TemplatingConfig.class);
    }
--- a/ccm-core/src/main/java/com/arsdigita/ui/UIConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/UIConfig.java
@ -55,11 +55,9 @@ public final class UIConfig {
    private String workspaceUrl = "/pvt/";
    public static UIConfig getConfig() {
-//        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-//        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
-//            ConfigurationManager.class);
+
        final ConfigurationManager confManager = CDI.current().select(
        ConfigurationManager.class).get();
        return confManager.findConfiguration(UIConfig.class);
    }
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/AdminServlet.java
@ -116,13 +116,10 @@ public class AdminServlet
        ServletException, IOException {
        // ///////    Some preparational steps                   ///////////////
        /* Determine access privilege: only logged in users may access   */
-//        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
-//        final Subject subject = cdiUtil.findBean(Subject.class);
+        final Subject subject = cdiUtil.findBean(Subject.class);
-        final Subject subject = CDI.current().select(Subject.class).get();
+        final PermissionChecker permissionChecker = cdiUtil.findBean(
-//        final PermissionChecker permissionChecker = cdiUtil.findBean(
+            PermissionChecker.class);
 //            PermissionChecker.class);
        final PermissionChecker permissionChecker = CDI.current().select(
            PermissionChecker.class).get();
        final ConfigurationManager confManager = CDI.current().select(ConfigurationManager.class).get();
        if (confManager == null) {
@ -172,9 +169,11 @@ public class AdminServlet
 //            final Document doc = page.buildDocument(sreq, sresp);
 //            Templating.getPresentationManager().servePage(doc, sreq, sresp);
 //        }
-        final Page page = new Page();
+        final Page page = PageFactory.buildPage("admin", "LibreCCM NG Admin");
        page.add(new Label("admin"));
        page.lock();
        final Document doc = page.buildDocument(sreq, sresp);
        Templating.getPresentationManager().servePage(doc, sreq, sresp);
    }
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/ApplicationsAdministrationTab.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/ApplicationsAdministrationTab.java
@ -78,7 +78,7 @@ public class ApplicationsAdministrationTab extends LayoutPanel implements
        setLeft(applicationTree);
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
        final org.libreccm.web.ApplicationManager appManager = cdiUtil.findBean(
            org.libreccm.web.ApplicationManager.class);
@ -213,7 +213,7 @@ public class ApplicationsAdministrationTab extends LayoutPanel implements
                    }
                } else {
                    // Selected key is the name of a instance pane
-                    final CdiUtil cdiUtil = new CdiUtil();
+                    final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
                    final ApplicationRepository appRepo = cdiUtil.findBean(
                        ApplicationRepository.class);
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/GroupEditForm.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/GroupEditForm.java
@ -64,7 +64,7 @@ class GroupEditForm extends GroupForm implements FormInitListener,
        final Long id = (Long) state.getValue(USER_ID_PARAM);
 //        if (id != null) {
-//            final CdiUtil cdiUtil = new CdiUtil();
+            final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //            final GroupRepository groupRepository;
 //
@ -86,7 +86,7 @@ class GroupEditForm extends GroupForm implements FormInitListener,
        final PageState state = event.getPageState();
        final Long id = (Long) state.getValue(GROUP_ID_PARAM);
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //        final GroupRepository groupRepository;
 //            groupRepository = cdiUtil.findBean(GroupRepository.class);
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/SubMemberPanel.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/SubMemberPanel.java
@ -81,7 +81,7 @@ class SubMemberPanel extends BoxPanel {
                    if (key != null) {
                        final Long userID = new Long(key);
-                        final CdiUtil cdiUtil = new CdiUtil();
+                        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //                        final UserRepository userRepository;
 //                        final GroupManager groupManager;
 //                        final GroupRepository groupRepository;
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/UserBrowsePane.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/UserBrowsePane.java
@ -113,7 +113,7 @@ class UserBrowsePane extends SegmentedPanel
    @Override
    public void actionPerformed(final ActionEvent event) {
 //        final PageState state = event.getPageState();
-//        final CdiUtil cdiUtil = new CdiUtil();
+//        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //        final CcmSessionContext sessionContext;
 //            sessionContext = cdiUtil.findBean(CcmSessionContext.class);
@ -143,7 +143,7 @@ class UserBrowsePane extends SegmentedPanel
            protected Object initialValue(final PageState state) {
                final Long id = (Long) state.getValue(USER_ID_PARAM);
-//                final CdiUtil cdiUtil = new CdiUtil();
+//                final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //                final UserRepository userRepository;
 //                    userRepository = cdiUtil.findBean(UserRepository.class);
@ -346,7 +346,7 @@ class UserBrowsePane extends SegmentedPanel
                final PageState state = event.getPageState();
 //                final BigDecimal id = (BigDecimal) state.getValue(USER_ID_PARAM);
 //
-//                final CdiUtil cdiUtil = new CdiUtil();
+//                final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //                final LoginManager loginManager;
 //                    loginManager = cdiUtil.findBean(
@ -421,7 +421,7 @@ class UserBrowsePane extends SegmentedPanel
                final PageState state = event.getPageState();
                final User user = getUser(state);
-//                final CdiUtil cdiUtil = new CdiUtil();
+//                final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //                final UserRepository userRepository;
 //                    userRepository = cdiUtil.findBean(UserRepository.class);
@ -461,7 +461,7 @@ class UserBrowsePane extends SegmentedPanel
 //                User user = getUser(state);
 //                user.setBanned(true);
 //
-//                final CdiUtil cdiUtil = new CdiUtil();
+//                final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //                final UserRepository userRepository;
 //                    userRepository = cdiUtil.findBean(UserRepository.class);
@ -492,7 +492,7 @@ class UserBrowsePane extends SegmentedPanel
 //                User user = getUser(state);
 //                user.setBanned(false);
 //
-//                final CdiUtil cdiUtil = new CdiUtil();
+//                final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //                final UserRepository userRepository;
 //                    userRepository = cdiUtil.findBean(UserRepository.class);
@ -672,7 +672,7 @@ class UserBrowsePane extends SegmentedPanel
                PageState ps = event.getPageState();
                String id = (String) m_groupList.getSelectedKey(ps);
                if (id != null) {
-                    final CdiUtil cdiUtil = new CdiUtil();
+                    final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //                    final GroupRepository groupRepository;
 //                        groupRepository = cdiUtil
@ -706,7 +706,7 @@ class UserTableModel implements TableModel {
    private int index = 0;
    public UserTableModel() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //        final UserRepository userRepository;
 //            userRepository = cdiUtil.findBean(UserRepository.class);
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/UserForm.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/UserForm.java
@ -237,7 +237,7 @@ class UserForm extends Form implements FormValidationListener, AdminConstants {
        /**
         * Verify that primary email and screen name are unique
         */
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //        final UserRepository userRepository;
 //            userRepository = cdiUtil.findBean(UserRepository.class);
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/UserPasswordForm.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/UserPasswordForm.java
@ -133,7 +133,7 @@ class UserPasswordForm extends Form
        final PageState state = event.getPageState();
-//        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //        final UserRepository userRepository;
 //            userRepository = cdiUtil.findBean(UserRepository.class);
@ -157,7 +157,7 @@ class UserPasswordForm extends Form
        FormData data = event.getFormData();
        HttpServletRequest req = state.getRequest();
-//        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //        final UserRepository userRepository;
 //            userRepository = cdiUtil.findBean(UserRepository.class);
@ -206,7 +206,7 @@ class UserPasswordForm extends Form
        final PageState state = event.getPageState();
        final FormData data = event.getFormData();
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
 //        final UserRepository userRepository;
 //        final UserManager userManager;
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/applications/ApplicationInfoPropertySheetModel.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/applications/ApplicationInfoPropertySheetModel.java
@ -137,9 +137,8 @@ public class ApplicationInfoPropertySheetModel implements PropertySheetModel {
                return applicationType.description();
            case SINGLETON_PATH:
                final String path;
-                final CdiUtil cdiUtil = new CdiUtil();
+                final ApplicationRepository appRepo = CdiUtil.createCdiUtil()
-                final ApplicationRepository appRepo = cdiUtil.findBean(
+                    .findBean(ApplicationRepository.class);
                    ApplicationRepository.class);
                final List<CcmApplication> instances
                                               = appRepo.findByType(
                        applicationType.name());
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/applications/MultiInstanceApplicationPane.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/applications/MultiInstanceApplicationPane.java
@ -136,8 +136,8 @@ public class MultiInstanceApplicationPane<T extends CcmApplication>
        public ApplicationInstancesTableModel(final Table table,
                                              final String appType) {
            this.table = table;
-            final CdiUtil cdiUtil = new CdiUtil();
+            final ApplicationRepository appRepo = CdiUtil.createCdiUtil()
-            final ApplicationRepository appRepo = cdiUtil.findBean(ApplicationRepository.class);
+                .findBean(ApplicationRepository.class);
            final List<CcmApplication> applications = appRepo.
                    findByType(appType);
            for (CcmApplication application : applications) {
--- a/ccm-core/src/main/java/com/arsdigita/ui/admin/applications/tree/ApplicationTreeModel.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/admin/applications/tree/ApplicationTreeModel.java
@ -82,9 +82,8 @@ public class ApplicationTreeModel implements TreeModel {
    @Override
    public Iterator getChildren(final TreeNode node, final PageState state) {
        if (node instanceof RootTreeNode) {
-            final CdiUtil cdiUtil = new CdiUtil();
+            final ApplicationManager appManager = CdiUtil.createCdiUtil()
-            final ApplicationManager appManager = cdiUtil.findBean(
+                .findBean(ApplicationManager.class);
                ApplicationManager.class);
            final Collection<ApplicationType> appTypes = appManager
                .getApplicationTypes().values();
@ -94,9 +93,8 @@ public class ApplicationTreeModel implements TreeModel {
            final ApplicationTypeTreeNode typeTreeNode
                                              = (ApplicationTypeTreeNode) node;
-            final CdiUtil cdiUtil = new CdiUtil();
+            final ApplicationRepository appRepo = CdiUtil.createCdiUtil()
-            final ApplicationRepository appRepo = cdiUtil.findBean(
+                .findBean(ApplicationRepository.class);
                ApplicationRepository.class);
            final List<CcmApplication> applications = appRepo.findByType(
                typeTreeNode.getObjecType());
@ -113,8 +111,7 @@ public class ApplicationTreeModel implements TreeModel {
    private List<CcmApplication> retrieveApplicationInstances(
        final ApplicationType applicationType) {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ApplicationRepository appRepo = CdiUtil.createCdiUtil().findBean(
        final ApplicationRepository appRepo = cdiUtil.findBean(
            ApplicationRepository.class);
        return appRepo.findByType(applicationType.name());
@ -122,8 +119,7 @@ public class ApplicationTreeModel implements TreeModel {
    private List<CcmApplication> retrieveApplicationInstances(
        final String appObjectType) {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ApplicationRepository appRepo = CdiUtil.createCdiUtil().findBean(
        final ApplicationRepository appRepo = cdiUtil.findBean(
            ApplicationRepository.class);
        return appRepo.findByType(appObjectType);
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/ChangePasswordForm.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/ChangePasswordForm.java
@ -202,7 +202,7 @@ public class ChangePasswordForm extends Form
            String confirmPassword = (String) m_confirmPassword.getValue(state);
            //check oldPassword
-            final CdiUtil cdiUtil = new CdiUtil();
+            final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
            final Shiro shiro = cdiUtil.findBean(Shiro.class);
            final UserManager userManager = cdiUtil.findBean(UserManager.class);
@ -250,7 +250,7 @@ public class ChangePasswordForm extends Form
            return;
        }
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
        final UserManager userManager = cdiUtil.findBean(UserManager.class);
        final Shiro shiro = cdiUtil.findBean(Shiro.class);
        final User user = shiro.getUser();
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/EmailInitListener.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/EmailInitListener.java
@ -53,7 +53,7 @@ public class EmailInitListener implements FormInitListener {
        s_log.debug("START");
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
        final Subject subject = cdiUtil.findBean(Subject.class);
        final Shiro shiro = cdiUtil.findBean(Shiro.class);
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/LoginServlet.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/LoginServlet.java
@ -36,6 +36,7 @@ import com.arsdigita.web.URL;
 import org.apache.log4j.Logger;
 import org.libreccm.configuration.ConfigurationManager;
 import org.libreccm.security.UserRepository;
 import javax.inject.Inject;
 import javax.servlet.ServletException;
@ -130,6 +131,9 @@ public class LoginServlet extends BebopApplicationServlet {
    @Inject
    private ConfigurationManager confManager;
    @Inject
    private UserRepository userRepository;
    /**
     * User extension point used to create the pages to server and setup a
     * URL_MSG - page mapping.
@ -141,6 +145,10 @@ public class LoginServlet extends BebopApplicationServlet {
        final SecurityConfig securityConfig = confManager.findConfiguration(
            SecurityConfig.class);
        if (userRepository == null) {
            throw new IllegalStateException("User repository is not available.");
        }
        // Allow world caching for pages without authentication,
        // ie, /register, /register/explain-persistent-cookies,
        // /register/login-expired, /register/recover-password
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/ScreenNameInitListener.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/ScreenNameInitListener.java
@ -63,7 +63,7 @@ public class ScreenNameInitListener implements FormInitListener {
        FormData data = event.getFormData();
        s_log.debug("START");
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
        final Subject subject = cdiUtil.findBean(Subject.class);
        final Shiro shiro = cdiUtil.findBean(Shiro.class);
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/UserAuthenticationListener.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/UserAuthenticationListener.java
@ -67,8 +67,7 @@ public class UserAuthenticationListener implements RequestListener {
            throw new IllegalStateException("User is not logged in");
        }
-        final CdiUtil cdiUtil = new CdiUtil();
+        final Subject subject = CdiUtil.createCdiUtil().findBean(Subject.class);
        final Subject subject = cdiUtil.findBean(Subject.class);
        return subject;
    }
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/UserEditForm.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/UserEditForm.java
@ -65,8 +65,7 @@ public class UserEditForm extends UserForm
        @Override
        public Object initialValue(final PageState ps) {
-            final CdiUtil cdiUtil = new CdiUtil();
+            final Shiro shiro = CdiUtil.createCdiUtil().findBean(Shiro.class);
            final Shiro shiro = cdiUtil.findBean(Shiro.class);
            final User result = shiro.getUser();
            return result;
@ -103,8 +102,7 @@ public class UserEditForm extends UserForm
        FormData data = event.getFormData();
        PageState state = event.getPageState();
-        final CdiUtil cdiUtil = new CdiUtil();
+        final UserRepository userRepository = CdiUtil.createCdiUtil().findBean(
        final UserRepository userRepository = cdiUtil.findBean(
            UserRepository.class);
        User user = getUser(state);
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/UserForm.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/UserForm.java
@ -234,6 +234,7 @@ public abstract class UserForm extends Form
     * Gets the current user for initialising the form.
     *
     * @param state
     *
     * @return the current user, if the form should not be initialised with user
     *         data.
     */
@ -246,6 +247,7 @@ public abstract class UserForm extends Form
     * users.
     *
     * @param event
     *
     * @throws com.arsdigita.bebop.FormProcessException
     */
    @Override
@ -255,8 +257,8 @@ public abstract class UserForm extends Form
        final PageState state = event.getPageState();
        final FormData data = event.getFormData();
-        final CdiUtil cdiUtil = new CdiUtil();
+        final UserRepository userRepository = CdiUtil.createCdiUtil().findBean(
-        final UserRepository userRepository = cdiUtil.findBean(UserRepository.class);
+            UserRepository.class);
        try {
            if (m_newUser) {
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/UserInfo.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/UserInfo.java
@ -37,7 +37,6 @@ import org.libreccm.security.User;
 import org.libreccm.web.ApplicationRepository;
 import org.libreccm.web.CcmApplication;
 /**
 * A reusable Bebop component to display the primary attributes of the currently
 * logged in user. Users can extend this class to provide information about
@ -105,9 +104,8 @@ public class UserInfo extends SimpleContainer {
                    m_contentCenters = new ArrayList<>();
-                    final CdiUtil cdiUtil = new CdiUtil();
+                    final ApplicationRepository appRepo = CdiUtil
-                    final ApplicationRepository appRepo = cdiUtil.findBean(
+                        .createCdiUtil().findBean(ApplicationRepository.class);
                            ApplicationRepository.class);
                    m_contentCenters = appRepo.findByType(
                        "com.arsdigita.cms.ContentCenter");
@ -185,6 +183,7 @@ public class UserInfo extends SimpleContainer {
    /**
     * @param state
     *
     * @return true if the user is logged in
     *
     */
@ -194,6 +193,7 @@ public class UserInfo extends SimpleContainer {
    /**
     * @param state
     *
     * @return the User object for which we are generating information
     *
     * @throws IllegalStateException if user is not logged in. Call
@ -208,8 +208,7 @@ public class UserInfo extends SimpleContainer {
            throw new IllegalStateException("user is not logged in");
        }
-        final CdiUtil cdiUtil = new CdiUtil();
+        final Shiro shiro = CdiUtil.createCdiUtil().findBean(Shiro.class);
        final Shiro shiro = cdiUtil.findBean(Shiro.class);
        final User user = shiro.getUser();
        return user;
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/UserLoginForm.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/UserLoginForm.java
@ -141,27 +141,6 @@ public class UserLoginForm extends Form implements LoginConstants,
                         final boolean autoRegistrationOn) {
        super(FORM_NAME, panel);
 //        final ConfigurationManager confManager = CDI.current().select(
 //                ConfigurationManager.class).get();
 //        final BeanManager beanManager = CDI.current().getBeanManager();
 //        final Set<Bean<?>> beans = beanManager.getBeans(
 //            ConfigurationManager.class);
 //        final Iterator<Bean<?>> iterator = beans.iterator();
 //        final ConfigurationManager confManager;
 //        if (iterator.hasNext()) {
 //            @SuppressWarnings("unchecked")
 //            final Bean<ConfigurationManager> bean
 //                                                 = (Bean<ConfigurationManager>) iterator
 //                .next();
 //            final CreationalContext<ConfigurationManager> ctx = beanManager.
 //                createCreationalContext(bean);
 //
 //            confManager = (ConfigurationManager) beanManager.getReference(
 //                bean, ConfigurationManager.class, ctx);
 //        } else {
 //            throw new UncheckedWrapperException(
 //                "Failed to lookup ConfigurationManager");
 //        }
        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
            .findBean(ConfigurationManager.class);
        securityConfig = confManager.findConfiguration(SecurityConfig.class);
@ -378,8 +357,7 @@ public class UserLoginForm extends Form implements LoginConstants,
        throws FormProcessException {
        PageState state = event.getPageState();
-        final CdiUtil cdiUtil = new CdiUtil();
+        final Subject subject = CdiUtil.createCdiUtil().findBean(Subject.class);
        final Subject subject = cdiUtil.findBean(Subject.class);
        final UsernamePasswordToken token = new UsernamePasswordToken(
            m_loginName.getValue(state).toString(),
@ -389,11 +367,12 @@ public class UserLoginForm extends Form implements LoginConstants,
        try {
            LOGGER.debug("Trying to login user {}...", subject.toString());
            subject.login(token);
            LOGGER.debug("User {} logged in successfully.", token.getUsername());
        } catch (AuthenticationException ex) {
            onLoginFail(event, ex);
            LOGGER.debug("Login failed.", ex);
        }
        LOGGER.debug("User {} logged in successfully.", token.getUsername());
        LOGGER.debug("subject = {}", subject.toString());
        LOGGER.debug("Current session is: {}",
                     state.getRequest().getSession().getId());
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/UserLogoutListener.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/UserLogoutListener.java
@ -44,9 +44,7 @@ public class UserLogoutListener implements ActionListener {
     */
    @Override
    public void actionPerformed(final ActionEvent event) {
-
+        final Subject subject = CdiUtil.createCdiUtil().findBean(Subject.class);
        final CdiUtil cdiUtil = new CdiUtil();
        final Subject subject = cdiUtil.findBean(Subject.class);
        subject.logout();
    }
--- a/ccm-core/src/main/java/com/arsdigita/ui/login/UserNewForm.java
+++ b/ccm-core/src/main/java/com/arsdigita/ui/login/UserNewForm.java
@ -151,7 +151,7 @@ public class UserNewForm extends UserForm implements FormInitListener,
        final Exception[] formExceptions = new Exception[]{null};
-        final CdiUtil cdiUtil = new CdiUtil();
+        final CdiUtil cdiUtil = CdiUtil.createCdiUtil();
        final Shiro shiro = cdiUtil.findBean(Shiro.class);
        shiro.getSystemUser().execute(new Callable<Void>() {
@ -159,9 +159,8 @@ public class UserNewForm extends UserForm implements FormInitListener,
            @Override
            public Void call() throws Exception {
-                final CdiUtil cdiUtil = new CdiUtil();
+                final UserManager userManager = CdiUtil.createCdiUtil()
-                final UserManager userManager = cdiUtil.findBean(
+                    .findBean(UserManager.class);
                    UserManager.class);
                userManager.createUser(firstName,
                                       lastName,
                                       screenName,
--- a/ccm-core/src/main/java/com/arsdigita/web/WebConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/web/WebConfig.java
@ -22,20 +22,16 @@ import com.arsdigita.util.UncheckedWrapperException;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import org.apache.logging.log4j.message.ParameterizedMessage;
+import org.libreccm.cdi.utils.CdiUtil;
 import org.libreccm.configuration.Configuration;
 import org.libreccm.configuration.ConfigurationManager;
 import org.libreccm.configuration.Setting;
 import java.lang.reflect.Method;
 import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Set;
 import java.util.StringJoiner;
 import javax.enterprise.context.spi.CreationalContext;
 import javax.enterprise.inject.spi.Bean;
 import javax.enterprise.inject.spi.BeanManager;
 import javax.enterprise.inject.spi.CDI;
 import javax.validation.ConstraintViolation;
 import javax.validation.Validation;
@ -84,36 +80,9 @@ public final class WebConfig {
    private String dynamicHostProviderClass;
    public static WebConfig getConfig() {
        final ConfigurationManager confManager = CDI.current().select(
            ConfigurationManager.class).get();
-//        final BeanManager beanManager = CDI.current().getBeanManager();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-//        final Set<Bean<?>> beans = beanManager.getBeans(
+            .findBean(ConfigurationManager.class);
 //            ConfigurationManager.class);
 //        final Iterator<Bean<?>> iterator = beans.iterator();
 //        final ConfigurationManager confManager;
 //        if (iterator.hasNext()) {
 //            @SuppressWarnings("unchecked")
 //            final Bean<ConfigurationManager> bean
 //                                                 = (Bean<ConfigurationManager>) iterator
 //                .next();
 //            final CreationalContext<ConfigurationManager> ctx = beanManager
 //                .createCreationalContext(bean);
 //
 //            confManager = (ConfigurationManager) beanManager.getReference(
 //                bean, ConfigurationManager.class, ctx);
 //        } else {
 //            LOGGER.error(new ParameterizedMessage(
 //                "No CDI Bean for type {} found.",
 //                ConfigurationManager.class.getName()));
 //            throw new IllegalStateException(String.format(
 //                "No CDI Bean for type \"%s\" found",
 //                ConfigurationManager.class.getName()));
 //        }
 //        final CdiUtil cdiUtil = new CdiUtil();
 //        final ConfigurationManager confManager = cdiUtil.findBean(
 //            ConfigurationManager.class);
        return confManager.findConfiguration(WebConfig.class);
    }
--- a/ccm-core/src/main/java/com/arsdigita/workflow/simple/WorkflowConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/workflow/simple/WorkflowConfig.java
@ -39,9 +39,8 @@ public final class WorkflowConfig {
    private String alertsSender;
    public static WorkflowConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
            ConfigurationManager.class);
        return confManager.findConfiguration(WorkflowConfig.class);
    }
--- a/ccm-core/src/main/java/com/arsdigita/xml/XmlConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/xml/XmlConfig.java
@ -72,9 +72,8 @@ public final class XmlConfig {
    private Boolean fullTimeFormatterEnabled = false;
    public static XmlConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
            ConfigurationManager.class);
        return confManager.findConfiguration(XmlConfig.class);
    }
@ -137,9 +136,9 @@ public final class XmlConfig {
    /**
     * Returns the class name of the default {@link DocumentBuilderFactory}.
-     * This method encapsulates the default value so that is easy to change. The method is only for 
+     * This method encapsulates the default value so that is easy to change. The
-     * use by the classes in the {@code com.arsdigita.xml} package, therefore the method is 
+     * method is only for use by the classes in the {@code com.arsdigita.xml}
-     * only accessible from the package.
+     * package, therefore the method is only accessible from the package.
     *
     * @return
     */
@ -147,7 +146,6 @@ public final class XmlConfig {
        return DOM_XERCES;
    }
    public void setDomBuilder(final String domBuilder) {
        this.domBuilder = domBuilder;
    }
@ -175,10 +173,10 @@ public final class XmlConfig {
    }
    /**
-     * Returns the class name of the default {@link SAXParserFactory}. 
+     * Returns the class name of the default {@link SAXParserFactory}. This
-     * This method encapsulates the default value so that is easy to change. The method is only for 
+     * method encapsulates the default value so that is easy to change. The
-     * use by the classes in the {@code com.arsdigita.xml} package, therefore the method is 
+     * method is only for use by the classes in the {@code com.arsdigita.xml}
-     * only visible in the package.
+     * package, therefore the method is only visible in the package.
     *
     * @return
     */
@ -186,7 +184,6 @@ public final class XmlConfig {
        return SAX_XERCES;
    }
    public void setSaxParser(final String saxParser) {
        this.saxParser = saxParser;
    }
--- a/ccm-core/src/main/java/com/arsdigita/xml/formatters/DateFormatterConfig.java
+++ b/ccm-core/src/main/java/com/arsdigita/xml/formatters/DateFormatterConfig.java
@ -36,9 +36,8 @@ public final class DateFormatterConfig {
    private String locale = null;
    public static DateFormatterConfig getConfig() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final ConfigurationManager confManager = CdiUtil.createCdiUtil()
-        final ConfigurationManager confManager = cdiUtil.findBean(
+            .findBean(ConfigurationManager.class);
            ConfigurationManager.class);
        return confManager.findConfiguration(DateFormatterConfig.class);
    }
--- a/ccm-core/src/main/java/org/libreccm/cdi/utils/CdiUtil.java
+++ b/ccm-core/src/main/java/org/libreccm/cdi/utils/CdiUtil.java
@ -28,7 +28,6 @@ import java.util.Set;
 import javax.enterprise.context.spi.CreationalContext;
 import javax.enterprise.inject.spi.Bean;
 import javax.enterprise.inject.spi.BeanManager;
 import javax.enterprise.inject.spi.CDI;
 import javax.naming.InitialContext;
 import javax.naming.NamingException;
@ -42,10 +41,6 @@ public class CdiUtil {
    private final BeanManager beanManager;
    public CdiUtil() {
        beanManager = CDI.current().getBeanManager();
    }
    private CdiUtil(final BeanManager beanManager)  {
        this.beanManager = beanManager;
    }
--- a/ccm-core/src/main/java/org/libreccm/security/Group.java
+++ b/ccm-core/src/main/java/org/libreccm/security/Group.java
@ -21,10 +21,10 @@ package org.libreccm.security;
 import static org.libreccm.core.CoreConstants.*;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.List;
+import java.util.HashSet;
 import java.util.Objects;
 import java.util.Set;
 import javax.persistence.Entity;
 import javax.persistence.NamedQueries;
@ -65,21 +65,21 @@ public class Group extends Party implements Serializable {
    @OneToMany(mappedBy = "group")
    @XmlElementWrapper(name = "group-memberships", namespace = CORE_XML_NS)
    @XmlElement(name = "group-membership", namespace = CORE_XML_NS)
-    private List<GroupMembership> memberships = new ArrayList<>();
+    private Set<GroupMembership> memberships = new HashSet<>();
    protected Group() {
        super();
    }
-    public List<GroupMembership> getMemberships() {
+    public Set<GroupMembership> getMemberships() {
        if (memberships == null) {
            return null;
        } else {
-            return Collections.unmodifiableList(memberships);
+            return Collections.unmodifiableSet(memberships);
        }
    }
-    protected void setMemberships(final List<GroupMembership> memberships) {
+    protected void setMemberships(final Set<GroupMembership> memberships) {
        this.memberships = memberships;
    }
--- a/ccm-core/src/main/java/org/libreccm/security/Party.java
+++ b/ccm-core/src/main/java/org/libreccm/security/Party.java
@ -23,10 +23,10 @@ import static org.libreccm.core.CoreConstants.*;
 import org.libreccm.core.DefaultEntityGraph;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.List;
+import java.util.HashSet;
 import java.util.Objects;
 import java.util.Set;
 import javax.persistence.Column;
 import javax.persistence.Entity;
@ -91,7 +91,7 @@ public class Party implements Serializable {
    @OneToMany(mappedBy = "member")
    @XmlElementWrapper(name = "role-memberships", namespace = CORE_XML_NS)
    @XmlElement(name = "role-membership", namespace = CORE_XML_NS)
-    private List<RoleMembership> roleMemberships = new ArrayList<>();
+    private Set<RoleMembership> roleMemberships = new HashSet<>();
    protected Party() {
        super();
@ -113,15 +113,15 @@ public class Party implements Serializable {
        this.name = name;
    }
-    public List<RoleMembership> getRoleMemberships() {
+    public Set<RoleMembership> getRoleMemberships() {
        if (roleMemberships == null) {
            return null;
        } else {
-            return Collections.unmodifiableList(roleMemberships);
+            return Collections.unmodifiableSet(roleMemberships);
        }
    }
-    protected void setRoleMemberships(final List<RoleMembership> roleMemberships) {
+    protected void setRoleMemberships(final Set<RoleMembership> roleMemberships) {
        this.roleMemberships = roleMemberships;
    }
--- a/ccm-core/src/main/java/org/libreccm/security/Role.java
+++ b/ccm-core/src/main/java/org/libreccm/security/Role.java
@ -26,8 +26,10 @@ import org.libreccm.workflow.TaskAssignment;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Objects;
 import java.util.Set;
 import javax.persistence.Column;
 import javax.persistence.Entity;
@ -83,7 +85,7 @@ public class Role implements Serializable {
    @OneToMany(mappedBy = "role")
    @XmlElementWrapper(name = "role-memberships", namespace = CORE_XML_NS)
    @XmlElement(name = "role-membership", namespace = CORE_XML_NS)
-    private List<RoleMembership> memberships = new ArrayList<>();
+    private Set<RoleMembership> memberships = new HashSet<>();
    /**
     * Permissions granted to the role.
@ -116,15 +118,15 @@ public class Role implements Serializable {
        this.name = name;
    }
-    public List<RoleMembership> getMemberships() {
+    public Set<RoleMembership> getMemberships() {
        if (memberships == null) {
            return null;
        } else {
-            return Collections.unmodifiableList(memberships);
+            return Collections.unmodifiableSet(memberships);
        }
    }
-    protected void setMemberships(final List<RoleMembership> memberships) {
+    protected void setMemberships(final Set<RoleMembership> memberships) {
        this.memberships = memberships;
    }
--- a/ccm-core/src/main/java/org/libreccm/security/SecuredCollection.java
+++ b/ccm-core/src/main/java/org/libreccm/security/SecuredCollection.java
@ -111,9 +111,8 @@ public class SecuredCollection<E extends CcmObject> implements Collection<E> {
    @Override
    @SuppressWarnings("unchecked")
    public Object[] toArray() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final PermissionChecker permissionChecker = CdiUtil.createCdiUtil()
-        final PermissionChecker permissionChecker = cdiUtil.findBean(
+            .findBean(PermissionChecker.class);
            PermissionChecker.class);
        final Object[] objects = collection.toArray();
        for (int i = 0; i < objects.length; i++) {
@ -129,9 +128,8 @@ public class SecuredCollection<E extends CcmObject> implements Collection<E> {
    @Override
    @SuppressWarnings({"unchecked", "PMD.UseVarargs"})
    public <T> T[] toArray(final T[] array) {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final PermissionChecker permissionChecker = CdiUtil.createCdiUtil()
-        final PermissionChecker permissionChecker = cdiUtil.findBean(
+            .findBean(PermissionChecker.class);
            PermissionChecker.class);
        final T[] objects = collection.toArray(array);
        for (int i = 0; i < objects.length; i++) {
--- a/ccm-core/src/main/java/org/libreccm/security/SecuredEntrySet.java
+++ b/ccm-core/src/main/java/org/libreccm/security/SecuredEntrySet.java
@ -90,9 +90,8 @@ class SecuredEntrySet<E extends Map.Entry<K, V>, K, V extends CcmObject>
    @Override
    @SuppressWarnings("unchecked")
    public Object[] toArray() {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final PermissionChecker permissionChecker = CdiUtil.createCdiUtil()
-        final PermissionChecker permissionChecker = cdiUtil.findBean(
+            .findBean(PermissionChecker.class);
                PermissionChecker.class);
        final Object[] entries = set.toArray();
        for (int i = 0; i < entries.length; i++) {
@ -109,9 +108,8 @@ class SecuredEntrySet<E extends Map.Entry<K, V>, K, V extends CcmObject>
    @Override
    @SuppressWarnings({"unchecked", "PMD.UseVarargs"})
    public <T> T[] toArray(final T[] array) {
-        final CdiUtil cdiUtil = new CdiUtil();
+        final PermissionChecker permissionChecker = CdiUtil.createCdiUtil()
-        final PermissionChecker permissionChecker = cdiUtil.findBean(
+            .findBean(PermissionChecker.class);
                PermissionChecker.class);
        final E[] entries = (E[]) set.toArray(array);
        for (int i = 0; i < entries.length; i++) {
--- a/ccm-core/src/main/java/org/libreccm/security/SecuredHelper.java
+++ b/ccm-core/src/main/java/org/libreccm/security/SecuredHelper.java
@ -18,7 +18,6 @@
 */
 package org.libreccm.security;
 import static org.libreccm.core.CoreConstants.*;
 import org.apache.logging.log4j.LogManager;
@ -56,19 +55,20 @@ class SecuredHelper<E extends CcmObject> {
     * object with the provided privilege.
     *
     * @param object The object to check.
     *
     * @return The provided {@code object} if the current subject has the
-     * permission to access it with the provided {@code privilege}. Otherwise a
+     *         permission to access it with the provided {@code privilege}.
-     * placeholder object is returned. The {@link CcmObject#displayName}
+     *         Otherwise a placeholder object is returned. The
-     * property of these object is set to {@code Access denied}.
+     *         {@link CcmObject#displayName} property of these object is set to
     *         {@code Access denied}.
     */
    protected E canAccess(final E object) {
        if (object == null) {
            return null;
        }
-        final CdiUtil cdiUtil = new CdiUtil();
+        final PermissionChecker permissionChecker = CdiUtil.createCdiUtil()
-        final PermissionChecker permissionChecker = cdiUtil.findBean(
+            .findBean(PermissionChecker.class);
                    PermissionChecker.class);
        if (permissionChecker.isPermitted(requiredPrivilege, object)) {
            return object;
@ -81,7 +81,8 @@ class SecuredHelper<E extends CcmObject> {
     * Helper method for creating an <em>Access denied</em> placeholder object.
     *
     * @return An object of the provided {@link #clazz} with it's
-     * {@link CcmObject#displayName} property set to {@code Access denied}.
+     *         {@link CcmObject#displayName} property set to
     *         {@code Access denied}.
     */
    protected E generateAccessDeniedObject() {
        try {
--- a/ccm-core/src/main/java/org/libreccm/security/User.java
+++ b/ccm-core/src/main/java/org/libreccm/security/User.java
@ -26,8 +26,10 @@ import org.libreccm.core.EmailAddress;
 import java.io.Serializable;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Objects;
 import java.util.Set;
 import javax.persistence.AssociationOverride;
 import javax.persistence.CollectionTable;
@ -43,8 +45,8 @@ import javax.persistence.NamedEntityGraph;
 import javax.persistence.NamedEntityGraphs;
 import javax.persistence.NamedQueries;
 import javax.persistence.NamedQuery;
 import javax.persistence.NamedSubgraph;
 import javax.persistence.OneToMany;
 import javax.persistence.OrderColumn;
 import javax.persistence.Table;
 import javax.validation.constraints.NotNull;
 import javax.xml.bind.annotation.XmlElement;
@ -68,12 +70,28 @@ import javax.xml.bind.annotation.XmlTransient;
                            + "u.primaryEmailAddress.address = :emailAddress")
 })
@NamedEntityGraphs({
-    @NamedEntityGraph(name = "User.withGroupAndRoleMemberships",
+    @NamedEntityGraph(
        name = "User.withGroupAndRoleMemberships",
        attributeNodes = {
            @NamedAttributeNode(
                value = "groupMemberships"),
            @NamedAttributeNode(
-                              value = "roleMemberships")})
+                value = "roleMemberships",
                subgraph = "role")},
        subgraphs = {
            @NamedSubgraph(
                name = "role",
                attributeNodes = {
                    @NamedAttributeNode(value = "role",
                                        subgraph = "permissions")
                }),
            @NamedSubgraph(
                name = "permissions",
                attributeNodes = {
                    @NamedAttributeNode(value = "permissions")}
            )
        })
 })
@DefaultEntityGraph("User.withGroupAndRoleMemberships")
@XmlRootElement(name = "user", namespace = CORE_XML_NS)
@ -157,7 +175,7 @@ public class User extends Party implements Serializable {
    @OneToMany(mappedBy = "member")
    @XmlElementWrapper(name = "group-memberships", namespace = CORE_XML_NS)
    @XmlElement(name = "group-membership", namespace = CORE_XML_NS)
-    private List<GroupMembership> groupMemberships = new ArrayList<>();
+    private Set<GroupMembership> groupMemberships = new HashSet<>();
    protected User() {
        super();
@ -232,12 +250,12 @@ public class User extends Party implements Serializable {
        this.passwordResetRequired = passwordResetRequired;
    }
-    public List<GroupMembership> getGroupMemberships() {
+    public Set<GroupMembership> getGroupMemberships() {
-        return Collections.unmodifiableList(groupMemberships);
+        return Collections.unmodifiableSet(groupMemberships);
    }
    protected void setGroupMemberships(
-        final List<GroupMembership> groupMemberships) {
+        final Set<GroupMembership> groupMemberships) {
        this.groupMemberships = groupMemberships;
    }
--- a/ccm-core/src/main/java/org/libreccm/security/UserRepository.java
+++ b/ccm-core/src/main/java/org/libreccm/security/UserRepository.java
@ -23,6 +23,7 @@ import org.libreccm.core.AbstractEntityRepository;
 import java.util.List;
 import java.util.Optional;
 import javax.enterprise.context.ApplicationScoped;
 import javax.enterprise.context.RequestScoped;
 import javax.persistence.EntityGraph;
 import javax.persistence.TypedQuery;