From 1a084ef1ad05d05cdb150d1116b01853f012264e Mon Sep 17 00:00:00 2001
From: Florian Rohr <florian.rohr@haw_hamburg.com>
Date: Sat, 13 Dec 2025 12:37:18 +0100
Subject: [PATCH 1/6] added security_features

---
 securety_api/.env                             |    4 +
 securety_api/pom.xml                          |  113 ++
 securety_api/src/.DS_Store                    |  Bin 0 -> 6148 bytes
 securety_api/src/main/.DS_Store               |  Bin 0 -> 6148 bytes
 securety_api/src/main/java/.DS_Store          |  Bin 0 -> 6148 bytes
 securety_api/src/main/java/com/.DS_Store      |  Bin 0 -> 6148 bytes
 .../SecureUseApiApplication.java              |   11 +
 .../CustomAuthenticationEntryPoint.java       |   22 +
 .../exceptions/CustomExceptionHandler.java    |   36 +
 .../exceptions/ExceptionResponse.java         |   58 +
 .../secure_use_api/exceptions/Exceptions.java |   21 +
 .../secure_use_api/model/ApiTokenModel.java   |   71 +
 .../model/RefreshTokenModel.java              |   50 +
 .../model/UserAdditionsModel.java             |   57 +
 .../secure_use_api/model/UserComposite.java   |   28 +
 .../secure_use_api/model/UserMetaModel.java   |   80 +
 .../model/UserSecurityModel.java              |   65 +
 .../repository/ApiTokenRepository.java        |   18 +
 .../repository/RefreshTokenRepository.java    |   20 +
 .../repository/UserAdditionsRepository.java   |   25 +
 .../repository/UserMetaRepository.java        |   14 +
 .../repository/UserSecurityRepository.java    |   12 +
 .../rest/controller/ApiTokenController.java   |   73 +
 .../controller/AuthenticationController.java  |  132 ++
 .../rest/controller/UserController.java       |   48 +
 .../secure_use_api/rest/dto/IdActionDto.java  |   28 +
 .../rest/dto/RefreshTokenDto.java             |   21 +
 .../rest/dto/ResourceLimitLeftDto.java        |   30 +
 .../secure_use_api/rest/dto/TokensDto.java    |   26 +
 .../secure_use_api/rest/dto/UserLoginDto.java |   33 +
 .../rest/dto/UserRegistrationDto.java         |   28 +
 .../rest/middleware/AuditLogMiddleware.java   |   83 +
 .../middleware/AuthenticationMiddleware.java  |   83 +
 .../middleware/AuthorizationMiddleware.java   |   73 +
 .../ExceptionHandlerMiddleware.java           |   26 +
 .../rest/middleware/RateLimitMiddleware.java  |   45 +
 .../middleware/ResourceLimitMiddleware.java   |   92 +
 .../rest/service/ApiTokenService.java         |   68 +
 .../rest/service/AuthenticationService.java   |   87 +
 .../rest/service/RefreshTokenService.java     |   59 +
 .../rest/service/UserService.java             |   92 +
 .../security/CustomAuthProvider.java          |   71 +
 .../secure_use_api/security/RequireScope.java |   12 +
 .../com/secure_use_api/security/Role.java     |   73 +
 .../security/SecurityConfig.java              |   72 +
 .../security/UserAuthentication.java          |   76 +
 .../security/UserDetailsImpl.java             |   64 +
 .../secure_use_api/security/WebConfig.java    |   43 +
 .../secure_use_api/token/AbstractToken.java   |   12 +
 .../com/secure_use_api/token/AccessToken.java |  133 ++
 .../com/secure_use_api/token/ApiToken.java    |   37 +
 .../com/secure_use_api/token/JwtHandler.java  |   47 +
 .../secure_use_api/token/PasetoHandler.java   |   19 +
 .../secure_use_api/token/RefreshToken.java    |   95 +
 .../token/SimpleTokenStringHandler.java       |    9 +
 .../java/com/secure_use_api/util/Config.java  |   36 +
 .../secure_use_api/util/HibernateUtil.java    |   25 +
 securety_api/src/main/resources/.DS_Store     |  Bin 0 -> 6148 bytes
 .../src/main/resources/application.properties |   11 +
 .../src/main/resources/logback-spring.xml     |   29 +
 .../src/main/resources/templates/hello.html   |   12 +
 securety_api/src/test/.DS_Store               |  Bin 0 -> 8196 bytes
 securety_api/src/test/java/.DS_Store          |  Bin 0 -> 6148 bytes
 securety_api/src/test/java/com/.DS_Store      |  Bin 0 -> 6148 bytes
 .../SecureUseAppiApplicationTests.java        |   13 +
 securety_api/src/test/postman/.DS_Store       |  Bin 0 -> 6148 bytes
 ...Ba.ApiSecurityTest.postman_collection.json | 1551 ++++++++++++++
 ...i.Ba.ApiSecurityTest.postman_test_run.json | 1784 +++++++++++++++++
 securety_api/src/test/resources/.gitkeep      |    0
 69 files changed, 6056 insertions(+)
 create mode 100644 securety_api/.env
 create mode 100644 securety_api/pom.xml
 create mode 100644 securety_api/src/.DS_Store
 create mode 100644 securety_api/src/main/.DS_Store
 create mode 100644 securety_api/src/main/java/.DS_Store
 create mode 100644 securety_api/src/main/java/com/.DS_Store
 create mode 100644 securety_api/src/main/java/com/secure_use_api/SecureUseApiApplication.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/exceptions/CustomAuthenticationEntryPoint.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/exceptions/CustomExceptionHandler.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/exceptions/ExceptionResponse.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/exceptions/Exceptions.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/model/ApiTokenModel.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/model/RefreshTokenModel.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/model/UserAdditionsModel.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/model/UserComposite.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/model/UserMetaModel.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/model/UserSecurityModel.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/repository/ApiTokenRepository.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/repository/RefreshTokenRepository.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/repository/UserAdditionsRepository.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/repository/UserMetaRepository.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/repository/UserSecurityRepository.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/controller/ApiTokenController.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/controller/AuthenticationController.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/controller/UserController.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/dto/IdActionDto.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/dto/RefreshTokenDto.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/dto/ResourceLimitLeftDto.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/dto/TokensDto.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/dto/UserLoginDto.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/dto/UserRegistrationDto.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/middleware/AuditLogMiddleware.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthenticationMiddleware.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthorizationMiddleware.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/middleware/ExceptionHandlerMiddleware.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/middleware/RateLimitMiddleware.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/middleware/ResourceLimitMiddleware.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/service/ApiTokenService.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/service/AuthenticationService.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/service/RefreshTokenService.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/rest/service/UserService.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/security/CustomAuthProvider.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/security/RequireScope.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/security/Role.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/security/SecurityConfig.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/security/UserAuthentication.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/security/UserDetailsImpl.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/security/WebConfig.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/token/AbstractToken.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/token/AccessToken.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/token/ApiToken.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/token/JwtHandler.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/token/PasetoHandler.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/token/RefreshToken.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/token/SimpleTokenStringHandler.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/util/Config.java
 create mode 100644 securety_api/src/main/java/com/secure_use_api/util/HibernateUtil.java
 create mode 100644 securety_api/src/main/resources/.DS_Store
 create mode 100644 securety_api/src/main/resources/application.properties
 create mode 100644 securety_api/src/main/resources/logback-spring.xml
 create mode 100644 securety_api/src/main/resources/templates/hello.html
 create mode 100644 securety_api/src/test/.DS_Store
 create mode 100644 securety_api/src/test/java/.DS_Store
 create mode 100644 securety_api/src/test/java/com/.DS_Store
 create mode 100644 securety_api/src/test/java/com/secure_use_api/SecureUseAppiApplicationTests.java
 create mode 100644 securety_api/src/test/postman/.DS_Store
 create mode 100644 securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_collection.json
 create mode 100644 securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_test_run.json
 create mode 100644 securety_api/src/test/resources/.gitkeep

diff --git a/securety_api/.env b/securety_api/.env
new file mode 100644
index 0000000..5613441
--- /dev/null
+++ b/securety_api/.env
@@ -0,0 +1,4 @@
+SECRET_ACCESS_TOKEN_KEY=AuthSecretKey
+SECRET_REFRESH_TOKEN_KEY=RefreshTokenKey
+RATE_LIMIT_PER_SECOND=1
+RESOURCE_LIMIT_PER_DAY=60
\ No newline at end of file
diff --git a/securety_api/pom.xml b/securety_api/pom.xml
new file mode 100644
index 0000000..2564cec
--- /dev/null
+++ b/securety_api/pom.xml
@@ -0,0 +1,113 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <groupId>com.secure_use_api</groupId>
+    <artifactId>secure_use_api</artifactId>
+    <version>1.0</version>
+    <packaging>jar</packaging>
+
+    <parent>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-starter-parent</artifactId>
+        <version>3.5.5</version>
+    </parent>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <start-class>com.secure_use_api.App</start-class>
+        <java.version>17</java.version>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>de.mkammerer</groupId>
+            <artifactId>argon2-jvm</artifactId>
+            <version>2.7</version>
+        </dependency>
+
+        <!-- H2 Database Dependency (In memory for testing) -->
+        <dependency>
+            <groupId>com.h2database</groupId>
+            <artifactId>h2</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.persistence</groupId>
+            <artifactId>jakarta.persistence-api</artifactId>
+            <version>3.1.0</version>
+        </dependency>
+
+        <!-- RateLimiter -->
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>32.1.3-jre</version>
+        </dependency>
+
+        <!-- JWT Library -->
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>4.2.1</version>
+        </dependency>
+
+        <!-- .env Library -->
+        <dependency>
+            <groupId>io.github.cdimascio</groupId>
+            <artifactId>dotenv-java</artifactId>
+            <version>2.0.0</version>
+        </dependency>
+
+        <!-- json Library -->
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.13.2</version>
+        </dependency>
+    </dependencies>
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.springframework.boot</groupId>
+                <artifactId>spring-boot-maven-plugin</artifactId>
+            </plugin>
+        </plugins>
+    </build>
+
+</project>
\ No newline at end of file
diff --git a/securety_api/src/.DS_Store b/securety_api/src/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..59eccef51c643d253447e0291a58caabc1ee894c
GIT binary patch
literal 6148
zcmeHK%}*0S6n|5yY(ebGhkRVzq%rY8v;y)G4z2}5h*1b72m!3S?NB#tcbeTT6$nW$
zUi9Q2;2+@0oAH0}ZsNs@R}UV&>6?!NEqXFhW9B6@zc=sAd$aSK*_|B#Ah}xUCV&Y5
z1{RLVF06hc+|SDyNhk|<5}sqxXGPa%F1C3>Et&z%z`xA^e|M8m0S7z?+TPzg=)3-1
zh?vB2KerxL)qDQVt@>URXR{wjq9b|ke5cWAbQ|0GC#;^2owyd|oN$x3RvGi%rtY|F
z9<3M5{y7%Jju+5S1b8KiUA7*2L5bCKtQM3a5u29|BW0ut=Fs8ct?9{8YkYd<Xw*8K
z8Ox4Z6XTOdM=4_<b7OX;u<KU>_FU3V@Vg|WM`06QpmIE)y?hw>EGVOm_fJ9$6e5Th
zR+h81C=P|~0diD9`ze1LUvJRY%9qOXxA~fwLXO79r+%9+H6O3Ir`Df5Yp(yN=K80)
zx-axxOq-X|z3INb{sD7vXt-eZxlVDn9P%}tV?GOWevKB)bc8!&vB-kuknZ7*SdZz`
zIPV>xtG6v+g_a(jm{#|z*r)%*Ad)VGlm?sS&?_zN>_jwPKc#PMiLqi@Sqyd<=I7%r
zRb!6@(HadS#BJYkslOEDSRAv;h7*QPP^P*4bq}AAKb1(AuR299C}(be#pOmxW$bHG
zGa(}tJTFa>S`C~E&DhJ*ma*?CrvX=C7Vg6u?7{)Ogjety-oktM2%q5#d?SP;NH^&r
zm&qU*CL`nuQTY?i%{<Z^Mk2w3{AAO%ZRXalEiIMK=x(v<hGsxBpc#;7p@l^7?}V+e
zAyIrfuo71Q#3Y)9pe}y>5iM>&v=ufaq6LM>P(&F@)D?rMn*)*I=(kn>hC~?-M2w7i
z)X0SY$e<8)@gNp&VcQm<E6sprppAhJ**5w4e;423U)=xOqI6R;pc(j|7$C{{{Co~)
zq|VkebK_^Nh2=38F1%kuq6ooC9mhi9NAVCAA?UNXf@mvjNJI;Y{t*x~=t?v2M;Z75
DjiV0>

literal 0
HcmV?d00001

diff --git a/securety_api/src/main/.DS_Store b/securety_api/src/main/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..ad59c1c3ddc5d140a74089475f0db205d7db3353
GIT binary patch
literal 6148
zcmeHK&o2W(6n?{EOC&vzIBw$FP`?`DvWkPN6%I)4YQwU2q}%GDX|iYj7*~IZe~0hQ
z458{sXyzqvzBg~)o89@6`SFNIRNM6>q9PHwP)27G%>dzX)-N(*JmWyYbL=JZJW6DQ
zK2K=HGGH0_+YIpDb?Ayhx}&gf|88My;YEpB#Cu%S$!^U)e~NCCIBS*5&thcM85^H)
zC)_FbG`N(VpcS^-Sv71PbMHXPBzm*M=rC?{YQ>ptnYO|>Z8TLvTyG%c<S0(-vQw4q
zw4SNlKo7VDw@@q2b-Qcpm6ErzzR@dr-HqjP$y;5i^m+w%c7AblzjmG6r1D<VE^sa>
znKt+a4=~=>a~CwzM5Y(;aeRTA)S!$cwPBsJ-N(!$qCPS+AY({48nCiHwm^lIf60K^
z8}8J<{CoS;mI2GaPcp#gg9l~w4dxov(Sb&l06+(BC9u`gALy|I=o`#6!UGXH6{u5%
zDKUhp9E48CxNqWfjXIr#`ZDG*Ulyi95vK4Eo(d=7YqYIpz%uZefl=Kp^8LU2ef|GA
z$@VM*mVu#SKsY<WP8CZsck7qM@m=dd&!8+EmuplhXv}r248Drzph__2u>tfA<{IIF
P*oT0k!8VqGUuEDGBA=rl

literal 0
HcmV?d00001

diff --git a/securety_api/src/main/java/.DS_Store b/securety_api/src/main/java/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..2120347adc86205738e61cb8696666c669928448
GIT binary patch
literal 6148
zcmeHK!AiqG5Z!I7O(;SS3OxqA7OhrGi<cPd!K)EHsMMq>8ceg&q~=fxIqMJkCH{`i
z>~4foy?78TGcfx$vojm!ZP>{$#<(*L_86-(#tcxzk_p2%g6pVDQqq<(Ajdt#(2s-<
zPq-b)e_#O5uFQr^u<=>6aDK<IvhyKDCZfIkEP2wW{N_JJVUo65@4Qs5tgTm#s!=m;
z-3O7msh3U@$D3T^(}fU`U(7xKG8|=t`sRs<Q!k816B!T&BXGI73gbXzj+n+lB4b^(
zV3>wEs5fS_!)~W(wY$A})0*}6TTSbr-I>o#V{3c&=zQ=Pjbrhmi0AN4O4-m@z$;92
zHqY)PjzoM9mcqO6A|wWg0b*cv8PGSLQCr;<DKlb#82BXvct2R6h_=RDp}aa^kSzdU
z1<X=lE`R<3Ei?ey8gqqU0pThXP=#{cVsPC%a1{>gw)W2zs&K~Tn_(aQX0AIFu3Hao
zNq5F=g)|Za#K0m0*!zLhvHqX_-2Y1_8i)a6U^N-wmA>0|AU9oGm$JlKYk}T@qM%={
m@GAr+vJ`_amf{Ae6tG)30kk#d3c&(GKLU~l8i;{EW#AL?j#AwK

literal 0
HcmV?d00001

diff --git a/securety_api/src/main/java/com/.DS_Store b/securety_api/src/main/java/com/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..6be1c0d5bbbc408f205de4056d5e5bbbb8784026
GIT binary patch
literal 6148
zcmeHK!A{#i5S<MvI6|#*0Ey#DTq8(Ji$GjVfCE>I%7IqKCQ)l)yiuHxLlntp_#wW8
z-+?!~8$?A*Z!N9nNwaUfJF~XmTDu-1Qk_xvJyDa00vL0xf#xURakgiu`JOqjvU3cm
zM=_141PlHJ1$gb=+4VZdx;<ULm=fw!c9@&<G&d>Y_#@ect=(I|`%P{-F8e<BHtpwG
zIc&G@RBf*QW_}@92o{5{(RVYBhRJYLc9Ov<UmY8hr!zlEKWDvh++5l-#W2Z=-oPeg
z-5x@|oMc7Uj5}sjbW58Xxq+Y&G~(vUWb$civ!yq-wx=yU+5XUO>5m(m(`h4EUR~cg
ziZAlZ!d%<8AcgPO;;rWy-N1QKpQ~t4<fizBxY-=DTwzf_6c7bos{($%3Kn1M1IlxW
z0;0fQQ-Jpe4Py>HSB~x0fyR~q;5xc3;PY=H=V;HN=gKig0OeA_E>-ywL%DSHYabVS
zt{l5`Qoi_5{?5u*D9YX)^J^PUDs(KZC?E>_r~ub~K$Fk^gJ0MGHb@##Kos~t6;Sp4
zXupGZ^JnX`x8$={!_Hs~j;kC$rogdBF=F{BUV&MlU$X-aJy(v=1IUknl|dR&;EyWs
E0A$r*rvLx|

literal 0
HcmV?d00001

diff --git a/securety_api/src/main/java/com/secure_use_api/SecureUseApiApplication.java b/securety_api/src/main/java/com/secure_use_api/SecureUseApiApplication.java
new file mode 100644
index 0000000..734c39e
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/SecureUseApiApplication.java
@@ -0,0 +1,11 @@
+package com.secure_use_api;
+
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+
+@SpringBootApplication
+public class SecureUseApiApplication {
+	public static void main(String[] args) {
+		SpringApplication.run(SecureUseApiApplication.class, args);
+	}
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/exceptions/CustomAuthenticationEntryPoint.java b/securety_api/src/main/java/com/secure_use_api/exceptions/CustomAuthenticationEntryPoint.java
new file mode 100644
index 0000000..a7ea4e2
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/exceptions/CustomAuthenticationEntryPoint.java
@@ -0,0 +1,22 @@
+package com.secure_use_api.exceptions;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.stereotype.Component;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+@Component
+public class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+    @Override
+    public void commence(HttpServletRequest request, HttpServletResponse response,
+                         AuthenticationException authException) throws IOException {
+
+        ExceptionResponse exceptionResponse = new ExceptionResponse(HttpStatus.UNAUTHORIZED, null, "");
+
+        exceptionResponse.writeToResponse(response, request);
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/exceptions/CustomExceptionHandler.java b/securety_api/src/main/java/com/secure_use_api/exceptions/CustomExceptionHandler.java
new file mode 100644
index 0000000..5e8791c
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/exceptions/CustomExceptionHandler.java
@@ -0,0 +1,36 @@
+package com.secure_use_api.exceptions;
+
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.HttpStatusCode;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.MethodArgumentNotValidException;
+import org.springframework.web.bind.annotation.ControllerAdvice;
+import org.springframework.web.context.request.WebRequest;
+import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
+
+import java.util.HashMap;
+import java.util.Map;
+
+@ControllerAdvice
+public class CustomExceptionHandler extends ResponseEntityExceptionHandler {
+
+        @Override
+        protected ResponseEntity<Object> handleMethodArgumentNotValid(MethodArgumentNotValidException ex,
+                        HttpHeaders headers, HttpStatusCode status, WebRequest request) {
+
+                Map<String, String> errors = new HashMap<>();
+
+                ex.getBindingResult().getFieldErrors()
+                                .forEach(error -> errors.put(error.getField(), error.getDefaultMessage()));
+
+                ExceptionResponse exceptionResponse = new ExceptionResponse(HttpStatus.BAD_REQUEST, errors,
+                                request.getDescription(false));
+
+                System.out.println(exceptionResponse);
+
+                // Using ExceptionResponseRecord here because else the whole stack trace of parent class RuntimeError is included which would give a tone of server information to the client
+                return new ResponseEntity<>(exceptionResponse.toExceptionResponseRecord(),
+                                exceptionResponse.getHttpStatus());
+        }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/exceptions/ExceptionResponse.java b/securety_api/src/main/java/com/secure_use_api/exceptions/ExceptionResponse.java
new file mode 100644
index 0000000..c1642f9
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/exceptions/ExceptionResponse.java
@@ -0,0 +1,58 @@
+package com.secure_use_api.exceptions;
+
+import java.io.IOException;
+import java.time.Instant;
+import org.springframework.http.HttpStatus;
+
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+
+public class ExceptionResponse extends RuntimeException {
+
+    public record ExceptionResponseRecord(Instant timestamp, String title, int code, Object message, String details) {
+    }
+
+    private final Instant timestamp;
+    private final String title;
+    private final int code;
+    private final Object message;
+    private final String details;
+
+    public ExceptionResponse(Instant timestamp, String title, int code, Object message, String details) {
+        this.timestamp = timestamp;
+        this.title = title;
+        this.code = code;
+        this.message = message;
+        this.details = details;
+    }
+
+    public ExceptionResponse(HttpStatus httpStatus, Object message, String details) {
+        this.timestamp = Instant.now();
+        this.title = httpStatus.getReasonPhrase();
+        this.code = httpStatus.value();
+        this.message = message;
+        this.details = details;
+    }
+
+    public HttpStatus getHttpStatus() {
+        return HttpStatus.valueOf(this.code);
+    }
+
+    public void writeToResponse(HttpServletResponse response, HttpServletRequest request) throws IOException {
+        response.setStatus(this.code);
+
+        response.setHeader("content-type", "application/problem+json");
+
+        response.getWriter().write(String.format(
+                "{\"timestamp\": \"%s\", \"title\": \"%s\", \"code\": %d, \"message\":\"%s\", \"details\": \"%s\"}",
+                this.timestamp, this.title, this.code,
+                this.message, this.details));
+
+        response.getWriter().flush();
+    }
+
+    public ExceptionResponseRecord toExceptionResponseRecord() {
+        return new ExceptionResponseRecord(this.timestamp, this.title, this.code, this.message, this.details);
+    }
+
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/exceptions/Exceptions.java b/securety_api/src/main/java/com/secure_use_api/exceptions/Exceptions.java
new file mode 100644
index 0000000..131a04a
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/exceptions/Exceptions.java
@@ -0,0 +1,21 @@
+package com.secure_use_api.exceptions;
+
+public class Exceptions {
+    public static class UserAlreadyExists extends RuntimeException {
+        public UserAlreadyExists(String message) {
+            super(message);
+        }
+    }
+
+    public static class InvalidException extends RuntimeException {
+        public InvalidException(String message) {
+            super(message);
+        }
+    }
+
+    public static class ExpiredException extends RuntimeException {
+        public ExpiredException(String message) {
+            super(message);
+        }
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/model/ApiTokenModel.java b/securety_api/src/main/java/com/secure_use_api/model/ApiTokenModel.java
new file mode 100644
index 0000000..f53d506
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/model/ApiTokenModel.java
@@ -0,0 +1,71 @@
+package com.secure_use_api.model;
+
+import java.sql.Timestamp;
+import java.util.UUID;
+
+import org.hibernate.annotations.CreationTimestamp;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.Lob;
+import jakarta.persistence.ManyToOne;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "ApiToken")
+public class ApiTokenModel {
+
+    @Id
+    private UUID uid;
+
+    @Lob // Allow larger text storage
+    @Column(nullable = false)
+    private String token;
+
+    @Column(nullable = false)
+    private UUID owner;
+
+    @CreationTimestamp
+    private Timestamp createdAt;
+
+    @ManyToOne
+    @JoinColumn(name = "owner", insertable = false, updatable = false)
+    private UserAdditionsModel userAdditions;
+
+    public ApiTokenModel() {
+    }
+
+    public UUID getUid() {
+        return this.uid;
+    }
+
+    public String getToken() {
+        return this.token;
+    }
+
+    public UUID getOwner() {
+        return this.owner;
+    }
+
+    public Timestamp getCreatedAt() {
+        return this.createdAt;
+    }
+
+    public void setUid(UUID uid) {
+        this.uid = uid;
+    }
+
+    public void setToken(String token) {
+        this.token = token;
+    }
+
+    public void setOwner(UUID ownerId) {
+        this.owner = ownerId;
+    }
+
+    public void setCreatedAt(Timestamp createdAt) {
+        this.createdAt = createdAt;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/model/RefreshTokenModel.java b/securety_api/src/main/java/com/secure_use_api/model/RefreshTokenModel.java
new file mode 100644
index 0000000..e6769c2
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/model/RefreshTokenModel.java
@@ -0,0 +1,50 @@
+package com.secure_use_api.model;
+
+import java.sql.Timestamp;
+import java.util.UUID;
+
+import jakarta.persistence.Column;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "RefreshToken")
+public class RefreshTokenModel {
+
+    @Id
+    private UUID uid;
+
+    @Column(nullable = false, unique = true)
+    private UUID spouseId;
+
+    @Column(nullable = false)
+    private Timestamp expireAt;
+
+    public RefreshTokenModel() {
+    }
+
+    public UUID getUid() {
+        return this.uid;
+    }
+
+    public UUID getSpouseId() {
+        return this.spouseId;
+    }
+
+    public Timestamp getExpireAt() {
+        return this.expireAt;
+    }
+
+    public void setUid(UUID uid) {
+        this.uid = uid;
+    }
+
+    public void setSpouse(UUID spouseId) {
+        this.spouseId = spouseId;
+    }
+
+    public void setExpireAt(Timestamp expireAt) {
+        this.expireAt = expireAt;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/model/UserAdditionsModel.java b/securety_api/src/main/java/com/secure_use_api/model/UserAdditionsModel.java
new file mode 100644
index 0000000..5b52d04
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/model/UserAdditionsModel.java
@@ -0,0 +1,57 @@
+package com.secure_use_api.model;
+
+import java.sql.Timestamp;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.MapsId;
+import jakarta.persistence.OneToMany;
+import jakarta.persistence.OneToOne;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "UserAdditions")
+public class UserAdditionsModel {
+    @Id
+    private UUID userId;
+
+    @OneToOne
+    @MapsId
+    @JoinColumn(name = "userId")
+    private UserMetaModel userMeta;
+
+    @OneToMany(mappedBy = "owner", cascade = CascadeType.ALL)
+    private List<ApiTokenModel> items = new ArrayList<ApiTokenModel>();
+
+    private int resourceTimeUsed;
+
+    private Timestamp resourceTimeUsedLastChangedAt;
+
+    public UserAdditionsModel() {
+    }
+
+    public int getResourceLimitUsed() {
+        return this.resourceTimeUsed;
+    }
+
+    public Timestamp getResourceTimeUsedLastChangedAt() {
+        return this.resourceTimeUsedLastChangedAt;
+    }
+
+    public void setUserId(UUID userId) {
+        this.userId = userId;
+    }
+
+    public void setResourceLimitUsed(int resourceTimeUsed) {
+        this.resourceTimeUsed = resourceTimeUsed;
+    }
+
+    public void setUserMeta(UserMetaModel userMetaModel) {
+        this.userMeta = userMetaModel;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/model/UserComposite.java b/securety_api/src/main/java/com/secure_use_api/model/UserComposite.java
new file mode 100644
index 0000000..4390428
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/model/UserComposite.java
@@ -0,0 +1,28 @@
+package com.secure_use_api.model;
+
+public class UserComposite {
+    private UserMetaModel userMeta;
+    private UserSecurityModel userSecurity;
+
+    public UserComposite(UserMetaModel userMeta, UserSecurityModel userSecurity) {
+        this.userMeta = userMeta;
+        this.userSecurity = userSecurity;
+    }
+
+    // Getters and Setters
+    public UserMetaModel getUserMeta() {
+        return userMeta;
+    }
+
+    public void setUserMeta(UserMetaModel userMeta) {
+        this.userMeta = userMeta;
+    }
+
+    public UserSecurityModel getUserSecurity() {
+        return userSecurity;
+    }
+
+    public void setUserSecurity(UserSecurityModel userSecurity) {
+        this.userSecurity = userSecurity;
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/model/UserMetaModel.java b/securety_api/src/main/java/com/secure_use_api/model/UserMetaModel.java
new file mode 100644
index 0000000..9a47cde
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/model/UserMetaModel.java
@@ -0,0 +1,80 @@
+package com.secure_use_api.model;
+
+import java.sql.Timestamp;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.UUID;
+
+import org.hibernate.annotations.CreationTimestamp;
+import org.hibernate.annotations.UpdateTimestamp;
+
+import jakarta.persistence.CascadeType;
+import jakarta.persistence.Column;
+import jakarta.persistence.ElementCollection;
+import jakarta.persistence.Entity;
+import jakarta.persistence.GeneratedValue;
+import jakarta.persistence.Id;
+import jakarta.persistence.OneToOne;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "UserMeta")
+public class UserMetaModel {
+
+    @Id
+    @GeneratedValue
+    private UUID userId;
+
+    @Column(nullable = false, unique = true)
+    private String email;
+
+    private String provider;
+
+    private String externalId;
+
+    @ElementCollection
+    private List<String> roles = new ArrayList<>();
+
+    @CreationTimestamp
+    private Timestamp createdAt;
+
+    @UpdateTimestamp
+    private Timestamp lastChangedAt;
+
+    @OneToOne(mappedBy = "userMeta", cascade = CascadeType.ALL)
+    private UserSecurityModel userSecurityModel;
+
+    @OneToOne(mappedBy = "userMeta", cascade = CascadeType.ALL)
+    private UserAdditionsModel userAdditionsModel;
+
+    public UserMetaModel() {
+    }
+
+    public UUID getUserId() {
+        return this.userId;
+    }
+
+    public String getEmail() {
+        return this.email;
+    }
+
+    public String getProvider() {
+        return this.provider;
+    }
+
+    public String getExternalId() {
+        return this.externalId;
+    }
+
+    public List<String> getRoles() {
+        return this.roles;
+    }
+
+    public void setEmail(String email) {
+        this.email = email;
+    }
+
+    public void setRoles(ArrayList<String> roles) {
+        this.roles = roles;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/model/UserSecurityModel.java b/securety_api/src/main/java/com/secure_use_api/model/UserSecurityModel.java
new file mode 100644
index 0000000..271d735
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/model/UserSecurityModel.java
@@ -0,0 +1,65 @@
+package com.secure_use_api.model;
+
+import java.sql.Timestamp;
+import java.util.UUID;
+
+import jakarta.persistence.Entity;
+import jakarta.persistence.Id;
+import jakarta.persistence.JoinColumn;
+import jakarta.persistence.MapsId;
+import jakarta.persistence.OneToOne;
+import jakarta.persistence.Table;
+
+@Entity
+@Table(name = "UserSecurity")
+public class UserSecurityModel {
+
+    @Id
+    private UUID userId;
+
+    @OneToOne
+    @MapsId
+    @JoinColumn(name = "UserId")
+    private UserMetaModel userMeta;
+
+    private String hashedSaltedPassword;
+
+    private int failedLogInAttempts;
+
+    private Timestamp LastLogInAt;
+
+    public UserSecurityModel() {
+    }
+
+    public String getPassword() {
+        return this.hashedSaltedPassword;
+    }
+
+    public int getFailedLogInAttempts() {
+        return this.failedLogInAttempts;
+    }
+
+    public Timestamp getLastLogInAt() {
+        return this.LastLogInAt;
+    }
+
+    public void setUserId(UUID userId) {
+        this.userId = userId;
+    }
+
+    public void setUserMeta(UserMetaModel userMeta) {
+        this.userMeta = userMeta;
+    }
+
+    public void setPassword(String password) {
+        this.hashedSaltedPassword = password;
+    }
+
+    public void setFailedLogInAttempts(int failedLogInAttempt) {
+        this.failedLogInAttempts = failedLogInAttempt;
+    }
+
+    public void setLastLogInAt(Timestamp lastLogInAt) {
+        this.LastLogInAt = lastLogInAt;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/ApiTokenRepository.java b/securety_api/src/main/java/com/secure_use_api/repository/ApiTokenRepository.java
new file mode 100644
index 0000000..5af86d4
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/repository/ApiTokenRepository.java
@@ -0,0 +1,18 @@
+package com.secure_use_api.repository;
+
+import java.util.List;
+import java.util.UUID;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import com.secure_use_api.model.ApiTokenModel;
+
+@Repository
+public interface ApiTokenRepository extends JpaRepository<ApiTokenModel, UUID> {
+    List<ApiTokenModel> findByOwner(UUID ownerId);
+
+    int deleteByUidAndOwner(UUID uid, UUID owner);
+
+    ApiTokenModel findByUidAndOwner(UUID uid, UUID ownerId);
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/RefreshTokenRepository.java b/securety_api/src/main/java/com/secure_use_api/repository/RefreshTokenRepository.java
new file mode 100644
index 0000000..773759b
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/repository/RefreshTokenRepository.java
@@ -0,0 +1,20 @@
+package com.secure_use_api.repository;
+
+import java.util.Date;
+import java.util.UUID;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.stereotype.Repository;
+
+import jakarta.transaction.Transactional;
+import com.secure_use_api.model.RefreshTokenModel;
+
+@Repository
+public interface RefreshTokenRepository extends JpaRepository<RefreshTokenModel, UUID> {
+    @Transactional
+    @Modifying
+    @Query(value = "DELETE FROM REFRESH_TOKEN r WHERE r.uid=?1 AND r.spouse_id=?2 AND r.expire_at>?3", nativeQuery = true)
+    int deleteExpiredToken(UUID uid, UUID spouseId, Date currentTime);
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/UserAdditionsRepository.java b/securety_api/src/main/java/com/secure_use_api/repository/UserAdditionsRepository.java
new file mode 100644
index 0000000..9148ef5
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/repository/UserAdditionsRepository.java
@@ -0,0 +1,25 @@
+package com.secure_use_api.repository;
+
+import java.sql.Timestamp;
+import java.util.UUID;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.data.jpa.repository.Modifying;
+import org.springframework.data.jpa.repository.Query;
+import org.springframework.stereotype.Repository;
+
+import jakarta.transaction.Transactional;
+import com.secure_use_api.model.UserAdditionsModel;
+
+@Repository
+public interface UserAdditionsRepository extends JpaRepository<UserAdditionsModel, UUID> {
+    @Transactional
+    @Query(value = "SELECT * FROM USER_ADDITIONS u WHERE u.user_id=?1 AND u.resource_time_used_last_changed_at BETWEEN ?2 AND ?3", nativeQuery = true)
+    UserAdditionsModel findByUidAndToday(UUID uid, Timestamp todayStart, Timestamp todayEnd);
+
+    @Transactional
+    @Modifying
+    @Query(value = "UPDATE USER_ADDITIONS u SET u.resource_time_used=?2, u.resource_time_used_last_changed_at=?3 WHERE u.user_id=?1", nativeQuery = true)
+    int UpdateResourceTimeUsedAndLastChangedAtByUid(UUID uid, long resourceTimeUsed,
+            Timestamp resourceTimeUsedLTimestamp);
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/UserMetaRepository.java b/securety_api/src/main/java/com/secure_use_api/repository/UserMetaRepository.java
new file mode 100644
index 0000000..e383777
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/repository/UserMetaRepository.java
@@ -0,0 +1,14 @@
+package com.secure_use_api.repository;
+
+import java.util.Optional;
+import java.util.UUID;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import com.secure_use_api.model.UserMetaModel;
+
+@Repository
+public interface UserMetaRepository extends JpaRepository<UserMetaModel, UUID> {
+    Optional<UserMetaModel> findByEmail(String email);
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/UserSecurityRepository.java b/securety_api/src/main/java/com/secure_use_api/repository/UserSecurityRepository.java
new file mode 100644
index 0000000..5eda66c
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/repository/UserSecurityRepository.java
@@ -0,0 +1,12 @@
+package com.secure_use_api.repository;
+
+import java.util.UUID;
+
+import org.springframework.data.jpa.repository.JpaRepository;
+import org.springframework.stereotype.Repository;
+
+import com.secure_use_api.model.UserSecurityModel;
+
+@Repository
+public interface UserSecurityRepository extends JpaRepository<UserSecurityModel, UUID> {
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/controller/ApiTokenController.java b/securety_api/src/main/java/com/secure_use_api/rest/controller/ApiTokenController.java
new file mode 100644
index 0000000..f0d108b
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/controller/ApiTokenController.java
@@ -0,0 +1,73 @@
+package com.secure_use_api.rest.controller;
+
+import java.util.List;
+import java.util.UUID;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
+
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import com.secure_use_api.exceptions.Exceptions.UserAlreadyExists;
+import com.secure_use_api.rest.dto.TokensDto;
+import com.secure_use_api.rest.dto.IdActionDto;
+import com.secure_use_api.rest.service.ApiTokenService;
+import com.secure_use_api.security.RequireScope;
+import com.secure_use_api.security.UserAuthentication;
+import com.secure_use_api.token.ApiToken;
+
+@RestController
+@RequestMapping("api")
+public class ApiTokenController {
+
+    @Autowired
+    private ApiTokenService service;
+
+    @GetMapping(path = "getAll")
+    @RequireScope({ "authenticated", "token:read" })
+    public ResponseEntity<List<String>> getAll() {
+        UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext().getAuthentication();
+
+        try {
+            List<String> apiTokenList = this.service.getAllAsStrings(user.getUserId());
+
+            return ResponseEntity.ok(apiTokenList);
+        } catch (UserAlreadyExists err) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
+        }
+    }
+
+    @PostMapping(path = "create", produces = MediaType.APPLICATION_JSON_VALUE)
+    @RequireScope({ "authenticated", "token:create" })
+    public ResponseEntity<TokensDto> create() {
+        UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext().getAuthentication();
+
+        try {
+            ApiToken apiToken = this.service.create(user.getUserId(), user.getName());
+
+            return ResponseEntity.ok(new TokensDto(apiToken.toTokenString(), null));
+        } catch (UserAlreadyExists err) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
+        }
+    }
+
+    @DeleteMapping(path = "delete/{apiTokenId}")
+    @RequireScope({ "authenticated", "token:delete" })
+    public ResponseEntity<IdActionDto> delete(@PathVariable UUID apiTokenId) {
+        UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext().getAuthentication();
+
+        int deleteCount = this.service.delete(apiTokenId, user.getUserId());
+
+        if (deleteCount != 0) {
+            return ResponseEntity.ok(new IdActionDto(apiTokenId, "TokenDeleted"));
+        }
+
+        // This can be happen when there is not token with the given id or it is not
+        // owned by the user
+        throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "No Token deleted");
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/controller/AuthenticationController.java b/securety_api/src/main/java/com/secure_use_api/rest/controller/AuthenticationController.java
new file mode 100644
index 0000000..120161a
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/controller/AuthenticationController.java
@@ -0,0 +1,132 @@
+package com.secure_use_api.rest.controller;
+
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.stream.Collectors;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.server.ResponseStatusException;
+
+import com.auth0.jwt.exceptions.JWTVerificationException;
+
+import jakarta.transaction.Transactional;
+import jakarta.validation.Valid;
+
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import com.secure_use_api.exceptions.Exceptions.ExpiredException;
+import com.secure_use_api.exceptions.Exceptions.InvalidException;
+import com.secure_use_api.exceptions.Exceptions.UserAlreadyExists;
+import com.secure_use_api.rest.dto.TokensDto;
+import com.secure_use_api.rest.dto.IdActionDto;
+import com.secure_use_api.rest.dto.RefreshTokenDto;
+import com.secure_use_api.rest.dto.UserLoginDto;
+import com.secure_use_api.rest.dto.UserRegistrationDto;
+import com.secure_use_api.rest.service.RefreshTokenService;
+import com.secure_use_api.rest.service.UserService;
+import com.secure_use_api.rest.service.AuthenticationService;
+import com.secure_use_api.security.RequireScope;
+import com.secure_use_api.security.Role;
+import com.secure_use_api.security.UserAuthentication;
+import com.secure_use_api.token.AccessToken;
+import com.secure_use_api.token.RefreshToken;
+
+@RestController
+@RequestMapping("auth")
+public class AuthenticationController {
+
+    @Autowired
+    private AuthenticationService authService;
+
+    @Autowired
+    private UserService userService;
+
+    @Autowired
+    private RefreshTokenService refreshTokenService;
+
+    @GetMapping({ "", "/" })
+    @RequireScope({ "authenticated", "account:read" })
+    String home() {
+        UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext().getAuthentication();
+        List<Role> roles = user.getAuthorities().stream()
+                .filter(authority -> authority instanceof Role) // Filter to ensure it's a Role
+                .map(authority -> (Role) authority) // Cast to Role
+                .collect(Collectors.toList()); // Collect to List<Role>
+
+        return "Hello World! with " + roles.toString();
+    }
+
+    @Transactional
+    @PostMapping(path = "register", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
+    public ResponseEntity<IdActionDto> register(@RequestBody @Valid UserRegistrationDto registrationDto) {
+
+        try {
+            UUID userId = this.authService.register(registrationDto.getEmail(), registrationDto.getPassword());
+
+            this.userService.createUserAdditions(userId);
+
+            return ResponseEntity.ok(new IdActionDto(userId, "UserCreated"));
+        } catch (UserAlreadyExists err) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
+        }
+    }
+
+    @PostMapping(path = "login", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
+    public ResponseEntity<TokensDto> login(@RequestBody @Valid UserLoginDto loginRequest) {
+        try {
+            AccessToken accessToken = this.authService.login(loginRequest.getEmail(), loginRequest.getPassword());
+            RefreshToken refreshToken = refreshTokenService.create(accessToken);
+
+            System.out.println(accessToken);
+            System.out.println("lbub");
+
+            return ResponseEntity.ok(new TokensDto(accessToken.toTokenString(), refreshToken.toTokenString()));
+        } catch (AuthenticationException err) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
+        }
+    }
+
+    @PutMapping(path = "login", consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE)
+    public ResponseEntity<TokensDto> refresh(
+            @RequestHeader(value = "Authorization", required = false) String authorizationHeader,
+            @RequestBody @Valid RefreshTokenDto refreshTokenRequest) {
+        try {
+            if (authorizationHeader == null || !authorizationHeader.startsWith("Bearer ")) {
+                throw new ResponseStatusException(HttpStatus.BAD_REQUEST, "Missing Authorization Bearer Token");
+            }
+
+            Optional<AccessToken> accessToken = AccessToken.fromTokenString(authorizationHeader.substring(7));
+            Optional<RefreshToken> refreshToken = RefreshToken.fromTokenString(refreshTokenRequest.getRefreshToken());
+
+            if (!accessToken.isPresent()) {
+                throw new InvalidException("Authorization Header does not contain a Valid AccessToken");
+            } else if (!refreshToken.isPresent()) {
+                throw new InvalidException("RefreshToken is not a Valid Token");
+            }
+
+            AccessToken newAccessToken = refreshTokenService.devaluate(refreshToken.get(), accessToken.get());
+            RefreshToken newRefreshToken = refreshTokenService.create(newAccessToken);
+
+            return ResponseEntity.ok(new TokensDto(newAccessToken.toTokenString(), newRefreshToken.toTokenString()));
+        } catch (JWTVerificationException | ExpiredException | InvalidException | IllegalArgumentException
+                | AuthenticationException err) {
+            throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
+        }
+    }
+
+    @DeleteMapping(path = "delete")
+    @RequireScope({ "authenticated", "account:delete" })
+    public ResponseEntity<IdActionDto> delete() {
+        UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext().getAuthentication();
+
+        this.authService.delete(user.getUserId());
+
+        return ResponseEntity.ok(new IdActionDto(user.getUserId(), "UserDeleted"));
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/controller/UserController.java b/securety_api/src/main/java/com/secure_use_api/rest/controller/UserController.java
new file mode 100644
index 0000000..e400569
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/controller/UserController.java
@@ -0,0 +1,48 @@
+package com.secure_use_api.rest.controller;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+import jakarta.transaction.Transactional;
+
+import org.springframework.security.core.context.SecurityContextHolder;
+
+import com.secure_use_api.rest.dto.ResourceLimitLeftDto;
+import com.secure_use_api.rest.middleware.ResourceLimitMiddleware.ResourceLimited;
+import com.secure_use_api.rest.service.UserService;
+import com.secure_use_api.security.RequireScope;
+import com.secure_use_api.security.UserAuthentication;
+
+@RestController
+@RequestMapping("user")
+public class UserController {
+
+    @Autowired
+    private UserService userService;
+
+    @GetMapping(path = "longRun")
+    @ResourceLimited
+    public ResponseEntity<String> longRunningTask() {
+        try {
+            // Simulate a long-running task (e.g., 20 seconds)
+            Thread.sleep(20000);
+        } catch (InterruptedException e) {
+            Thread.currentThread().interrupt();
+            // Handle the interruption
+        }
+
+        return ResponseEntity.ok("Finished");
+    }
+
+    @Transactional
+    @GetMapping(path = "resourceLimit")
+    @RequireScope({ "authenticated", "account:read" })
+    public ResponseEntity<ResourceLimitLeftDto> getResourceLimitLeft() {
+        UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext().getAuthentication();
+
+        long resourceLimit = userService.getResourceLimitLeft(user.getUserId());
+
+        return ResponseEntity.ok(new ResourceLimitLeftDto(resourceLimit, "seconds"));
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/IdActionDto.java b/securety_api/src/main/java/com/secure_use_api/rest/dto/IdActionDto.java
new file mode 100644
index 0000000..09148f4
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/dto/IdActionDto.java
@@ -0,0 +1,28 @@
+package com.secure_use_api.rest.dto;
+
+import java.util.UUID;
+
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+
+public class IdActionDto {
+
+    @Size(min = 1, max = 32)
+    private String actionType;
+
+    @NotNull
+    private UUID id;
+
+    public IdActionDto(UUID id, String actionType) {
+        this.id = id;
+        this.actionType = actionType;
+    }
+
+    public UUID getId() {
+        return this.id;
+    }
+
+    public String getActionType() {
+        return this.actionType;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/RefreshTokenDto.java b/securety_api/src/main/java/com/secure_use_api/rest/dto/RefreshTokenDto.java
new file mode 100644
index 0000000..8558de8
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/dto/RefreshTokenDto.java
@@ -0,0 +1,21 @@
+package com.secure_use_api.rest.dto;
+
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+
+public class RefreshTokenDto {
+
+    @NotNull(message = "RefreshToken cannot be null")
+    @NotEmpty(message = "RefreshToken cannot be empty")
+    @Size(min = 8, max = 4096)
+    private String refreshToken;
+
+    public RefreshTokenDto() {
+        this.refreshToken = "";
+    }
+
+    public String getRefreshToken() {
+        return this.refreshToken;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/ResourceLimitLeftDto.java b/securety_api/src/main/java/com/secure_use_api/rest/dto/ResourceLimitLeftDto.java
new file mode 100644
index 0000000..adee85b
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/dto/ResourceLimitLeftDto.java
@@ -0,0 +1,30 @@
+package com.secure_use_api.rest.dto;
+
+import jakarta.validation.constraints.Max;
+import jakarta.validation.constraints.Min;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+
+public class ResourceLimitLeftDto {
+
+    @NotNull
+    @Min(-999999999)
+    @Max(999999999)
+    private final long time;
+
+    @Size(min = 1, max = 32)
+    private final String unitType;
+
+    public ResourceLimitLeftDto(long time, String unitType) {
+        this.time = time;
+        this.unitType = unitType;
+    }
+
+    public long getTime() {
+        return this.time;
+    }
+
+    public String getUnitType() {
+        return this.unitType;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/TokensDto.java b/securety_api/src/main/java/com/secure_use_api/rest/dto/TokensDto.java
new file mode 100644
index 0000000..97988c8
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/dto/TokensDto.java
@@ -0,0 +1,26 @@
+package com.secure_use_api.rest.dto;
+
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+
+public class TokensDto {
+    @NotNull
+    @Size(min = 8, max = 4096)
+    private final String token;
+
+    @Size(min = 8, max = 4096)
+    private final String refreshToken;
+
+    public TokensDto(String token, String refreshToken) {
+        this.token = token;
+        this.refreshToken = refreshToken;
+    }
+
+    public String getToken() {
+        return this.token;
+    }
+
+    public String getRefreshToken() {
+        return this.refreshToken;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/UserLoginDto.java b/securety_api/src/main/java/com/secure_use_api/rest/dto/UserLoginDto.java
new file mode 100644
index 0000000..c35871b
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/dto/UserLoginDto.java
@@ -0,0 +1,33 @@
+package com.secure_use_api.rest.dto;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+
+public class UserLoginDto {
+
+    @NotNull(message = "Email cannot be null")
+    @NotEmpty(message = "Email cannot be empty")
+    @Size(min = 4, max = 56)
+    @Email
+    private String email;
+
+    @NotNull(message = "Password cannot be null")
+    @NotEmpty(message = "Password cannot be empty")
+    @Size(min = 8, max = 56)
+    private String password;
+
+    public UserLoginDto() {
+        this.email = "";
+        this.password = "";
+    }
+
+    public String getEmail() {
+        return this.email;
+    }
+
+    public String getPassword() {
+        return this.password;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/UserRegistrationDto.java b/securety_api/src/main/java/com/secure_use_api/rest/dto/UserRegistrationDto.java
new file mode 100644
index 0000000..70e9190
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/dto/UserRegistrationDto.java
@@ -0,0 +1,28 @@
+package com.secure_use_api.rest.dto;
+
+import jakarta.validation.constraints.Email;
+import jakarta.validation.constraints.NotEmpty;
+import jakarta.validation.constraints.NotNull;
+import jakarta.validation.constraints.Size;
+
+public class UserRegistrationDto {
+
+    @NotNull(message = "Email cannot be null")
+    @NotEmpty(message = "Email cannot be empty")
+    @Size(min = 4, max = 56)
+    @Email
+    private String email;
+
+    @NotNull(message = "Password cannot be null")
+    @NotEmpty(message = "Password cannot be empty")
+    @Size(min = 8, max = 56)
+    private String password;
+
+    public String getEmail() {
+        return this.email;
+    }
+
+    public String getPassword() {
+        return this.password;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuditLogMiddleware.java b/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuditLogMiddleware.java
new file mode 100644
index 0000000..4350f43
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuditLogMiddleware.java
@@ -0,0 +1,83 @@
+package com.secure_use_api.rest.middleware;
+
+import java.io.IOException;
+import java.time.OffsetDateTime;
+import java.time.format.DateTimeFormatter;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+import org.springframework.web.util.ContentCachingResponseWrapper;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import com.secure_use_api.security.UserAuthentication;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+@Component
+public class AuditLogMiddleware extends OncePerRequestFilter {
+    private static final DateTimeFormatter dateTimeFormatter = DateTimeFormatter.ofPattern("dd/MMM/yyyy:HH:mm:ss Z");
+
+    private final Logger logger = LoggerFactory.getLogger(AuditLogMiddleware.class);
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        System.out.println("AuditLogMiddleware start");
+
+        // Needing cachedResponse for getting Body which is a one time readable stream.
+        // With not doing it that way but reading the body here, result in an empty body
+        // for the client.
+        ContentCachingResponseWrapper cachedResponse = new ContentCachingResponseWrapper(response);
+
+        String requestTime = OffsetDateTime.now().format(dateTimeFormatter);
+        String host = request.getRemoteAddr();
+        String method = request.getMethod();
+        String requestURI = request.getRequestURI();
+        String protocol = request.getProtocol();
+        String referer = request.getHeader("Referer");
+        String userAgent = request.getHeader("User-Agent");
+
+        // Continue the filter chain
+        filterChain.doFilter(request, cachedResponse);
+
+        Authentication anonymousUser = SecurityContextHolder.getContext().getAuthentication();
+        UserAuthentication user = null;
+
+        System.out.println(anonymousUser);
+
+        // If user is know and of instance UserAuthentication and not
+        // org.springframework.security.authentication.AnonymousAuthenticationToken
+        if (anonymousUser != null && anonymousUser instanceof UserAuthentication) {
+            user = (UserAuthentication) anonymousUser;
+        }
+
+        // Log the response details
+        int status = cachedResponse.getStatus();
+        byte[] responseBody = cachedResponse.getContentAsByteArray();
+
+        String logEntry = String.format("%s - %s [%s] \"%s %s %s\" %d %d %s %s",
+                host,
+                user != null ? user.getUserId() : "-",
+                requestTime,
+                method,
+                requestURI,
+                protocol,
+                status,
+                responseBody.length,
+                referer != null ? "\"" + referer + "\"" : "-",
+                userAgent != null ? "\"" + userAgent + "\"" : "-");
+
+        logger.info(logEntry);
+
+        cachedResponse.copyBodyToResponse();
+
+        System.out.println("AuditLogMiddleware end");
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthenticationMiddleware.java b/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthenticationMiddleware.java
new file mode 100644
index 0000000..1fb2668
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthenticationMiddleware.java
@@ -0,0 +1,83 @@
+package com.secure_use_api.rest.middleware;
+
+import java.io.IOException;
+import java.util.Optional;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import com.secure_use_api.exceptions.ExceptionResponse;
+import com.secure_use_api.exceptions.Exceptions.ExpiredException;
+import com.secure_use_api.exceptions.Exceptions.InvalidException;
+import com.secure_use_api.rest.service.ApiTokenService;
+import com.secure_use_api.security.UserAuthentication;
+import com.secure_use_api.token.AccessToken;
+import com.secure_use_api.token.ApiToken;
+
+@Component
+public class AuthenticationMiddleware extends OncePerRequestFilter {
+    @Autowired
+    private ApiTokenService service;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        System.out.println("AuthenticationMiddleware start");
+
+        String authorizationHeader = request.getHeader("Authorization");
+
+        System.out.println("hey");
+        System.out.println(authorizationHeader);
+
+        if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
+            try {
+                // Extract the token by removing the "Bearer " prefix
+                String jwtString = authorizationHeader.substring(7);
+                Optional<AccessToken> accessTokenOptional = ApiToken.fromTokenString(jwtString);
+                AccessToken accessToken;
+                Optional<ApiToken> apiToken;
+
+                if (!accessTokenOptional.isPresent()) {
+                    throw new InvalidException("Authorization Header does not contain a Valid AccessToken");
+                }
+
+                accessToken = accessTokenOptional.get();
+                apiToken = ApiToken.fromAccessToken(accessToken);
+
+                // If the accessToken is an apiToken (accessToken without expireTime)
+                if (apiToken.isPresent()) {
+                    // Since ApiTokens don't have an expire time, we check presents in db to make
+                    // them manually revokable by removing
+                    if (this.service.get(accessToken.getUid(), accessToken.getUserId()).isEmpty()) {
+                        throw new ExpiredException("Token has expire");
+                    }
+                }
+
+                UserAuthentication user = new UserAuthentication(accessToken.getUserId(), accessToken.getEmail(),
+                        accessToken.getRoles());
+
+                SecurityContextHolder.getContext().setAuthentication(user);
+            } catch (InvalidException | ExpiredException e) {
+                ExceptionResponse exRes = new ExceptionResponse(HttpStatus.UNAUTHORIZED, "Authentication Token wrong",
+                        request.getRequestURI());
+
+                exRes.writeToResponse(response, request);
+
+                return;
+            }
+        }
+
+        filterChain.doFilter(request, response);
+
+        System.out.println("AuthenticationMiddleware end");
+    }
+
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthorizationMiddleware.java b/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthorizationMiddleware.java
new file mode 100644
index 0000000..8dd048e
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthorizationMiddleware.java
@@ -0,0 +1,73 @@
+package com.secure_use_api.rest.middleware;
+
+import java.io.IOException;
+import java.lang.reflect.Method;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import com.secure_use_api.exceptions.ExceptionResponse;
+import com.secure_use_api.security.RequireScope;
+import com.secure_use_api.security.Role;
+import com.secure_use_api.security.UserAuthentication;
+
+import org.springframework.web.servlet.HandlerInterceptor;
+
+@Component
+public class AuthorizationMiddleware implements HandlerInterceptor {
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws ServletException, IOException {
+
+        System.out.println("AuthorizationMiddleware start");
+
+        // Checking for handler to get the target controller method and associated
+        // Annotations (Reason why this is an implementation from HandlerInterceptor and
+        // not Filter)
+
+        if (handler != null && handler instanceof HandlerMethod) {
+            HandlerMethod handlerMethod = (HandlerMethod) handler;
+            Method method = handlerMethod.getMethod();
+            RequireScope requireScope = method.getAnnotation(RequireScope.class);
+
+            if (requireScope != null) {
+                String[] requiredScopes = requireScope.value();
+                UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext()
+                        .getAuthentication();
+
+                // If no user is present, but the method has at leas an empty @RequireScope,
+                // access is permitted
+                if (user == null) {
+                    ExceptionResponse exRes = new ExceptionResponse(HttpStatus.UNAUTHORIZED,
+                            HttpStatus.UNAUTHORIZED.getReasonPhrase(),
+                            request.getRequestURI());
+
+                    exRes.writeToResponse(response, request);
+
+                    return false;
+                }
+
+                // Check if the user has the required Scopes
+                if (!Role.checkScope(user.getRoles(), requiredScopes)) {
+                    ExceptionResponse exRes = new ExceptionResponse(HttpStatus.FORBIDDEN,
+                            HttpStatus.FORBIDDEN.getReasonPhrase(),
+                            request.getRequestURI());
+
+                    exRes.writeToResponse(response, request);
+
+                    return false;
+                }
+            }
+        }
+
+        System.out.println("AuthorizationMiddleware end");
+
+        return true; // Continue the request
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/ExceptionHandlerMiddleware.java b/securety_api/src/main/java/com/secure_use_api/rest/middleware/ExceptionHandlerMiddleware.java
new file mode 100644
index 0000000..dc1dee6
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/middleware/ExceptionHandlerMiddleware.java
@@ -0,0 +1,26 @@
+package com.secure_use_api.rest.middleware;
+
+import java.io.IOException;
+
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import com.secure_use_api.exceptions.ExceptionResponse;
+
+// Allows Filters to throw the custom ExceptionResponse which is written to the response and is made to be read by the client
+@Component
+public class ExceptionHandlerMiddleware extends OncePerRequestFilter {
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+        try {
+            filterChain.doFilter(request, response);
+        } catch (ExceptionResponse e) {
+            e.writeToResponse(response, request);
+        }
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/RateLimitMiddleware.java b/securety_api/src/main/java/com/secure_use_api/rest/middleware/RateLimitMiddleware.java
new file mode 100644
index 0000000..5c824cc
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/middleware/RateLimitMiddleware.java
@@ -0,0 +1,45 @@
+package com.secure_use_api.rest.middleware;
+
+import java.io.IOException;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import com.google.common.util.concurrent.RateLimiter;
+
+import jakarta.servlet.FilterChain;
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import com.secure_use_api.exceptions.ExceptionResponse;
+import com.secure_use_api.util.Config;
+
+@Component
+public class RateLimitMiddleware extends OncePerRequestFilter {
+
+    // Create a rate limiter allowing 1000 requests per second
+    private RateLimiter rateLimiter = RateLimiter.create(Config.getInstance().getRateLimitPerSecond());
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
+            throws ServletException, IOException {
+
+        System.out.println("RateLimitMiddleware start");
+
+        // Acquire a permit or return 429 Too Many Requests
+        if (!rateLimiter.tryAcquire()) {
+            ExceptionResponse exRes = new ExceptionResponse(HttpStatus.TOO_MANY_REQUESTS, new String("Try again later"),
+                    request.getRequestURI());
+
+            exRes.writeToResponse(response, request);
+
+            return;
+        }
+
+        filterChain.doFilter(request, response);
+
+        System.out.println("RateLimitMiddleware end");
+    }
+
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/ResourceLimitMiddleware.java b/securety_api/src/main/java/com/secure_use_api/rest/middleware/ResourceLimitMiddleware.java
new file mode 100644
index 0000000..d955a65
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/middleware/ResourceLimitMiddleware.java
@@ -0,0 +1,92 @@
+package com.secure_use_api.rest.middleware;
+
+import java.io.IOException;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+import java.lang.reflect.Method;
+import java.time.Instant;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.lang.Nullable;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import jakarta.servlet.ServletException;
+import jakarta.servlet.http.HttpServletRequest;
+import jakarta.servlet.http.HttpServletResponse;
+import com.secure_use_api.exceptions.ExceptionResponse;
+import com.secure_use_api.rest.service.UserService;
+import com.secure_use_api.security.UserAuthentication;
+
+@Component
+public class ResourceLimitMiddleware implements HandlerInterceptor {
+
+    // Is used to resource limit controller methods with this annotation
+    @Retention(RetentionPolicy.RUNTIME)
+    @Target(ElementType.METHOD)
+    public @interface ResourceLimited {}
+
+    @Autowired
+    private UserService userService;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws ServletException, IOException {
+
+        System.out.println("ResourceLimitMiddleware start");
+
+        if (handler != null && handler instanceof HandlerMethod) {
+            HandlerMethod handlerMethod = (HandlerMethod) handler;
+            Method method = handlerMethod.getMethod();
+            ResourceLimited performResourceLimit = method.getAnnotation(ResourceLimited.class);
+
+            if (performResourceLimit != null) {
+                UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext()
+                        .getAuthentication();
+
+                long resourceLimitLeft = userService.getResourceLimitLeft(user.getUserId());
+
+                if (resourceLimitLeft <= 0) {
+                    ExceptionResponse exRes = new ExceptionResponse(HttpStatus.FORBIDDEN,
+                            "Daily ResourceLimit reached",
+                            request.getRequestURI());
+
+                    exRes.writeToResponse(response, request);
+
+                    return false;
+                }
+
+                long preTimestampInSeconds = Instant.now().getEpochSecond();
+
+                request.setAttribute("ResourceLimitMiddleware__resourceLimitLeft", resourceLimitLeft);
+                request.setAttribute("ResourceLimitMiddleware__preTimestampInSeconds", preTimestampInSeconds);
+            }
+        }
+
+        return true;
+    }
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+            @Nullable ModelAndView modelAndView) throws Exception {
+        UserAuthentication user = (UserAuthentication) SecurityContextHolder.getContext()
+                .getAuthentication();
+        Long resourceLimitLeft = (Long) request.getAttribute("ResourceLimitMiddleware__resourceLimitLeft");
+        Long preTimestampInSeconds = (Long) request.getAttribute("ResourceLimitMiddleware__preTimestampInSeconds");
+
+        if (resourceLimitLeft != null && preTimestampInSeconds != null) {
+            long postTimestampInSeconds = Instant.now().getEpochSecond();
+
+            userService.setResourceLimitLeft(user.getUserId(),
+                    resourceLimitLeft - (postTimestampInSeconds - preTimestampInSeconds));
+        }
+
+        System.out.println("ResourceLimitMiddleware end");
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/service/ApiTokenService.java b/securety_api/src/main/java/com/secure_use_api/rest/service/ApiTokenService.java
new file mode 100644
index 0000000..049745c
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/service/ApiTokenService.java
@@ -0,0 +1,68 @@
+package com.secure_use_api.rest.service;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import jakarta.transaction.Transactional;
+import com.secure_use_api.model.ApiTokenModel;
+import com.secure_use_api.repository.ApiTokenRepository;
+import com.secure_use_api.security.Role;
+import com.secure_use_api.token.ApiToken;
+
+@Service
+public class ApiTokenService {
+    @Autowired
+    private ApiTokenRepository apiTokenRepo;
+
+    @Transactional
+    public ApiToken create(UUID userId, String email) {
+        ArrayList<Role> roles = new ArrayList<>();
+        ApiToken apiToken;
+
+        roles.add(new Role(Role.Roles.API_TOKEN));
+
+        apiToken = new ApiToken(userId, email, roles);
+
+        ApiTokenModel apiTokenModel = new ApiTokenModel();
+        apiTokenModel.setUid(apiToken.getUid());
+        apiTokenModel.setToken(apiToken.toTokenString());
+        apiTokenModel.setOwner(userId);
+
+        apiTokenRepo.save(apiTokenModel);
+
+        return apiToken;
+    }
+
+    @Transactional
+    public Optional<ApiToken> get(UUID tokenId, UUID ownerId) {
+        ApiTokenModel apiTokenModel = this.apiTokenRepo.findByUidAndOwner(tokenId, ownerId);
+
+        if (apiTokenModel != null) {
+            return ApiToken.fromString(apiTokenModel.getToken());
+        }
+
+        return Optional.empty();
+    }
+
+    @Transactional
+    public List<String> getAllAsStrings(UUID userId) {
+        List<ApiTokenModel> apiTokenModelList = this.apiTokenRepo.findByOwner(userId);
+        List<String> apiTokenList = new ArrayList<>();
+
+        for (ApiTokenModel apiTokenModel : apiTokenModelList) {
+            apiTokenList.add(apiTokenModel.getToken());
+        }
+
+        return apiTokenList;
+    }
+
+    @Transactional
+    public int delete(UUID tokenId, UUID ownerId) {
+        return this.apiTokenRepo.deleteByUidAndOwner(tokenId, ownerId);
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/service/AuthenticationService.java b/securety_api/src/main/java/com/secure_use_api/rest/service/AuthenticationService.java
new file mode 100644
index 0000000..ac646dd
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/service/AuthenticationService.java
@@ -0,0 +1,87 @@
+package com.secure_use_api.rest.service;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.stereotype.Service;
+
+import de.mkammerer.argon2.Argon2;
+import de.mkammerer.argon2.Argon2Factory;
+import jakarta.transaction.Transactional;
+import com.secure_use_api.exceptions.Exceptions.UserAlreadyExists;
+import com.secure_use_api.model.UserMetaModel;
+import com.secure_use_api.model.UserSecurityModel;
+import com.secure_use_api.repository.UserMetaRepository;
+import com.secure_use_api.repository.UserSecurityRepository;
+import com.secure_use_api.security.Role;
+import com.secure_use_api.security.UserDetailsImpl;
+import com.secure_use_api.token.AccessToken;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.UUID;
+
+@Service
+public class AuthenticationService {
+    @Autowired
+    private UserMetaRepository userMetaRepo;
+
+    @Autowired
+    private UserSecurityRepository userSecurityRepo;
+
+    @Autowired
+    private AuthenticationManager authManager;
+
+    // * Must be the same as in the CustomAuthProvider.java
+    private final Argon2 passwordEncoder = Argon2Factory.create();
+
+    @Transactional
+    public UUID register(String username, String password) throws UserAlreadyExists {
+
+        // Check if user already exists
+        if (userMetaRepo.findByEmail(username).isPresent()) {
+            throw new UserAlreadyExists("Username is already taken.");
+        }
+
+        // Create new user
+        ArrayList<String> roles = new ArrayList<>();
+        UserMetaModel userMeta;
+
+        roles.add(new Role(Role.Roles.USER).toString());
+
+        userMeta = new UserMetaModel();
+
+        userMeta.setEmail(username);
+        userMeta.setRoles(roles);
+        userMetaRepo.save(userMeta);
+
+        UserSecurityModel userSecurity = new UserSecurityModel();
+        String passwordHash = passwordEncoder.hash(22, 65536, 1, password.toCharArray());
+
+        userSecurity.setUserMeta(userMeta);
+        userSecurity.setPassword(passwordHash);
+        userSecurityRepo.save(userSecurity);
+
+        return userMeta.getUserId();
+    }
+
+    @Transactional(dontRollbackOn = AuthenticationException.class)
+    public AccessToken login(String username, String password) throws AuthenticationException {
+        Authentication authentication = authManager.authenticate(
+                new UsernamePasswordAuthenticationToken(username, password));
+
+        UserDetailsImpl user = (UserDetailsImpl) authentication.getPrincipal();
+
+        Collection<Role> roles = user.getAuthorities();
+
+        AccessToken accessToken = new AccessToken(user.getUserId(), user.getUsername(), new ArrayList<>(roles));
+
+        return accessToken;
+    }
+
+    public void delete(UUID userId) {
+        userMetaRepo.deleteById(userId);
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/service/RefreshTokenService.java b/securety_api/src/main/java/com/secure_use_api/rest/service/RefreshTokenService.java
new file mode 100644
index 0000000..e9745e1
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/service/RefreshTokenService.java
@@ -0,0 +1,59 @@
+package com.secure_use_api.rest.service;
+
+import java.sql.Timestamp;
+import java.util.Date;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import jakarta.transaction.Transactional;
+import com.secure_use_api.exceptions.Exceptions.ExpiredException;
+import com.secure_use_api.exceptions.Exceptions.InvalidException;
+import com.secure_use_api.model.RefreshTokenModel;
+import com.secure_use_api.repository.RefreshTokenRepository;
+import com.secure_use_api.token.AccessToken;
+import com.secure_use_api.token.RefreshToken;
+
+@Service
+public class RefreshTokenService {
+
+    @Autowired
+    private RefreshTokenRepository refreshTokenRepo;
+
+    @Transactional
+    public RefreshToken create(AccessToken accessToken) {
+        RefreshToken refreshToken = new RefreshToken(accessToken.getUid());
+
+        RefreshTokenModel refreshTokenModel = new RefreshTokenModel();
+        refreshTokenModel.setUid(refreshToken.getUid());
+        refreshTokenModel.setSpouse(refreshToken.getSpouseId());
+        refreshTokenModel.setExpireAt(new Timestamp(refreshToken.getExpiresAt().getTime()));
+
+        refreshTokenRepo.save(refreshTokenModel);
+
+        return refreshToken;
+    }
+
+    @Transactional
+    public AccessToken devaluate(RefreshToken refreshToken, AccessToken spouseToken)
+            throws ExpiredException, InvalidException {
+        Date currentTime = new Date();
+
+        // Check if expiredAt Date is in the past
+        if (refreshToken.getExpiresAt().before(currentTime)) {
+            throw new ExpiredException("RefreshToken is expired");
+        }
+
+        int deletedCount = refreshTokenRepo.deleteExpiredToken(refreshToken.getUid(), spouseToken.getUid(),
+                currentTime);
+
+        if (deletedCount == 0) {
+            throw new InvalidException("RefreshToken is not valid");
+        }
+
+        AccessToken accessToken = new AccessToken(spouseToken.getUserId(), spouseToken.getEmail(),
+                spouseToken.getRoles());
+
+        return accessToken;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/service/UserService.java b/securety_api/src/main/java/com/secure_use_api/rest/service/UserService.java
new file mode 100644
index 0000000..86fa310
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/rest/service/UserService.java
@@ -0,0 +1,92 @@
+package com.secure_use_api.rest.service;
+
+import java.sql.Timestamp;
+import java.time.Instant;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.UUID;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import jakarta.transaction.Transactional;
+import com.secure_use_api.model.UserAdditionsModel;
+import com.secure_use_api.model.UserMetaModel;
+import com.secure_use_api.repository.UserAdditionsRepository;
+import com.secure_use_api.repository.UserMetaRepository;
+import com.secure_use_api.util.Config;
+
+@Service
+public class UserService {
+
+    public static int timeLimitPerDayInSeconds = Config.getInstance().getResourceLimitPerDay();
+
+    @Autowired
+    private UserMetaRepository userMetaRepo;
+
+    @Autowired
+    private UserAdditionsRepository userAdditionsRepo;
+
+    @Transactional
+    public void createUserAdditions(UUID userId) {
+        // This is a db call which is needed to get the userMeta.
+        // Other approaches are getting it as parameter which require returning
+        // the Entity by the other service function (exposing the Model)
+        // The other would be using a single Service doing all stuff
+        // which creates a tighter coupling causing less flexible and separation of
+        // concerns
+        UserMetaModel userMeta = userMetaRepo.findById(userId).get();
+
+        UserAdditionsModel userAdditionsModel = new UserAdditionsModel();
+        userAdditionsModel.setUserMeta(userMeta);
+        userAdditionsModel.setResourceLimitUsed(0);
+
+        userAdditionsRepo.save(userAdditionsModel);
+    }
+
+    @Transactional
+    private long getResourceTimeUsed(UUID userId) {
+        // SELECT used WHERE uid = 1? AND lastUpdated = today;
+        // if used == 0 null = 0
+        // Get today's date without time
+        Calendar calendar = Calendar.getInstance();
+        calendar.set(Calendar.HOUR_OF_DAY, 0);
+        calendar.set(Calendar.MINUTE, 0);
+        calendar.set(Calendar.SECOND, 0);
+        calendar.set(Calendar.MILLISECOND, 0);
+        Date todayStart = calendar.getTime();
+
+        calendar.set(Calendar.HOUR_OF_DAY, 23);
+        calendar.set(Calendar.MINUTE, 59);
+        calendar.set(Calendar.SECOND, 59);
+        Date todayEnd = calendar.getTime();
+
+        UserAdditionsModel userAdditionsModel = userAdditionsRepo.findByUidAndToday(userId,
+                new Timestamp(todayStart.getTime()), new Timestamp(todayEnd.getTime()));
+
+        // If not userAdditionsModel was found, it may hint that the last update was not
+        // done today, so the user has currently used 0 resources (or the user is not
+        // present in db)
+        if (userAdditionsModel == null) {
+            return 0;
+        } else {
+            return userAdditionsModel.getResourceLimitUsed();
+        }
+    }
+
+    public long getResourceLimitLeft(UUID userId) {
+        long resourceTimeUsed = getResourceTimeUsed(userId);
+
+        return timeLimitPerDayInSeconds - resourceTimeUsed;
+    }
+
+    @Transactional
+    public int setResourceLimitLeft(UUID userId, long resourceLimitLeft) {
+        // Recalculating the OverallResourceTimeUsed, depending on the resourceLimitLeft
+        long resourceTimeUsed = (resourceLimitLeft - timeLimitPerDayInSeconds) * -1;
+        int updateCount = userAdditionsRepo.UpdateResourceTimeUsedAndLastChangedAtByUid(userId, resourceTimeUsed,
+                Timestamp.from(Instant.now()));
+
+        return updateCount;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/security/CustomAuthProvider.java b/securety_api/src/main/java/com/secure_use_api/security/CustomAuthProvider.java
new file mode 100644
index 0000000..fb2e99c
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/security/CustomAuthProvider.java
@@ -0,0 +1,71 @@
+package com.secure_use_api.security;
+
+import java.sql.Timestamp;
+import java.util.Date;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Component;
+
+import de.mkammerer.argon2.Argon2;
+import de.mkammerer.argon2.Argon2Factory;
+import com.secure_use_api.model.UserComposite;
+import com.secure_use_api.model.UserMetaModel;
+import com.secure_use_api.model.UserSecurityModel;
+import com.secure_use_api.repository.UserMetaRepository;
+import com.secure_use_api.repository.UserSecurityRepository;
+
+@Component
+public class CustomAuthProvider implements AuthenticationProvider {
+
+    @Autowired
+    private UserMetaRepository userMetaRepository;
+
+    @Autowired
+    private UserSecurityRepository userSecurityRepository;
+
+    private final Argon2 passwordEncoder = Argon2Factory.create();
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        String email = authentication.getName();
+        String password = authentication.getCredentials().toString();
+
+        UserComposite user = loadUserByUsername(email);
+        UserDetailsImpl userDetails = UserDetailsImpl.build(user);
+
+        if (!passwordEncoder.verify(userDetails.getPassword(), password.toCharArray())) {
+            int failedLogInAttempts = user.getUserSecurity().getFailedLogInAttempts() + 1;
+
+            user.getUserSecurity().setFailedLogInAttempts(failedLogInAttempts);
+            this.userSecurityRepository.save(user.getUserSecurity());
+
+            throw new BadCredentialsException("Invalid password");
+        }
+
+        user.getUserSecurity().setFailedLogInAttempts(0);
+        user.getUserSecurity().setLastLogInAt(new Timestamp(new Date().getTime()));
+        this.userSecurityRepository.save(user.getUserSecurity());
+
+        return new UsernamePasswordAuthenticationToken(userDetails, password, userDetails.getAuthorities());
+    }
+
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication);
+    }
+
+    private UserComposite loadUserByUsername(String email) throws UsernameNotFoundException {
+        UserMetaModel userMeta = userMetaRepository.findByEmail(email) //
+                .orElseThrow(() -> new UsernameNotFoundException("User Not Found with email: " + email));
+
+        UserSecurityModel userSecurity = userSecurityRepository.findById(userMeta.getUserId()).get();
+
+        return new UserComposite(userMeta, userSecurity);
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/security/RequireScope.java b/securety_api/src/main/java/com/secure_use_api/security/RequireScope.java
new file mode 100644
index 0000000..3569b7c
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/security/RequireScope.java
@@ -0,0 +1,12 @@
+package com.secure_use_api.security;
+
+import java.lang.annotation.Retention;
+import java.lang.annotation.Target;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.RetentionPolicy;
+
+@Retention(RetentionPolicy.RUNTIME)
+@Target(ElementType.METHOD)
+public @interface RequireScope {
+    String[] value(); // Define the scopes required for the method
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/security/Role.java b/securety_api/src/main/java/com/secure_use_api/security/Role.java
new file mode 100644
index 0000000..000ac4b
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/security/Role.java
@@ -0,0 +1,73 @@
+package com.secure_use_api.security;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import org.springframework.security.core.GrantedAuthority;
+
+public class Role implements GrantedAuthority {
+
+    public static enum Roles {
+        API_TOKEN,
+        USER,
+    }
+
+    private static final Map<Roles, List<String>> roleScopesMap = new HashMap<>();
+
+    static {
+        // Initialize the map with roles and their corresponding scopes
+        roleScopesMap.put(Roles.USER, List.of("authenticated", "account:read", "account:delete", "token:create",
+                "token:read", "token:delete"));
+        roleScopesMap.put(Roles.API_TOKEN, List.of("authenticated", "account:read", "token:read"));
+    }
+
+    private final Roles role;
+
+    private Collection<String> scopes;
+
+    public static boolean checkScope(Collection<Role> roles, String[] requiredScopes) {
+        List<String> requiredScopesList = new ArrayList<>(Arrays.asList(requiredScopes));
+
+        for (Role role : roles) {
+            if (requiredScopesList.isEmpty()) {
+                break;
+            }
+
+            requiredScopesList.removeAll(role.getScopes());
+        }
+
+        // If all requiredScopes where removed by being present in roles, the check is
+        // successful
+        return requiredScopesList.isEmpty();
+    }
+
+    public Role(Roles role) {
+        this.role = role;
+
+        Collection<String> scopes = roleScopesMap.get(role);
+
+        this.scopes = scopes != null ? scopes : List.of();
+    }
+
+    @Override
+    public String getAuthority() {
+        return this.role.toString();
+    }
+
+    public Collection<String> getScopes() {
+        return this.scopes;
+    }
+
+    @Override
+    public String toString() {
+        return this.role.toString();
+    }
+
+    public static Role fromString(String roleString) {
+        return new Role(Roles.valueOf(roleString));
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/security/SecurityConfig.java b/securety_api/src/main/java/com/secure_use_api/security/SecurityConfig.java
new file mode 100644
index 0000000..d3c1f8b
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/security/SecurityConfig.java
@@ -0,0 +1,72 @@
+package com.secure_use_api.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.context.SecurityContextHolderFilter;
+import org.springframework.security.web.session.DisableEncodeUrlFilter;
+
+import com.secure_use_api.exceptions.CustomAuthenticationEntryPoint;
+import com.secure_use_api.rest.middleware.AuditLogMiddleware;
+import com.secure_use_api.rest.middleware.AuthenticationMiddleware;
+import com.secure_use_api.rest.middleware.ExceptionHandlerMiddleware;
+import com.secure_use_api.rest.middleware.RateLimitMiddleware;
+
+@Configuration
+@EnableWebSecurity(debug = true)
+public class SecurityConfig {
+	@Autowired
+	private ExceptionHandlerMiddleware exceptionHandlerMiddleware;
+
+	@Autowired
+	private RateLimitMiddleware rateLimitMiddleware;
+
+	@Autowired
+	private AuthenticationMiddleware authenticationMiddleware;
+
+	@Autowired
+	private AuditLogMiddleware auditLogMiddleware;
+
+	@Bean
+	public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration)
+			throws Exception {
+		// Since CustomAuthProvider is annotated with @Component, spring detects it as
+		// Bean and use it for dependency injection in the automatically created default
+		// AuthenticationManager because it is implementing the AuthenticationProvider
+		return authenticationConfiguration.getAuthenticationManager();
+	}
+
+	@Bean
+	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
+		http.csrf(csrf -> csrf.disable()) // disable crsf because we are stateless (no cookies for authentication)
+			.authorizeHttpRequests((request) -> request
+					.requestMatchers(HttpMethod.GET, "/h2-console/**").permitAll()
+					.requestMatchers(HttpMethod.POST, "/auth/register", "/auth/login", "/h2-console/**").permitAll()
+					.requestMatchers(HttpMethod.PUT, "/auth/login").permitAll()
+					.requestMatchers("/error").permitAll()
+					.anyRequest().authenticated()) // Require all request except the above to be authenticated
+			.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+			.addFilterBefore(exceptionHandlerMiddleware, DisableEncodeUrlFilter.class) // The very first filter
+			.addFilterAfter(rateLimitMiddleware, ExceptionHandlerMiddleware.class)
+			.addFilterAfter(auditLogMiddleware, SecurityContextHolderFilter.class)
+			.addFilterAfter(authenticationMiddleware, AuditLogMiddleware.class)
+			.exceptionHandling((exception) -> exception
+					.authenticationEntryPoint(new CustomAuthenticationEntryPoint()));
+
+		// Need to set the AuditLog before AuthenticationMiddleware (and after
+		// SecurityContextHolderFilter to access it), because we also
+		// want to log errors happening in the AuthenticationMiddleware which would not
+		// be possible if being executed after it. We can still get the user if it
+		// exists after the request was processed (so getting it on the way out and not
+		// in)
+
+		return http.build();
+	}
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/security/UserAuthentication.java b/securety_api/src/main/java/com/secure_use_api/security/UserAuthentication.java
new file mode 100644
index 0000000..0cfe793
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/security/UserAuthentication.java
@@ -0,0 +1,76 @@
+package com.secure_use_api.security;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.UUID;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+
+public class UserAuthentication implements Authentication {
+
+    private final UUID userId; // Custom field for user ID
+    private final String email; // Username
+    private Object credentials;
+    private Object details;
+    private final Collection<Role> roles; // User roles
+    private boolean authenticated; // Authentication status
+
+    public UserAuthentication(UUID userId, String email, Collection<Role> authorities) {
+        this.userId = userId;
+        this.email = email;
+        this.roles = authorities != null ? authorities : new ArrayList<>();
+        this.authenticated = true; // Set to true upon successful authentication
+    }
+
+    @Override
+    public String getName() {
+        return this.email;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return this.roles;
+    }
+
+    @Override
+    public Object getCredentials() {
+        return this.credentials;
+    }
+
+    @Override
+    public Object getDetails() {
+        return this.details;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return this.email;
+    }
+
+    @Override
+    public boolean isAuthenticated() {
+        return this.authenticated;
+    }
+
+    @Override
+    public void setAuthenticated(boolean isAuthenticated) {
+        this.authenticated = isAuthenticated;
+    }
+
+    public UUID getUserId() {
+        return this.userId;
+    }
+
+    public Collection<Role> getRoles() {
+        return this.roles;
+    }
+
+    public void setCredentials(Object credentials) {
+        this.credentials = credentials;
+    }
+
+    public void setDetails(Object details) {
+        this.details = details;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/security/UserDetailsImpl.java b/securety_api/src/main/java/com/secure_use_api/security/UserDetailsImpl.java
new file mode 100644
index 0000000..0b67f41
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/security/UserDetailsImpl.java
@@ -0,0 +1,64 @@
+package com.secure_use_api.security;
+
+import java.util.Collection;
+import java.util.List;
+import java.util.UUID;
+import java.util.stream.Collectors;
+
+import org.springframework.security.core.userdetails.UserDetails;
+
+import com.fasterxml.jackson.annotation.JsonIgnore;
+
+import com.secure_use_api.model.UserComposite;
+
+public class UserDetailsImpl implements UserDetails {
+
+    private final UUID userId; // Custom field for user ID
+
+    private final String email; // Email
+
+    @JsonIgnore
+    private String password;
+
+    private final Collection<Role> authorities; // User roles
+
+    public UserDetailsImpl(UUID userId, String email, String password,
+            Collection<Role> authorities) {
+        this.userId = userId;
+        this.email = email;
+        this.password = password;
+        this.authorities = authorities;
+    }
+
+    public static UserDetailsImpl build(UserComposite user) {
+
+        List<Role> roles = user.getUserMeta().getRoles().stream()
+                .map(Role::fromString)
+                .collect(Collectors.toList());
+
+        return new UserDetailsImpl(
+                user.getUserMeta().getUserId(),
+                user.getUserMeta().getEmail(),
+                user.getUserSecurity().getPassword(),
+                roles);
+    }
+
+    public UUID getUserId() {
+        return this.userId;
+    }
+
+    @Override
+    public String getPassword() {
+        return this.password;
+    }
+
+    @Override
+    public String getUsername() {
+        return this.email;
+    }
+
+    @Override
+    public Collection<Role> getAuthorities() {
+        return this.authorities;
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/security/WebConfig.java b/securety_api/src/main/java/com/secure_use_api/security/WebConfig.java
new file mode 100644
index 0000000..74cd505
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/security/WebConfig.java
@@ -0,0 +1,43 @@
+package com.secure_use_api.security;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+import com.secure_use_api.rest.middleware.AuthorizationMiddleware;
+import com.secure_use_api.rest.middleware.ResourceLimitMiddleware;
+
+@Configuration
+public class WebConfig implements WebMvcConfigurer {
+
+    @Autowired
+    private AuthorizationMiddleware authorizationMiddleware;
+
+    @Autowired
+    private ResourceLimitMiddleware resourceLimitMiddleware;
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(authorizationMiddleware);
+
+        registry.addInterceptor(resourceLimitMiddleware)
+                .addPathPatterns("/user/**");
+
+        // Register the ResourceLimitMiddleware
+        // registry.addInterceptor(resourceLimitMiddleware)
+        // .addPathPatterns("/api/**") // Specify URL patterns for resource limit
+        // .order(1); // Ensure it runs after AuthorizationMiddleware
+    }
+
+    @Override
+    public void addCorsMappings(CorsRegistry registry) {
+        // Simply setting Access-Control Headers
+        registry.addMapping("/**")
+                // .allowedOrigins("https://example.com")
+                .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+                .allowedHeaders("Content-Type", "Authorization")
+                .allowCredentials(false);
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/token/AbstractToken.java b/securety_api/src/main/java/com/secure_use_api/token/AbstractToken.java
new file mode 100644
index 0000000..907d6e0
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/token/AbstractToken.java
@@ -0,0 +1,12 @@
+package com.secure_use_api.token;
+
+import java.lang.reflect.Type;
+import java.util.Map;
+
+import com.google.gson.reflect.TypeToken;
+
+public abstract class AbstractToken {
+    protected static Type payloadType = new TypeToken<Map<String, Object>>() {}.getType();
+
+    protected static SimpleTokenStringHandler tokenStringHandler;
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/token/AccessToken.java b/securety_api/src/main/java/com/secure_use_api/token/AccessToken.java
new file mode 100644
index 0000000..13ad6b8
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/token/AccessToken.java
@@ -0,0 +1,133 @@
+package com.secure_use_api.token;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.Optional;
+import java.util.UUID;
+import java.util.stream.Collectors;
+
+import com.google.gson.Gson;
+import com.secure_use_api.security.Role;
+import com.secure_use_api.util.Config;
+
+public class AccessToken extends AbstractToken {
+    static long expirationTime = 720000;
+    protected static SimpleTokenStringHandler tokenStringHandler = new JwtHandler(
+            Config.getInstance().getSecretAccessTokenKey());
+
+    protected final UUID uid;
+    protected final UUID userId;
+    protected final String email;
+    protected final List<Role> roles;
+    protected final Optional<Date> expiresAt;
+
+    public class InnerAccessToken {
+        public String jti;
+        public String sub;
+        public String userId;
+        public Long exp;
+        public List<String> roles;
+    }
+
+    public AccessToken(UUID userId, String email, List<Role> roles) {
+        this.uid = UUID.randomUUID();
+        this.userId = userId;
+        this.email = email;
+        this.roles = roles;
+        this.expiresAt = Optional.of(new Date(System.currentTimeMillis() + expirationTime));
+    }
+
+    protected AccessToken(UUID uid, UUID userId, String email, List<Role> roles, Optional<Date> expiresAt) {
+        this.uid = uid;
+        this.userId = userId;
+        this.email = email;
+        this.roles = roles;
+        this.expiresAt = expiresAt;
+    }
+
+    static public Optional<AccessToken> fromTokenString(String tokeString) throws IllegalArgumentException {
+        Optional<String> payloadString = tokenStringHandler.payloadFromTokenString(tokeString);
+
+        if (payloadString.isPresent()) {
+            Gson json = new Gson();
+            InnerAccessToken payload = json.fromJson(payloadString.get(), InnerAccessToken.class);
+
+            String uidString = payload.jti;
+            String email = payload.sub;
+            Long expiresAtLong = payload.exp;
+            String userIdString = payload.userId;
+            List<String> rolesAStrings = payload.roles;
+            List<Role> roles;
+
+            if (uidString == null || uidString.isEmpty()) {
+                throw new IllegalArgumentException("Missing uid");
+            }
+
+            if (userIdString == null || userIdString.isEmpty()) {
+                throw new IllegalArgumentException("Missing userId");
+            }
+
+            if (email == null || email.isEmpty()) {
+                throw new IllegalArgumentException("Missing email");
+            }
+
+            if (rolesAStrings == null) {
+                throw new IllegalArgumentException("No roles present");
+            } else {
+                roles = rolesAStrings.stream()
+                        .map(Role::fromString)
+                        .collect(Collectors.toList());
+            }
+
+            UUID uid = UUID.fromString(uidString);
+            UUID userId = UUID.fromString(userIdString);
+            Optional<Date> expiresAtDate = expiresAtLong != null ? Optional.of(new Date(expiresAtLong * 1000))
+                    : Optional.empty();
+
+            return Optional.of(new AccessToken(uid, userId, email, roles, expiresAtDate));
+        }
+
+        return Optional.empty();
+    }
+
+    public String toTokenString() {
+        Map<String, Object> payload = new HashMap<>();
+        List<String> rolesAsStrings = this.roles.stream()
+                .map(Role::toString)
+                .collect(Collectors.toList());
+
+        payload.put("jti", this.uid.toString());
+        payload.put("sub", this.email);
+        payload.put("iat", new Date().getTime() / 1000);
+        payload.put("userId", this.userId.toString());
+        payload.put("roles", rolesAsStrings);
+
+        if (this.expiresAt.isPresent()) {
+            payload.put("exp", this.expiresAt.get().getTime() / 1000);
+        }
+
+        return tokenStringHandler.payloadToTokenString(payload);
+    }
+
+    public UUID getUid() {
+        return this.uid;
+    }
+
+    public UUID getUserId() {
+        return this.userId;
+    }
+
+    public String getEmail() {
+        return this.email;
+    }
+
+    public List<Role> getRoles() {
+        return this.roles;
+    }
+
+    public boolean isLongLife() {
+        return !this.expiresAt.isPresent();
+    }
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/token/ApiToken.java b/securety_api/src/main/java/com/secure_use_api/token/ApiToken.java
new file mode 100644
index 0000000..0240120
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/token/ApiToken.java
@@ -0,0 +1,37 @@
+package com.secure_use_api.token;
+
+import java.util.List;
+import java.util.Optional;
+import java.util.UUID;
+
+import com.secure_use_api.security.Role;
+
+public class ApiToken extends AccessToken {
+    public static Optional<ApiToken> fromAccessToken(AccessToken accessToken) {
+        if (accessToken.isLongLife()) {
+            return Optional.of(new ApiToken(accessToken.getUid(), accessToken.getUserId(), accessToken.getEmail(),
+                    accessToken.getRoles()));
+        }
+
+        return Optional.empty();
+    }
+
+    public static Optional<ApiToken> fromString(String tokenString) {
+        Optional<AccessToken> accessTokenOptional = AccessToken.fromTokenString(tokenString);
+
+        if (accessTokenOptional.isPresent()) {
+            return ApiToken.fromAccessToken(accessTokenOptional.get());
+        }
+
+        return Optional.empty();
+    }
+
+    public ApiToken(UUID userId, String email, List<Role> roles) {
+        super(UUID.randomUUID(), userId, email, roles, Optional.empty());
+    }
+
+    private ApiToken(UUID uid, UUID userId, String email, List<Role> roles) {
+        super(uid, userId, email, roles, Optional.empty());
+    }
+
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/token/JwtHandler.java b/securety_api/src/main/java/com/secure_use_api/token/JwtHandler.java
new file mode 100644
index 0000000..b78a2c0
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/token/JwtHandler.java
@@ -0,0 +1,47 @@
+package com.secure_use_api.token;
+
+import java.lang.reflect.Type;
+import java.util.Base64;
+import java.util.Map;
+import java.util.Optional;
+
+import com.auth0.jwt.JWT;
+import com.auth0.jwt.JWTVerifier;
+import com.auth0.jwt.algorithms.Algorithm;
+import com.auth0.jwt.interfaces.DecodedJWT;
+import com.google.gson.reflect.TypeToken;
+
+public class JwtHandler implements SimpleTokenStringHandler {
+    public static Type payloadType = new TypeToken<Map<String, Object>>() {}.getType();
+
+    private Algorithm algorithm;
+    private JWTVerifier verifier;
+
+    public JwtHandler(String secretKey) {
+        this.algorithm = Algorithm.HMAC256(secretKey);
+        this.verifier = JWT.require(algorithm)
+            // .withIssuer("HAW-Hamburg")
+            .build();
+    }
+
+    @Override
+    public Optional<String> payloadFromTokenString(String tokeString) {
+
+        try {
+            DecodedJWT jwt = this.verifier.verify(tokeString);
+            byte[] decodedBytes = Base64.getDecoder().decode(jwt.getPayload());
+            String decodedString = new String(decodedBytes);
+
+            return Optional.of(decodedString);
+        } catch(Exception _e) {
+            System.out.println(_e);
+            return Optional.empty();
+        }
+    }
+
+    @Override
+    public String payloadToTokenString(Map<String, Object> payload) {
+        return JWT.create().withPayload(payload).sign(this.algorithm);
+    }
+
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/token/PasetoHandler.java b/securety_api/src/main/java/com/secure_use_api/token/PasetoHandler.java
new file mode 100644
index 0000000..6de87ea
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/token/PasetoHandler.java
@@ -0,0 +1,19 @@
+package com.secure_use_api.token;
+
+import java.util.Map;
+import java.util.Optional;
+
+public class PasetoHandler implements SimpleTokenStringHandler {
+    @Override
+    public Optional<String> payloadFromTokenString(String tokeString) {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'payloadFromTokenString'");
+    }
+
+    @Override
+    public String payloadToTokenString(Map<String,Object> payload) {
+        // TODO Auto-generated method stub
+        throw new UnsupportedOperationException("Unimplemented method 'payloadToTokenString'");
+    }
+    
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/token/RefreshToken.java b/securety_api/src/main/java/com/secure_use_api/token/RefreshToken.java
new file mode 100644
index 0000000..480b77f
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/token/RefreshToken.java
@@ -0,0 +1,95 @@
+package com.secure_use_api.token;
+
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Optional;
+import java.util.UUID;
+
+import com.google.gson.Gson;
+import com.secure_use_api.util.Config;
+
+public class RefreshToken extends AbstractToken {
+    static long expirationTime = 2592000000L; // 30 day
+    protected static SimpleTokenStringHandler tokenStringHandler = new JwtHandler(
+            Config.getInstance().getSecretRefreshTokenKey());
+
+    protected final UUID uid;
+    protected final UUID spouseId;
+    protected final Date expiresAt;
+
+    public class InnerAccessToken {
+        public String jti;
+        public String spouseId;
+        public Long exp;
+    }
+
+    public RefreshToken(UUID spouseId) {
+        this.uid = UUID.randomUUID();
+        this.spouseId = spouseId;
+        this.expiresAt = new Date(System.currentTimeMillis() + expirationTime);
+    }
+
+    protected RefreshToken(UUID uid, UUID spouseId, Date expiresAt) {
+        this.uid = uid;
+        this.spouseId = spouseId;
+        this.expiresAt = expiresAt;
+    }
+
+    static public Optional<RefreshToken> fromTokenString(String tokeString) throws IllegalArgumentException {
+        Optional<String> payloadString = tokenStringHandler.payloadFromTokenString(tokeString);
+
+        if (payloadString.isPresent()) {
+            Gson json = new Gson();
+            InnerAccessToken payload = json.fromJson(payloadString.get(), InnerAccessToken.class);
+
+            String uidString = payload.jti;
+            String spouseIdString = payload.spouseId;
+            Long expiresAtLong = payload.exp;
+
+            if (uidString == null || uidString.isEmpty()) {
+                throw new IllegalArgumentException("Missing uid");
+            }
+
+            if (spouseIdString == null || spouseIdString.isEmpty()) {
+                throw new IllegalArgumentException("Missing userId");
+            }
+
+            if (expiresAtLong == null) {
+                throw new IllegalArgumentException("expires date is null");
+            }
+
+            UUID uid = UUID.fromString(uidString);
+            UUID spouseId = UUID.fromString(spouseIdString);
+            Date expiresAtDate = new Date(expiresAtLong * 1000);
+
+            return Optional.of(new RefreshToken(uid, spouseId, expiresAtDate));
+        }
+
+        return Optional.empty();
+    }
+
+    public String toTokenString() {
+        Map<String, Object> payload = new HashMap<>();
+
+        payload.put("jti", this.uid.toString());
+        payload.put("spouseId", this.spouseId.toString());
+        payload.put("iat", new Date().getTime() / 1000);
+        payload.put("exp", this.expiresAt.getTime() / 1000);
+
+        return tokenStringHandler.payloadToTokenString(payload);
+    }
+
+    public UUID getUid() {
+        return this.uid;
+    }
+
+    public UUID getSpouseId() {
+        return this.spouseId;
+    }
+
+    public Date getExpiresAt() {
+        return this.expiresAt;
+    }
+
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/token/SimpleTokenStringHandler.java b/securety_api/src/main/java/com/secure_use_api/token/SimpleTokenStringHandler.java
new file mode 100644
index 0000000..e07587d
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/token/SimpleTokenStringHandler.java
@@ -0,0 +1,9 @@
+package com.secure_use_api.token;
+
+import java.util.Map;
+import java.util.Optional;
+
+public interface SimpleTokenStringHandler {
+    Optional<String> payloadFromTokenString(String tokeString);
+    String payloadToTokenString(Map<String,Object> payload);
+}
diff --git a/securety_api/src/main/java/com/secure_use_api/util/Config.java b/securety_api/src/main/java/com/secure_use_api/util/Config.java
new file mode 100644
index 0000000..58e6724
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/util/Config.java
@@ -0,0 +1,36 @@
+package com.secure_use_api.util;
+
+import io.github.cdimascio.dotenv.Dotenv;
+
+public class Config {
+    // Singleton instance
+    private static Config instance;
+    private final Dotenv dotenv;
+
+    private Config() {
+        dotenv = Dotenv.load(); // Load the .env file
+    }
+
+    public static Config getInstance() {
+        if (instance == null) {
+            instance = new Config();
+        }
+        return instance;
+    }
+
+    public String getSecretAccessTokenKey() {
+        return dotenv.get("SECRET_ACCESS_TOKEN_KEY");
+    }
+
+    public String getSecretRefreshTokenKey() {
+        return dotenv.get("SECRET_REFRESH_TOKEN_KEY");
+    }
+
+    public double getRateLimitPerSecond() {
+        return Double.parseDouble(dotenv.get("RATE_LIMIT_PER_SECOND"));
+    }
+
+    public int getResourceLimitPerDay() {
+        return Integer.parseInt(dotenv.get("RESOURCE_LIMIT_PER_DAY"));
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/util/HibernateUtil.java b/securety_api/src/main/java/com/secure_use_api/util/HibernateUtil.java
new file mode 100644
index 0000000..bfaff90
--- /dev/null
+++ b/securety_api/src/main/java/com/secure_use_api/util/HibernateUtil.java
@@ -0,0 +1,25 @@
+package com.secure_use_api.util;
+
+import org.hibernate.Session;
+import org.hibernate.SessionFactory;
+import org.hibernate.cfg.Configuration;
+
+public class HibernateUtil {
+    private static final SessionFactory sessionFactory = buildSessionFactory();
+
+    private static SessionFactory buildSessionFactory() {
+        try {
+            return new Configuration().configure().buildSessionFactory();
+        } catch (Throwable ex) {
+            throw new ExceptionInInitializerError(ex);
+        }
+    }
+
+    public static SessionFactory getSessionFactory() {
+        return sessionFactory;
+    }
+
+    public static Session getCurrentSession() {
+        return getSessionFactory().getCurrentSession();
+    }
+}
\ No newline at end of file
diff --git a/securety_api/src/main/resources/.DS_Store b/securety_api/src/main/resources/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..3ea226f23bb9e0951b4d52005b20f2501d7e98ac
GIT binary patch
literal 6148
zcmeHK&u`N(6n^eXmuN!j0njuF$r9J9bU$EByJTe?xDvz;fJ)LtBap>aldgxVQqJR#
z;mTjazq5VM_F!EH;)D?MtDZmm`8~V-USh{YB>IzNlc-HZ9+a`+qqsr1pLIzZ*3tqB
zJw`@Dim0ND)RMO|{EG~5?j9g#Bm8pY?PvZ9>cTcgCP$P4Ijbp^FLO1Fa}^_wADRPb
z_go8VL>m}I(J}4NCrT*Bc-<?Otv?#`>$NdkRAP4XTn!iJ7hito8&AuT{jcBRQJ$4m
zulHRvR+@KOtKO=&=DiO;s%cn7)uil4<G0*;tyCUg)}#1MmQDxld(Tx-MOl%KbwHM+
zaCvu>6^WYm)uc#D9UGbs&-eU6dwn+Bezx0@o4qIVj-2gn^*VBA`{{h{d-oqb-hVat
zoSzixj7h`mgZD?vU5l5%>swg=X*e!&RUE_4F+P|{=|pFb8CuGacnGhn8A8*EW56+R
z>lv_nj<<H}nQ#O+1{?#|8Q}dvLKy>#wL!ggpwL$UU=wC7sPktb$4HBT#o8cxAi{(K
zO{lO}3}M1ym)0+^SQ|9qB<$rw*qMdBp$I)Y#+TZiL}1XBjseHOA_FU?+2-^A#jo%G
zi$SjC7;p^yR}6^eVR+cblI+>Kv^YL%CG-Q7h5c%SKSEH^M=^Z)C|-wZfn9P17+9<g
R!UAz00-6R_I0pVI0~ap4iv9oq

literal 0
HcmV?d00001

diff --git a/securety_api/src/main/resources/application.properties b/securety_api/src/main/resources/application.properties
new file mode 100644
index 0000000..b0849ed
--- /dev/null
+++ b/securety_api/src/main/resources/application.properties
@@ -0,0 +1,11 @@
+spring.application.name=com.secure_use_api
+
+# Database connection settings
+spring.datasource.url=jdbc:h2:mem:com.secure_use_api
+spring.datasource.driver-class-name=org.h2.Driver
+spring.datasource.username=sa
+spring.datasource.password=
+spring.h2.console.enabled=true
+spring.jpa.hibernate.ddl-auto=update
+
+logging.level.org.springframework.security=TRACE
\ No newline at end of file
diff --git a/securety_api/src/main/resources/logback-spring.xml b/securety_api/src/main/resources/logback-spring.xml
new file mode 100644
index 0000000..6fbf6e5
--- /dev/null
+++ b/securety_api/src/main/resources/logback-spring.xml
@@ -0,0 +1,29 @@
+<configuration>
+    <!-- Include spring console-appendaer to make the rootLogger use this ones CONSOLE appender with nice coloring -->
+    <include resource="org/springframework/boot/logging/logback/defaults.xml" />
+    <include resource="org/springframework/boot/logging/logback/console-appender.xml" />
+
+    <!-- Rolling File Appender for filter logs -->
+    <appender name="AUDIT_LOGS" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/filter-logs.log</file>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>logs/requests.%d{yyyy-MM-dd}.log</fileNamePattern>
+            <maxHistory>15</maxHistory> <!-- Keep logs for 15 days -->
+            <totalSizeCap>1GB</totalSizeCap> <!-- Limit total size of log files -->
+        </rollingPolicy>
+        <encoder>
+            <pattern>%msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <!-- Logger for the AuditLogMiddleware -->
+    <logger name="com.secure_use_api.rest.middleware.AuditLogMiddleware" level="INFO"
+        additivity="false">
+        <appender-ref ref="AUDIT_LOGS" />
+    </logger>
+
+    <!-- Root logger for all other logs (including Spring logs) -->
+    <root level="INFO">
+        <appender-ref ref="CONSOLE" />
+    </root>
+</configuration>
\ No newline at end of file
diff --git a/securety_api/src/main/resources/templates/hello.html b/securety_api/src/main/resources/templates/hello.html
new file mode 100644
index 0000000..8cb9705
--- /dev/null
+++ b/securety_api/src/main/resources/templates/hello.html
@@ -0,0 +1,12 @@
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <meta charset="UTF-8" />
+    <title></title>
+</head>
+<body>
+<p>
+    <span th:text="${hello}">Hello!</span>
+</p>
+</body>
+</html>
\ No newline at end of file
diff --git a/securety_api/src/test/.DS_Store b/securety_api/src/test/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..8077d8a7acaa2aac0df423b804b1ccf1510c9931
GIT binary patch
literal 8196
zcmeHM%}*0S6n_IKTM@hRAs-i;G$tO1mJj&|2WzPz#3+OkgaFpvb}1{{oo07i1VYja
z2leD1;2+>cZ^n}s4<0;g;>C+s4<5bgo0)BCwh$$LAaPzY^Lu^s-puT8XJ+?p0e~cm
z*?xd-08p?nR9mpxM_4;6b<*Hl!iWUpValQz-J&}FR_nZ_K{6m2kPJu$Bm<Ixe}Msf
zW;0O^c<zf<SxW{a1OFuh?0kq|VHo$ZERY`^Sn(79u?fvwQ0K4yh!JK$jQdy?h!zwg
zLJ>tM@ly=qXAVS!V|(29FAEgmK={bmk3TZ;GZf+{9wfrufy4#MS~4IRsAquX?oDtH
zG$?@<$ltGF+of+@cwp5}-*5|lp8rxWSf=a6V(&>qW7CO~%}TS<qO7FW=tj!ZyrP@X
zoF(>aj#5jn=$bxn8XIY~V}jbAX4;0s1I(;}F3Yz~J4-hbv}k8t9-9&kN=ON%)$Z->
zE2G1Gk-^cioxaHS*g&i=GBh~6vlCJ}qnF2L)9Y5=rVquX692e>R`I)9KSHf~J*AXm
zThz{>jrli20VufOK^}RrCue73Mb~q9#4WVs!Kn8NaQ6&79@KCb=<}!<92!B^1_nod
zk-@-KnVFKmF34_WU3{#pi_oc-)2(O1>e+BxxV^ojQ|;>RNvrL;mRZj^>|Re$i#iFb
zXr$G!iz{X-L+u&IDB((3@QnLj%G|=Hwm`tFk-f8Ln%gX(Psg5tcRJ}9hP{+?%<S~)
zs%v-)HTvQ*AImfHQ}!yw{@Hlb1<$0mJ8w8H;)<o|hBa*`sOQoAqUJc7oih@f3ntEx
z&5C!IDrgzg&PA_&!CQ|KipDPrO@*jX@LgLap*dU28`1cTutnoH{6+;Xz&PB5d02-n
zcnnYADZGHU@Bu!-XZT78X&^16m7F78q=)p9^ThAJp|Z$(E5isR_<=9Dn5|rYDns*y
z8qdH@%+qAj-`vW(-B-J>lW*8TQ0JBX39rK1k46h@y%0FKxm?_SMbt7(4{WUGIG5T(
zX`hIr-dw-wc-rU60&LaXM5#&!4$DBJ2<T?{|Mi2v{~xwn=`R_O3>+f{NK-PEOyGno
z?-9Ydvs^oZ<t`Q`%&#nvhhW9iaYUYuBUb+~L_LD8EGF(_Ss+?a{`!Z2W0Ri9=RaQ{
Jvic(od<V|1x_bZs

literal 0
HcmV?d00001

diff --git a/securety_api/src/test/java/.DS_Store b/securety_api/src/test/java/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..2120347adc86205738e61cb8696666c669928448
GIT binary patch
literal 6148
zcmeHK!AiqG5Z!I7O(;SS3OxqA7OhrGi<cPd!K)EHsMMq>8ceg&q~=fxIqMJkCH{`i
z>~4foy?78TGcfx$vojm!ZP>{$#<(*L_86-(#tcxzk_p2%g6pVDQqq<(Ajdt#(2s-<
zPq-b)e_#O5uFQr^u<=>6aDK<IvhyKDCZfIkEP2wW{N_JJVUo65@4Qs5tgTm#s!=m;
z-3O7msh3U@$D3T^(}fU`U(7xKG8|=t`sRs<Q!k816B!T&BXGI73gbXzj+n+lB4b^(
zV3>wEs5fS_!)~W(wY$A})0*}6TTSbr-I>o#V{3c&=zQ=Pjbrhmi0AN4O4-m@z$;92
zHqY)PjzoM9mcqO6A|wWg0b*cv8PGSLQCr;<DKlb#82BXvct2R6h_=RDp}aa^kSzdU
z1<X=lE`R<3Ei?ey8gqqU0pThXP=#{cVsPC%a1{>gw)W2zs&K~Tn_(aQX0AIFu3Hao
zNq5F=g)|Za#K0m0*!zLhvHqX_-2Y1_8i)a6U^N-wmA>0|AU9oGm$JlKYk}T@qM%={
m@GAr+vJ`_amf{Ae6tG)30kk#d3c&(GKLU~l8i;{EW#AL?j#AwK

literal 0
HcmV?d00001

diff --git a/securety_api/src/test/java/com/.DS_Store b/securety_api/src/test/java/com/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..6be1c0d5bbbc408f205de4056d5e5bbbb8784026
GIT binary patch
literal 6148
zcmeHK!A{#i5S<MvI6|#*0Ey#DTq8(Ji$GjVfCE>I%7IqKCQ)l)yiuHxLlntp_#wW8
z-+?!~8$?A*Z!N9nNwaUfJF~XmTDu-1Qk_xvJyDa00vL0xf#xURakgiu`JOqjvU3cm
zM=_141PlHJ1$gb=+4VZdx;<ULm=fw!c9@&<G&d>Y_#@ect=(I|`%P{-F8e<BHtpwG
zIc&G@RBf*QW_}@92o{5{(RVYBhRJYLc9Ov<UmY8hr!zlEKWDvh++5l-#W2Z=-oPeg
z-5x@|oMc7Uj5}sjbW58Xxq+Y&G~(vUWb$civ!yq-wx=yU+5XUO>5m(m(`h4EUR~cg
ziZAlZ!d%<8AcgPO;;rWy-N1QKpQ~t4<fizBxY-=DTwzf_6c7bos{($%3Kn1M1IlxW
z0;0fQQ-Jpe4Py>HSB~x0fyR~q;5xc3;PY=H=V;HN=gKig0OeA_E>-ywL%DSHYabVS
zt{l5`Qoi_5{?5u*D9YX)^J^PUDs(KZC?E>_r~ub~K$Fk^gJ0MGHb@##Kos~t6;Sp4
zXupGZ^JnX`x8$={!_Hs~j;kC$rogdBF=F{BUV&MlU$X-aJy(v=1IUknl|dR&;EyWs
E0A$r*rvLx|

literal 0
HcmV?d00001

diff --git a/securety_api/src/test/java/com/secure_use_api/SecureUseAppiApplicationTests.java b/securety_api/src/test/java/com/secure_use_api/SecureUseAppiApplicationTests.java
new file mode 100644
index 0000000..9f82515
--- /dev/null
+++ b/securety_api/src/test/java/com/secure_use_api/SecureUseAppiApplicationTests.java
@@ -0,0 +1,13 @@
+package com.secure_use_api;
+
+import org.junit.jupiter.api.Test;
+import org.springframework.boot.test.context.SpringBootTest;
+
+@SpringBootTest
+class SecureUseApiApplicationTests {
+
+	@Test
+	void contextLoads() {
+	}
+
+}
diff --git a/securety_api/src/test/postman/.DS_Store b/securety_api/src/test/postman/.DS_Store
new file mode 100644
index 0000000000000000000000000000000000000000..bc42af5a44daaf3aaae80585323fa7b7e970c5eb
GIT binary patch
literal 6148
zcmeHKyG{c^3>-s>NHi%a_X|$q4~|nPQU?kuAb|pO$)b=Hbo)bmBaGJu>BQ9$LiWi!
zUa!56k!~LVq&qxb05bqns-mbdBI+J(I`Lp3QrSm`2Q;|EE1pL>`im}|dxINnIpbz9
z|0SNV#sNFF?D39k*57C~TwSi#hO6D;j!_vsKaJlrI@8<Wg)y`ieO|Bnyy7@Y@(1<y
zvkI+{U?3O>27-ZL;P?#a*+-e48Acfl1Ovgq4+FYCB&uTTSPbjd!J<9^h!eW2(AI0N
z<|N0~u^6(2B9=<DRPiT<SUUa5<66gJXz37te29<y{dkc&I{QyG9MT#_84LsiLk3Q*
zI@9z2ioeY0BY&6@wO}9^_-72rWWJntT$G=!zm}(GZKB>&RWz=sL7_dk1hAs}$a!tF
b_M|rBTE}9jy{NyY6XPOK35g;YI06G-7+olV

literal 0
HcmV?d00001

diff --git a/securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_collection.json b/securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_collection.json
new file mode 100644
index 0000000..9a9b7df
--- /dev/null
+++ b/securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_collection.json
@@ -0,0 +1,1551 @@
+{
+	"info": {
+		"_postman_id": "53687375-8243-4fe8-98d1-543e1f899f2d",
+		"name": "Uni.Ba.ApiSecurityTest",
+		"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
+		"_exporter_id": "17943160"
+	},
+	"item": [
+		{
+			"name": "RegisterUserSuccess",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test(\"Response Content-Type is application/json\", function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"});",
+							"",
+							"pm.test('Response contains required fields: id and actionType', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('id', 'actionType');",
+							"})",
+							"",
+							"pm.test('The id must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.id).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'Value should not be empty');",
+							"})",
+							"",
+							"pm.test('ActionType must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.actionType).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'Value should not be empty');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Authorization",
+						"value": "Bearer xyz",
+						"type": "text",
+						"disabled": true
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n    \"email\": \"{{UserEmail}}\",\n    \"password\": \"{{UserPassword}}\"\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{Host}}/auth/register",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"register"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "RegisterUserFail",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.response.to.have.status(400)",
+							"pm.test('Response status code is 400', function () {",
+							"    pm.expect(pm.response.code).to.eql(400);",
+							"})",
+							"",
+							"pm.test('Response content type is application/problem+json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/problem+json');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Authorization",
+						"value": "Bearer xyz",
+						"type": "text",
+						"disabled": true
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n    \"email\": \"{{UserEmail}}\",\n    \"password\": \"{{UserPassword}}\"\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{Host}}/auth/register",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"register"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "HelloAuthenticatedFail",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 401', function () {",
+							"    pm.expect(pm.response.code).to.eql(401);",
+							"})",
+							"",
+							"pm.test('Response content type is application/problem+json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/problem+json');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "noauth"
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/auth",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "LoginUserFail",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.response.to.have.status(400)",
+							"pm.test('Response status code is 400', function () {",
+							"    pm.expect(pm.response.code).to.eql(400);",
+							"})",
+							"",
+							"pm.test('Response content type is application/problem+json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/problem+json');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n    \"email\": \"{{UserEmail}}\",\n    \"password\": \"wrongPassword\"\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{Host}}/auth/login",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"login"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "LoginUserSuccess",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test(\"Response Content-Type is application/json\", function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"});",
+							"",
+							"pm.test('Response has required fields', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('token', 'refreshToken');",
+							"})",
+							"",
+							"pm.test('Token must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.token).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'Token should not be empty');",
+							"})",
+							"",
+							"pm.test('The refreshToken must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.refreshToken).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'Value should not be empty');",
+							"})",
+							"",
+							"const accessToken = pm.response.json().token",
+							"const refreshToken = pm.response.json().refreshToken",
+							"",
+							"pm.collectionVariables.set(\"AccessToken\", accessToken)",
+							"pm.collectionVariables.set(\"RefreshToken\", refreshToken)"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n    \"email\": \"{{UserEmail}}\",\n    \"password\": \"{{UserPassword}}\"\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{Host}}/auth/login",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"login"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "HelloAuthenticatedSuccess",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/auth/",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						""
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "RefreshAccessToken",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test(\"Response status code is 200\", function () {",
+							"    pm.expect(pm.response.code).to.eql(200);",
+							"});",
+							"",
+							"pm.test(\"Response Content-Type is application/json\", function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"});",
+							"",
+							"pm.test(\"Response has required fields: token and refreshToken\", function () {",
+							"    const responseData = pm.response.json();",
+							"    ",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('token', 'refreshToken');",
+							"});",
+							"",
+							"pm.test(\"Token is a non-empty string\", function () {",
+							"    const responseData = pm.response.json();",
+							"    ",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.token).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, \"Token should not be empty\");",
+							"});",
+							"",
+							"pm.test(\"RefreshToken must be a non-empty string\", function () {",
+							"    const responseData = pm.response.json();",
+							"    ",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.refreshToken).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, \"Value should not be empty\");",
+							"});",
+							"",
+							"const accessToken = pm.response.json().token",
+							"const refreshToken = pm.response.json().refreshToken",
+							"",
+							"pm.collectionVariables.set(\"AccessToken\", accessToken)",
+							"pm.collectionVariables.set(\"RefreshToken\", refreshToken)"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "PUT",
+				"header": [],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n    \"refreshToken\": \"{{RefreshToken}}\"\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{Host}}/auth/login",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"login"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "HelloAuthenticatedSuccess",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/auth/",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						""
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "GetAllApiTokensEmpty",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test('Response content type is application/json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"})",
+							"",
+							"pm.test('Response is an array', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('array');",
+							"})",
+							"",
+							"pm.test('The response array must be empty', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('array').that.is.empty;",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/api/getAll",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"api",
+						"getAll"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "CreateApiToken",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test(\"Response Content-Type is application/json\", function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"});",
+							"",
+							"pm.test('Response has required fields: token and refreshToken', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('token', 'refreshToken');",
+							"})",
+							"",
+							"pm.test('Token is a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.token).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'Token should not be empty');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "POST",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/api/create",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"api",
+						"create"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "GetAllApiTokensNotEmpty",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test(\"Response status code is 200\", function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"});",
+							"",
+							"pm.test(\"Response Content-Type is application/json\", function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"});",
+							"",
+							"pm.test(\"Response is an array\", function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('array');",
+							"});",
+							"",
+							"",
+							"pm.test(\"Response array is not empty\", function () {",
+							"    const responseData = pm.response.json();",
+							"    ",
+							"    pm.expect(responseData).to.be.an('array').that.is.not.empty;",
+							"});",
+							"",
+							"pm.test(\"Each item in the response array is a non-empty string\", function () {",
+							"    const responseData = pm.response.json();",
+							"    ",
+							"    pm.expect(responseData).to.be.an('array');",
+							"    responseData.forEach(item => {",
+							"        pm.expect(item).to.be.a('string').and.to.have.lengthOf.at.least(1, \"Value should not be empty\");",
+							"    });",
+							"});",
+							"",
+							"const apiToken = pm.response.json()[0]",
+							"",
+							"pm.environment.set(\"ApiToken\", apiToken)"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/api/getAll",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"api",
+						"getAll"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "HelloAuthenticatedApiTokenSuccess",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{ApiToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/auth/",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						""
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "DeleteUserFailPermission",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 403', function () {",
+							"    pm.expect(pm.response.code).to.eql(403);",
+							"})",
+							"",
+							"pm.test('Response content type is application/problem+json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/problem+json');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{ApiToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "DELETE",
+				"header": [
+					{
+						"key": "Authorization",
+						"value": "Bearer xyz",
+						"type": "text",
+						"disabled": true
+					}
+				],
+				"url": {
+					"raw": "{{Host}}/auth/delete",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"delete"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "DeleteApiTokenFailPermission",
+			"event": [
+				{
+					"listen": "prerequest",
+					"script": {
+						"exec": [
+							"function parseJwt (token) {",
+							"    const base64Url = token.split('.')[1]; // get payload part",
+							"    const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/');",
+							"    const jsonPayload = decodeURIComponent(",
+							"        atob(base64)",
+							"            .split('')",
+							"            .map(c => `%${('00' + c.charCodeAt(0).toString(16)).slice(-2)}`)",
+							"            .join('')",
+							"    );",
+							"    return JSON.parse(jsonPayload);",
+							"}",
+							"",
+							"const apiToken = pm.environment.get(\"ApiToken\");",
+							"",
+							"const apiTokenId = parseJwt(apiToken).jti;",
+							"",
+							"pm.environment.set(\"ApiTokenId\", apiTokenId);"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				},
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 403', function () {",
+							"    pm.expect(pm.response.code).to.equal(403);",
+							"})",
+							"",
+							"pm.test('Response content type is application/problem+json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/problem+json');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{ApiToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "DELETE",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/api/delete/{{ApiTokenId}}",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"api",
+						"delete",
+						"{{ApiTokenId}}"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "DeleteApiToken",
+			"event": [
+				{
+					"listen": "prerequest",
+					"script": {
+						"exec": [
+							""
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				},
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test('Content-Type is application/json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"})",
+							"",
+							"pm.test('Response contains the required fields', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('id', 'actionType');",
+							"})",
+							"",
+							"pm.test('ActionType must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.actionType).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'ActionType should not be empty');",
+							"})",
+							"",
+							"pm.environment.unset(\"ApiToken\")",
+							"pm.environment.unset(\"ApiTokenId\")",
+							""
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "DELETE",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/api/delete/{{ApiTokenId}}",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"api",
+						"delete",
+						"{{ApiTokenId}}"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "GetAllApiTokensEmpty",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test('Response content type is application/json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"})",
+							"",
+							"pm.test('Response is an array', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('array');",
+							"})",
+							"",
+							"pm.test('The response array must be empty', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('array').that.is.empty;",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/api/getAll",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"api",
+						"getAll"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "HelloAuthenticatedApiTokenFail",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 401', function () {",
+							"    pm.expect(pm.response.code).to.equal(401);",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{ApiToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/auth/",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						""
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "ResourceLimit",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test('Response content type is application/json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"})",
+							"",
+							"pm.test('Response has required fields: time and unitType', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('time', 'unitType');",
+							"})",
+							"",
+							"pm.test('Time is not zero and a non-negative integer', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.time).to.be.a('number').and.to.be.at.least(1);",
+							"})",
+							"",
+							"pm.test('UnitType must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.unitType).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'UnitType should not be empty');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/user/resourceLimit",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"user",
+						"resourceLimit"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "LongRunningTask",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test(`Request duration is at least 20 seconds`, function () {",
+							"    pm.expect(pm.response.responseTime).to.be.at.least(20000);",
+							"});"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/user/longRun",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"user",
+						"longRun"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "ResourceLimit",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test('Response content type is application/json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"})",
+							"",
+							"pm.test('Response has required fields: time and unitType', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('time', 'unitType');",
+							"})",
+							"",
+							"pm.test('Time is not zero and a non-negative integer', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.time).to.be.a('number').and.to.be.at.least(1);",
+							"})",
+							"",
+							"pm.test('UnitType must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.unitType).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'UnitType should not be empty');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/user/resourceLimit",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"user",
+						"resourceLimit"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "LongRunningTaskSecond",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test(`Request duration is at least 20 seconds`, function () {",
+							"    pm.expect(pm.response.responseTime).to.be.at.least(20000);",
+							"});"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/user/longRun",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"user",
+						"longRun"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "LongRunningTaskThird",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test(`Request duration is at least 20 seconds`, function () {",
+							"    pm.expect(pm.response.responseTime).to.be.at.least(20000);",
+							"});"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/user/longRun",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"user",
+						"longRun"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "LongRunningTaskFailPermission",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 403', function () {",
+							"    pm.expect(pm.response.code).to.eql(403);",
+							"})",
+							"",
+							"pm.test('Response content type is application/problem+json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/problem+json');",
+							"})",
+							"",
+							"pm.test(`Request duration is less than 20 seconds`, function () {",
+							"    pm.expect(pm.response.responseTime).to.be.not.greaterThanOrEqual(20000);",
+							"});"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/user/longRun",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"user",
+						"longRun"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "ResourceLimit",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test(\"Response Content-Type is application/json\", function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"});",
+							"",
+							"pm.test('Response contains required fields: time and unitType', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('time', 'unitType');",
+							"})",
+							"",
+							"pm.test('Time is a zero or a negativ integer', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.time).to.be.a('number').and.to.be.lessThanOrEqual(0);",
+							"})",
+							"",
+							"pm.test('UnitType must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.unitType).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'Value should not be empty');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "{{Host}}/user/resourceLimit",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"user",
+						"resourceLimit"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "DeleteUser",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 200', function () {",
+							"    pm.expect(pm.response.code).to.equal(200);",
+							"})",
+							"",
+							"pm.test(\"Response Content-Type is application/json\", function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/json');",
+							"});",
+							"",
+							"pm.test('Response contains the required fields', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData).to.have.all.keys('id', 'actionType');",
+							"})",
+							"",
+							"pm.test('ActionType must be a non-empty string', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.actionType).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'ActionType should not be empty');",
+							"})",
+							"",
+							"pm.collectionVariables.unset(\"AccessToken\")",
+							"pm.collectionVariables.unset(\"RefreshToken\")"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "DELETE",
+				"header": [
+					{
+						"key": "Authorization",
+						"value": "Bearer xyz",
+						"type": "text",
+						"disabled": true
+					}
+				],
+				"url": {
+					"raw": "{{Host}}/auth/delete",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"delete"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "LoginUserFail",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 400', function () {",
+							"    pm.expect(pm.response.code).to.equal(400);",
+							"})",
+							"",
+							"pm.test('Response content type is application/problem+json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/problem+json');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n    \"email\": \"{{UserEmail}}\",\n    \"password\": \"{{UserPassword}}\"\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{Host}}/auth/login",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"login"
+					]
+				}
+			},
+			"response": []
+		}
+	],
+	"event": [
+		{
+			"listen": "prerequest",
+			"script": {
+				"type": "text/javascript",
+				"packages": {},
+				"requests": {},
+				"exec": [
+					""
+				]
+			}
+		},
+		{
+			"listen": "test",
+			"script": {
+				"type": "text/javascript",
+				"packages": {},
+				"requests": {},
+				"exec": [
+					""
+				]
+			}
+		}
+	],
+	"variable": [
+		{
+			"key": "Host",
+			"value": "127.0.0.1:8080"
+		},
+		{
+			"key": "UserEmail",
+			"value": "apiUser@hello.com"
+		},
+		{
+			"key": "UserPassword",
+			"value": "SecurePassword"
+		},
+		{
+			"key": "AccessToken",
+			"value": ""
+		},
+		{
+			"key": "RefreshToken",
+			"value": ""
+		},
+		{
+			"key": "ApiToken",
+			"value": ""
+		},
+		{
+			"key": "ApiTokenId",
+			"value": ""
+		}
+	]
+}
\ No newline at end of file
diff --git a/securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_test_run.json b/securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_test_run.json
new file mode 100644
index 0000000..409cf7c
--- /dev/null
+++ b/securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_test_run.json
@@ -0,0 +1,1784 @@
+{
+	"id": "95fff205-c3c4-445e-82aa-5af17b63047c",
+	"name": "Uni.Ba.ApiSecurityTest",
+	"timestamp": "2025-09-28T00:10:08.992Z",
+	"collection_id": "17943160-53687375-8243-4fe8-98d1-543e1f899f2d",
+	"folder_id": 0,
+	"environment_id": "0",
+	"totalPass": 400,
+	"delay": 0,
+	"persist": true,
+	"status": "finished",
+	"startedAt": "2025-09-28T00:04:22.434Z",
+	"totalFail": 0,
+	"results": [
+		{
+			"id": "15986188-ab75-40be-8bdb-79f41bf87a1a",
+			"name": "RegisterUserSuccess",
+			"url": "127.0.0.1:8080/auth/register",
+			"time": 2584,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response Content-Type is application/json": true,
+				"Response contains required fields: id and actionType": true,
+				"The id must be a non-empty string": true,
+				"ActionType must be a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response Content-Type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response contains required fields: id and actionType": {
+					"pass": 5,
+					"fail": 0
+				},
+				"The id must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				},
+				"ActionType must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				3115,
+				1840,
+				1760,
+				2088,
+				2584
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: id and actionType": true,
+					"The id must be a non-empty string": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: id and actionType": true,
+					"The id must be a non-empty string": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: id and actionType": true,
+					"The id must be a non-empty string": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: id and actionType": true,
+					"The id must be a non-empty string": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: id and actionType": true,
+					"The id must be a non-empty string": true,
+					"ActionType must be a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "6e7bde1a-79e0-4ffe-8dea-8c91a902b1d5",
+			"name": "RegisterUserFail",
+			"url": "127.0.0.1:8080/auth/register",
+			"time": 87,
+			"responseCode": {
+				"code": 400,
+				"name": "Bad Request"
+			},
+			"tests": {
+				"Response status code is 400": true,
+				"Response content type is application/problem+json": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 400": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/problem+json": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				135,
+				29,
+				25,
+				30,
+				87
+			],
+			"allTests": [
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				}
+			]
+		},
+		{
+			"id": "8a3bc1df-b648-438c-80a8-d06ef6a9a382",
+			"name": "HelloAuthenticatedFail",
+			"url": "127.0.0.1:8080/auth",
+			"time": 30,
+			"responseCode": {
+				"code": 401,
+				"name": "Unauthorized"
+			},
+			"tests": {
+				"Response status code is 401": true,
+				"Response content type is application/problem+json": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 401": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/problem+json": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				144,
+				26,
+				15,
+				18,
+				30
+			],
+			"allTests": [
+				{
+					"Response status code is 401": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 401": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 401": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 401": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 401": true,
+					"Response content type is application/problem+json": true
+				}
+			]
+		},
+		{
+			"id": "a28f4dde-4e32-43be-9914-b97c1058e54d",
+			"name": "LoginUserFail",
+			"url": "127.0.0.1:8080/auth/login",
+			"time": 1648,
+			"responseCode": {
+				"code": 400,
+				"name": "Bad Request"
+			},
+			"tests": {
+				"Response status code is 400": true,
+				"Response content type is application/problem+json": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 400": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/problem+json": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				2518,
+				2451,
+				1853,
+				1601,
+				1648
+			],
+			"allTests": [
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				}
+			]
+		},
+		{
+			"id": "fbd12ddf-939c-4266-aa77-2442fe55c2df",
+			"name": "LoginUserSuccess",
+			"url": "127.0.0.1:8080/auth/login",
+			"time": 1622,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response Content-Type is application/json": true,
+				"Response has required fields": true,
+				"Token must be a non-empty string": true,
+				"The refreshToken must be a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response Content-Type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response has required fields": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Token must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				},
+				"The refreshToken must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				2556,
+				1604,
+				1606,
+				1891,
+				1622
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields": true,
+					"Token must be a non-empty string": true,
+					"The refreshToken must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields": true,
+					"Token must be a non-empty string": true,
+					"The refreshToken must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields": true,
+					"Token must be a non-empty string": true,
+					"The refreshToken must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields": true,
+					"Token must be a non-empty string": true,
+					"The refreshToken must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields": true,
+					"Token must be a non-empty string": true,
+					"The refreshToken must be a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "ecb38d56-b671-47a9-9adf-886211b4b5a0",
+			"name": "HelloAuthenticatedSuccess",
+			"url": "127.0.0.1:8080/auth/",
+			"time": 22,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				86,
+				18,
+				26,
+				18,
+				22
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				}
+			]
+		},
+		{
+			"id": "7fdf3024-02e5-43e3-89a6-12e0f0474377",
+			"name": "RefreshAccessToken",
+			"url": "127.0.0.1:8080/auth/login",
+			"time": 29,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response Content-Type is application/json": true,
+				"Response has required fields: token and refreshToken": true,
+				"Token is a non-empty string": true,
+				"RefreshToken must be a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response Content-Type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response has required fields: token and refreshToken": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Token is a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				},
+				"RefreshToken must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				80,
+				40,
+				47,
+				43,
+				29
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true,
+					"RefreshToken must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true,
+					"RefreshToken must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true,
+					"RefreshToken must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true,
+					"RefreshToken must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true,
+					"RefreshToken must be a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "72d7b0c0-7c32-4c81-9210-576734e41136",
+			"name": "HelloAuthenticatedSuccess",
+			"url": "127.0.0.1:8080/auth/",
+			"time": 13,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				43,
+				21,
+				31,
+				19,
+				13
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				}
+			]
+		},
+		{
+			"id": "e609169d-9e3a-4867-8aaa-1edb98a2ce7c",
+			"name": "GetAllApiTokensEmpty",
+			"url": "127.0.0.1:8080/api/getAll",
+			"time": 30,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response content type is application/json": true,
+				"Response is an array": true,
+				"The response array must be empty": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response is an array": {
+					"pass": 5,
+					"fail": 0
+				},
+				"The response array must be empty": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				68,
+				29,
+				33,
+				22,
+				30
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				}
+			]
+		},
+		{
+			"id": "9c133ae9-c512-49bd-b34b-472f2d7898de",
+			"name": "CreateApiToken",
+			"url": "127.0.0.1:8080/api/create",
+			"time": 18,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response Content-Type is application/json": true,
+				"Response has required fields: token and refreshToken": true,
+				"Token is a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response Content-Type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response has required fields: token and refreshToken": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Token is a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				152,
+				28,
+				26,
+				35,
+				18
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response has required fields: token and refreshToken": true,
+					"Token is a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "031eeba4-d034-4cb1-8616-f6c96824e98d",
+			"name": "GetAllApiTokensNotEmpty",
+			"url": "127.0.0.1:8080/api/getAll",
+			"time": 20,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response Content-Type is application/json": true,
+				"Response is an array": true,
+				"Response array is not empty": true,
+				"Each item in the response array is a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response Content-Type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response is an array": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response array is not empty": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Each item in the response array is a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				30,
+				26,
+				36,
+				33,
+				20
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response is an array": true,
+					"Response array is not empty": true,
+					"Each item in the response array is a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response is an array": true,
+					"Response array is not empty": true,
+					"Each item in the response array is a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response is an array": true,
+					"Response array is not empty": true,
+					"Each item in the response array is a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response is an array": true,
+					"Response array is not empty": true,
+					"Each item in the response array is a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response is an array": true,
+					"Response array is not empty": true,
+					"Each item in the response array is a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "b7a045b5-29a4-4bea-bf91-2c12cc2cba86",
+			"name": "HelloAuthenticatedApiTokenSuccess",
+			"url": "127.0.0.1:8080/auth/",
+			"time": 25,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				102,
+				24,
+				42,
+				25,
+				25
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				},
+				{
+					"Response status code is 200": true
+				}
+			]
+		},
+		{
+			"id": "ff1f6e83-0c74-4652-9c50-eb981a014315",
+			"name": "DeleteUserFailPermission",
+			"url": "127.0.0.1:8080/auth/delete",
+			"time": 32,
+			"responseCode": {
+				"code": 403,
+				"name": "Forbidden"
+			},
+			"tests": {
+				"Response status code is 403": true,
+				"Response content type is application/problem+json": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 403": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/problem+json": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				528,
+				22,
+				43,
+				23,
+				32
+			],
+			"allTests": [
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				}
+			]
+		},
+		{
+			"id": "3c71f887-7c04-44c5-80f0-beedaaca8aae",
+			"name": "DeleteApiTokenFailPermission",
+			"url": "127.0.0.1:8080/api/delete/b2686d54-52e6-4800-803d-996312c4c434",
+			"time": 30,
+			"responseCode": {
+				"code": 403,
+				"name": "Forbidden"
+			},
+			"tests": {
+				"Response status code is 403": true,
+				"Response content type is application/problem+json": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 403": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/problem+json": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				100,
+				16,
+				181,
+				13,
+				30
+			],
+			"allTests": [
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true
+				}
+			]
+		},
+		{
+			"id": "673dd18c-8143-4423-9734-71dcc4e76425",
+			"name": "DeleteApiToken",
+			"url": "127.0.0.1:8080/api/delete/b2686d54-52e6-4800-803d-996312c4c434",
+			"time": 29,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Content-Type is application/json": true,
+				"Response contains the required fields": true,
+				"ActionType must be a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Content-Type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response contains the required fields": {
+					"pass": 5,
+					"fail": 0
+				},
+				"ActionType must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				149,
+				26,
+				17,
+				19,
+				29
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "4a4a3c7e-38a6-46cd-ae02-6161f6cd99b9",
+			"name": "GetAllApiTokensEmpty",
+			"url": "127.0.0.1:8080/api/getAll",
+			"time": 21,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response content type is application/json": true,
+				"Response is an array": true,
+				"The response array must be empty": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response is an array": {
+					"pass": 5,
+					"fail": 0
+				},
+				"The response array must be empty": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				268,
+				16,
+				11,
+				18,
+				21
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response is an array": true,
+					"The response array must be empty": true
+				}
+			]
+		},
+		{
+			"id": "e507a9a5-2232-4d6d-9cd8-8d17b92eda67",
+			"name": "HelloAuthenticatedApiTokenFail",
+			"url": "127.0.0.1:8080/auth/",
+			"time": 11,
+			"responseCode": {
+				"code": 401,
+				"name": "Unauthorized"
+			},
+			"tests": {
+				"Response status code is 401": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 401": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				66,
+				13,
+				22,
+				18,
+				11
+			],
+			"allTests": [
+				{
+					"Response status code is 401": true
+				},
+				{
+					"Response status code is 401": true
+				},
+				{
+					"Response status code is 401": true
+				},
+				{
+					"Response status code is 401": true
+				},
+				{
+					"Response status code is 401": true
+				}
+			]
+		},
+		{
+			"id": "6e232a81-8191-43b7-b9a2-84742b7fd851",
+			"name": "ResourceLimit",
+			"url": "127.0.0.1:8080/user/resourceLimit",
+			"time": 28,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response content type is application/json": true,
+				"Response has required fields: time and unitType": true,
+				"Time is not zero and a non-negative integer": true,
+				"UnitType must be a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response has required fields: time and unitType": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Time is not zero and a non-negative integer": {
+					"pass": 5,
+					"fail": 0
+				},
+				"UnitType must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				81,
+				23,
+				19,
+				21,
+				28
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "59381005-fa78-4884-a913-2dd7eb478179",
+			"name": "LongRunningTask",
+			"url": "127.0.0.1:8080/user/longRun",
+			"time": 21742,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Request duration is at least 20 seconds": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Request duration is at least 20 seconds": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				20188,
+				20031,
+				20038,
+				20038,
+				21742
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				}
+			]
+		},
+		{
+			"id": "6e7756d0-501e-4aa6-addd-58e621113dbc",
+			"name": "ResourceLimit",
+			"url": "127.0.0.1:8080/user/resourceLimit",
+			"time": 603,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response content type is application/json": true,
+				"Response has required fields: time and unitType": true,
+				"Time is not zero and a non-negative integer": true,
+				"UnitType must be a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response has required fields: time and unitType": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Time is not zero and a non-negative integer": {
+					"pass": 5,
+					"fail": 0
+				},
+				"UnitType must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				71,
+				84,
+				37,
+				35,
+				603
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response content type is application/json": true,
+					"Response has required fields: time and unitType": true,
+					"Time is not zero and a non-negative integer": true,
+					"UnitType must be a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "c4310c60-8b5d-453f-8393-a5aa5ad70648",
+			"name": "LongRunningTaskSecond",
+			"url": "127.0.0.1:8080/user/longRun",
+			"time": 20192,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Request duration is at least 20 seconds": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Request duration is at least 20 seconds": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				20051,
+				20058,
+				20041,
+				20047,
+				20192
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				}
+			]
+		},
+		{
+			"id": "c2812d37-ceeb-48be-bb04-256ca59993b4",
+			"name": "LongRunningTaskThird",
+			"url": "127.0.0.1:8080/user/longRun",
+			"time": 20145,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Request duration is at least 20 seconds": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Request duration is at least 20 seconds": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				20072,
+				20034,
+				20102,
+				20079,
+				20145
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				},
+				{
+					"Response status code is 200": true,
+					"Request duration is at least 20 seconds": true
+				}
+			]
+		},
+		{
+			"id": "1443c123-d96e-4559-86d6-0a5cf76c5abf",
+			"name": "LongRunningTaskFailPermission",
+			"url": "127.0.0.1:8080/user/longRun",
+			"time": 44,
+			"responseCode": {
+				"code": 403,
+				"name": "Forbidden"
+			},
+			"tests": {
+				"Response status code is 403": true,
+				"Response content type is application/problem+json": true,
+				"Request duration is less than 20 seconds": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 403": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/problem+json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Request duration is less than 20 seconds": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				37,
+				33,
+				60,
+				21,
+				44
+			],
+			"allTests": [
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true,
+					"Request duration is less than 20 seconds": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true,
+					"Request duration is less than 20 seconds": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true,
+					"Request duration is less than 20 seconds": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true,
+					"Request duration is less than 20 seconds": true
+				},
+				{
+					"Response status code is 403": true,
+					"Response content type is application/problem+json": true,
+					"Request duration is less than 20 seconds": true
+				}
+			]
+		},
+		{
+			"id": "7630449b-537e-4c0b-912e-57cbbef7c341",
+			"name": "ResourceLimit",
+			"url": "127.0.0.1:8080/user/resourceLimit",
+			"time": 30,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response Content-Type is application/json": true,
+				"Response contains required fields: time and unitType": true,
+				"Time is a zero or a negativ integer": true,
+				"UnitType must be a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response Content-Type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response contains required fields: time and unitType": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Time is a zero or a negativ integer": {
+					"pass": 5,
+					"fail": 0
+				},
+				"UnitType must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				43,
+				32,
+				22,
+				28,
+				30
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: time and unitType": true,
+					"Time is a zero or a negativ integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: time and unitType": true,
+					"Time is a zero or a negativ integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: time and unitType": true,
+					"Time is a zero or a negativ integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: time and unitType": true,
+					"Time is a zero or a negativ integer": true,
+					"UnitType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains required fields: time and unitType": true,
+					"Time is a zero or a negativ integer": true,
+					"UnitType must be a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "a8c1bd51-d747-47ae-971a-3910ade260ab",
+			"name": "DeleteUser",
+			"url": "127.0.0.1:8080/auth/delete",
+			"time": 52,
+			"responseCode": {
+				"code": 200,
+				"name": "OK"
+			},
+			"tests": {
+				"Response status code is 200": true,
+				"Response Content-Type is application/json": true,
+				"Response contains the required fields": true,
+				"ActionType must be a non-empty string": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 200": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response Content-Type is application/json": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response contains the required fields": {
+					"pass": 5,
+					"fail": 0
+				},
+				"ActionType must be a non-empty string": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				78,
+				50,
+				55,
+				36,
+				52
+			],
+			"allTests": [
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				},
+				{
+					"Response status code is 200": true,
+					"Response Content-Type is application/json": true,
+					"Response contains the required fields": true,
+					"ActionType must be a non-empty string": true
+				}
+			]
+		},
+		{
+			"id": "0055c096-c7af-41f7-857c-5c764624e06a",
+			"name": "LoginUserFail",
+			"url": "127.0.0.1:8080/auth/login",
+			"time": 69,
+			"responseCode": {
+				"code": 400,
+				"name": "Bad Request"
+			},
+			"tests": {
+				"Response status code is 400": true,
+				"Response content type is application/problem+json": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 400": {
+					"pass": 5,
+					"fail": 0
+				},
+				"Response content type is application/problem+json": {
+					"pass": 5,
+					"fail": 0
+				}
+			},
+			"times": [
+				106,
+				43,
+				58,
+				44,
+				69
+			],
+			"allTests": [
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				},
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true
+				}
+			]
+		}
+	],
+	"count": 5,
+	"totalTime": 339109,
+	"collection": {
+		"requests": [
+			{
+				"id": "15986188-ab75-40be-8bdb-79f41bf87a1a",
+				"method": "POST"
+			},
+			{
+				"id": "6e7bde1a-79e0-4ffe-8dea-8c91a902b1d5",
+				"method": "POST"
+			},
+			{
+				"id": "8a3bc1df-b648-438c-80a8-d06ef6a9a382",
+				"method": "GET"
+			},
+			{
+				"id": "a28f4dde-4e32-43be-9914-b97c1058e54d",
+				"method": "POST"
+			},
+			{
+				"id": "fbd12ddf-939c-4266-aa77-2442fe55c2df",
+				"method": "POST"
+			},
+			{
+				"id": "ecb38d56-b671-47a9-9adf-886211b4b5a0",
+				"method": "GET"
+			},
+			{
+				"id": "7fdf3024-02e5-43e3-89a6-12e0f0474377",
+				"method": "PUT"
+			},
+			{
+				"id": "72d7b0c0-7c32-4c81-9210-576734e41136",
+				"method": "GET"
+			},
+			{
+				"id": "e609169d-9e3a-4867-8aaa-1edb98a2ce7c",
+				"method": "GET"
+			},
+			{
+				"id": "9c133ae9-c512-49bd-b34b-472f2d7898de",
+				"method": "POST"
+			},
+			{
+				"id": "031eeba4-d034-4cb1-8616-f6c96824e98d",
+				"method": "GET"
+			},
+			{
+				"id": "b7a045b5-29a4-4bea-bf91-2c12cc2cba86",
+				"method": "GET"
+			},
+			{
+				"id": "ff1f6e83-0c74-4652-9c50-eb981a014315",
+				"method": "DELETE"
+			},
+			{
+				"id": "3c71f887-7c04-44c5-80f0-beedaaca8aae",
+				"method": "DELETE"
+			},
+			{
+				"id": "673dd18c-8143-4423-9734-71dcc4e76425",
+				"method": "DELETE"
+			},
+			{
+				"id": "4a4a3c7e-38a6-46cd-ae02-6161f6cd99b9",
+				"method": "GET"
+			},
+			{
+				"id": "e507a9a5-2232-4d6d-9cd8-8d17b92eda67",
+				"method": "GET"
+			},
+			{
+				"id": "6e232a81-8191-43b7-b9a2-84742b7fd851",
+				"method": "GET"
+			},
+			{
+				"id": "59381005-fa78-4884-a913-2dd7eb478179",
+				"method": "GET"
+			},
+			{
+				"id": "6e7756d0-501e-4aa6-addd-58e621113dbc",
+				"method": "GET"
+			},
+			{
+				"id": "c4310c60-8b5d-453f-8393-a5aa5ad70648",
+				"method": "GET"
+			},
+			{
+				"id": "c2812d37-ceeb-48be-bb04-256ca59993b4",
+				"method": "GET"
+			},
+			{
+				"id": "1443c123-d96e-4559-86d6-0a5cf76c5abf",
+				"method": "GET"
+			},
+			{
+				"id": "7630449b-537e-4c0b-912e-57cbbef7c341",
+				"method": "GET"
+			},
+			{
+				"id": "a8c1bd51-d747-47ae-971a-3910ade260ab",
+				"method": "DELETE"
+			},
+			{
+				"id": "0055c096-c7af-41f7-857c-5c764624e06a",
+				"method": "POST"
+			}
+		]
+	}
+}
\ No newline at end of file
diff --git a/securety_api/src/test/resources/.gitkeep b/securety_api/src/test/resources/.gitkeep
new file mode 100644
index 0000000..e69de29

From 59037cb09223e1d25ed9d45b8873b41d96ff5ad6 Mon Sep 17 00:00:00 2001
From: Florian Rohr <florian.rohr@haw_hamburg.com>
Date: Mon, 15 Dec 2025 03:02:38 +0100
Subject: [PATCH 2/6] Integrated Security features (backed them in)

---
 .../src/main/java/com/.DS_Store => .DS_Store  | Bin 6148 -> 8196 bytes
 .env                                          |   4 +
 .idea/misc.xml                                |   8 +
 .vscode/README.md                             |  14 --
 pom.xml                                       |   2 +-
 .../java/com => secure-use-api}/.DS_Store     | Bin 6148 -> 6148 bytes
 {securety_api => secure-use-api}/.env         |   0
 {use-api => secure-use-api}/Dockerfile        |   0
 .../docker-compose.yml                        |   0
 secure-use-api/logs/filter-logs.log           | 146 ++++++++++++++++++
 {use-api => secure-use-api}/pom.xml           |  99 +++++++++++-
 .../src/.DS_Store                             | Bin
 .../src/main/.DS_Store                        | Bin
 .../src/main/java/.DS_Store                   | Bin
 .../main/java/org/tzi/use/SecureUseApi.java   |   6 +-
 .../CustomAuthenticationEntryPoint.java       |   2 +-
 .../exceptions/CustomExceptionHandler.java    |   2 +-
 .../exceptions/ExceptionResponse.java         |   2 +-
 .../api_security}/exceptions/Exceptions.java  |   2 +-
 .../api_security}/model/ApiTokenModel.java    |   2 +-
 .../model/RefreshTokenModel.java              |   2 +-
 .../model/UserAdditionsModel.java             |   2 +-
 .../api_security}/model/UserComposite.java    |   2 +-
 .../api_security}/model/UserMetaModel.java    |   2 +-
 .../model/UserSecurityModel.java              |   2 +-
 .../repository/ApiTokenRepository.java        |   4 +-
 .../repository/RefreshTokenRepository.java    |   4 +-
 .../repository/UserAdditionsRepository.java   |   4 +-
 .../repository/UserMetaRepository.java        |   4 +-
 .../repository/UserSecurityRepository.java    |   4 +-
 .../rest/controller/ApiTokenController.java   |  20 +--
 .../controller/AuthenticationController.java  |  42 +++--
 .../rest/controller/UserController.java       |  14 +-
 .../api_security}/rest/dto/IdActionDto.java   |   2 +-
 .../rest/dto/RefreshTokenDto.java             |   2 +-
 .../rest/dto/ResourceLimitLeftDto.java        |   2 +-
 .../use/api_security}/rest/dto/TokensDto.java |   2 +-
 .../api_security}/rest/dto/UserLoginDto.java  |   2 +-
 .../rest/dto/UserRegistrationDto.java         |   2 +-
 .../rest/middleware/AuditLogMiddleware.java   |   4 +-
 .../middleware/AuthenticationMiddleware.java  |  21 ++-
 .../middleware/AuthorizationMiddleware.java   |  10 +-
 .../ExceptionHandlerMiddleware.java           |   4 +-
 .../rest/middleware/RateLimitMiddleware.java  |   6 +-
 .../middleware/ResourceLimitMiddleware.java   |   8 +-
 .../rest/service/ApiTokenService.java         |  10 +-
 .../rest/service/AuthenticationService.java   |  18 +--
 .../rest/service/RefreshTokenService.java     |  14 +-
 .../rest/service/UserService.java             |  12 +-
 .../security/CustomAuthProvider.java          |  12 +-
 .../api_security}/security/RequireScope.java  |   2 +-
 .../tzi/use/api_security}/security/Role.java  |   2 +-
 .../security/SecurityConfig.java              |  19 +--
 .../security/UserAuthentication.java          |   2 +-
 .../security/UserDetailsImpl.java             |   4 +-
 .../use/api_security}/security/WebConfig.java |   6 +-
 .../api_security}/token/AbstractToken.java    |   2 +-
 .../use/api_security}/token/AccessToken.java  |   6 +-
 .../tzi/use/api_security}/token/ApiToken.java |   4 +-
 .../use/api_security}/token/JwtHandler.java   |   2 +-
 .../api_security}/token/PasetoHandler.java    |   2 +-
 .../use/api_security}/token/RefreshToken.java |   4 +-
 .../token/SimpleTokenStringHandler.java       |   2 +-
 .../tzi/use/api_security}/util/Config.java    |   2 +-
 .../use/api_security}/util/HibernateUtil.java |   2 +-
 .../use_logic}/DTO/AggregationTypeDTO.java    |   2 +-
 .../use/use_logic}/DTO/AssociationDTO.java    |   2 +-
 .../tzi/use/use_logic}/DTO/AttributeDTO.java  |   2 +-
 .../org/tzi/use/use_logic}/DTO/ClassDTO.java  |   2 +-
 .../tzi/use/use_logic}/DTO/InvariantDTO.java  |   2 +-
 .../org/tzi/use/use_logic}/DTO/ModelDTO.java  |   8 +-
 .../tzi/use/use_logic}/DTO/OperationDTO.java  |   2 +-
 .../use_logic}/DTO/PrePostConditionDTO.java   |   2 +-
 .../use_logic}/GlobalExceptionHandler.java    |   2 +-
 .../org/tzi/use/use_logic}/OpenApiConfig.java |   2 +-
 .../tzi/use/use_logic}/UseModelFacade.java    |   4 +-
 .../entities/AggregationTypeNTT.java          |   2 +-
 .../use_logic}/entities/AssociationNTT.java   |   2 +-
 .../use/use_logic}/entities/AttributeNTT.java |   2 +-
 .../tzi/use/use_logic}/entities/ClassNTT.java |   2 +-
 .../use/use_logic}/entities/InvariantNTT.java |   2 +-
 .../tzi/use/use_logic}/entities/ModelNTT.java |   4 +-
 .../use/use_logic}/entities/OperationNTT.java |   2 +-
 .../entities/PrePostConditionNTT.java         |   2 +-
 .../use_logic}/mapper/AssociationMapper.java  |   6 +-
 .../use_logic}/mapper/AttributeMapper.java    |   6 +-
 .../use/use_logic}/mapper/ClassMapper.java    |   6 +-
 .../use_logic}/mapper/InvariantMapper.java    |   6 +-
 .../use/use_logic}/mapper/ModelMapper.java    |   6 +-
 .../use_logic}/mapper/OperationMapper.java    |   6 +-
 .../mapper/PrePostConditionMapper.java        |   6 +-
 .../use/use_logic}/repository/ModelRepo.java  |   4 +-
 .../rest/controller/ClassController.java      |  10 +-
 .../rest/controller/ModelController.java      |   7 +-
 .../rest/services/ClassService.java           |  22 +--
 .../rest/services/ModelService.java           |  12 +-
 .../src/main/resources/.DS_Store              | Bin
 .../src/main/resources/application.properties |  18 +++
 .../src/main/resources/docker-compose.yml     |   0
 .../src/main/resources/logback-spring.xml     |   6 +-
 .../src/test/.DS_Store                        | Bin
 .../src/test/java/.DS_Store                   | Bin
 .../org/tzi/use/RestApiControllerTest.java    |  12 +-
 .../src/test/postman/.DS_Store                | Bin
 ...Ba.ApiSecurityTest.postman_collection.json |   0
 ...i.Ba.ApiSecurityTest.postman_test_run.json |   0
 ...se-webapi-extended.postman_collection.json |   0
 .../use-webapi.postman_collection.json        |   0
 .../src/test/resources/.gitkeep               |   0
 securety_api/pom.xml                          | 113 --------------
 .../src/main/resources/application.properties |  11 --
 .../src/main/resources/templates/hello.html   |  12 --
 .../SecureUseAppiApplicationTests.java        |  13 --
 .../org/tzi/use/UseWebAPIApplication.java     |  11 --
 114 files changed, 507 insertions(+), 421 deletions(-)
 rename securety_api/src/main/java/com/.DS_Store => .DS_Store (60%)
 create mode 100644 .env
 delete mode 100644 .vscode/README.md
 rename {securety_api/src/test/java/com => secure-use-api}/.DS_Store (89%)
 rename {securety_api => secure-use-api}/.env (100%)
 rename {use-api => secure-use-api}/Dockerfile (100%)
 rename {use-api => secure-use-api}/docker-compose.yml (100%)
 create mode 100644 secure-use-api/logs/filter-logs.log
 rename {use-api => secure-use-api}/pom.xml (77%)
 rename {securety_api => secure-use-api}/src/.DS_Store (100%)
 rename {securety_api => secure-use-api}/src/main/.DS_Store (100%)
 rename {securety_api => secure-use-api}/src/main/java/.DS_Store (100%)
 rename securety_api/src/main/java/com/secure_use_api/SecureUseApiApplication.java => secure-use-api/src/main/java/org/tzi/use/SecureUseApi.java (59%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/exceptions/CustomAuthenticationEntryPoint.java (94%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/exceptions/CustomExceptionHandler.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/exceptions/ExceptionResponse.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/exceptions/Exceptions.java (92%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/model/ApiTokenModel.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/model/RefreshTokenModel.java (95%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/model/UserAdditionsModel.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/model/UserComposite.java (94%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/model/UserMetaModel.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/model/UserSecurityModel.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/repository/ApiTokenRepository.java (81%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/repository/RefreshTokenRepository.java (86%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/repository/UserAdditionsRepository.java (90%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/repository/UserMetaRepository.java (76%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/repository/UserSecurityRepository.java (70%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/controller/ApiTokenController.java (81%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/controller/AuthenticationController.java (78%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/controller/UserController.java (75%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/dto/IdActionDto.java (91%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/dto/RefreshTokenDto.java (92%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/dto/ResourceLimitLeftDto.java (93%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/dto/TokensDto.java (92%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/dto/UserLoginDto.java (94%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/dto/UserRegistrationDto.java (94%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/middleware/AuditLogMiddleware.java (96%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/middleware/AuthenticationMiddleware.java (80%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/middleware/AuthorizationMiddleware.java (90%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/middleware/ExceptionHandlerMiddleware.java (88%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/middleware/RateLimitMiddleware.java (89%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/middleware/ResourceLimitMiddleware.java (93%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/service/ApiTokenService.java (87%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/service/AuthenticationService.java (83%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/service/RefreshTokenService.java (79%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/rest/service/UserService.java (90%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/security/CustomAuthProvider.java (88%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/security/RequireScope.java (88%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/security/Role.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/security/SecurityConfig.java (84%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/security/UserAuthentication.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/security/UserDetailsImpl.java (94%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/security/WebConfig.java (88%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/token/AbstractToken.java (88%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/token/AccessToken.java (96%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/token/ApiToken.java (92%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/token/JwtHandler.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/token/PasetoHandler.java (93%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/token/RefreshToken.java (97%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/token/SimpleTokenStringHandler.java (84%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/util/Config.java (95%)
 rename {securety_api/src/main/java/com/secure_use_api => secure-use-api/src/main/java/org/tzi/use/api_security}/util/HibernateUtil.java (94%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/DTO/AggregationTypeDTO.java (90%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/DTO/AssociationDTO.java (93%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/DTO/AttributeDTO.java (86%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/DTO/ClassDTO.java (91%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/DTO/InvariantDTO.java (88%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/DTO/ModelDTO.java (73%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/DTO/OperationDTO.java (88%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/DTO/PrePostConditionDTO.java (89%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/GlobalExceptionHandler.java (99%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/OpenApiConfig.java (96%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/UseModelFacade.java (98%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/entities/AggregationTypeNTT.java (89%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/entities/AssociationNTT.java (92%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/entities/AttributeNTT.java (84%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/entities/ClassNTT.java (91%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/entities/InvariantNTT.java (86%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/entities/ModelNTT.java (90%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/entities/OperationNTT.java (86%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/entities/PrePostConditionNTT.java (87%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/mapper/AssociationMapper.java (65%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/mapper/AttributeMapper.java (65%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/mapper/ClassMapper.java (65%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/mapper/InvariantMapper.java (65%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/mapper/ModelMapper.java (77%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/mapper/OperationMapper.java (65%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/mapper/PrePostConditionMapper.java (66%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/repository/ModelRepo.java (71%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/rest/controller/ClassController.java (96%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/rest/controller/ModelController.java (99%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/rest/services/ClassService.java (87%)
 rename {use-api/src/main/java/org/tzi/use => secure-use-api/src/main/java/org/tzi/use/use_logic}/rest/services/ModelService.java (96%)
 rename {securety_api => secure-use-api}/src/main/resources/.DS_Store (100%)
 rename {use-api => secure-use-api}/src/main/resources/application.properties (57%)
 rename {use-api => secure-use-api}/src/main/resources/docker-compose.yml (100%)
 rename {securety_api => secure-use-api}/src/main/resources/logback-spring.xml (81%)
 rename {securety_api => secure-use-api}/src/test/.DS_Store (100%)
 rename {securety_api => secure-use-api}/src/test/java/.DS_Store (100%)
 rename {use-api => secure-use-api}/src/test/java/org/tzi/use/RestApiControllerTest.java (95%)
 rename {securety_api => secure-use-api}/src/test/postman/.DS_Store (100%)
 rename {securety_api/src/test/postman => secure-use-api/src/test/postman/api_security}/Uni.Ba.ApiSecurityTest.postman_collection.json (100%)
 rename {securety_api/src/test/postman => secure-use-api/src/test/postman/api_security}/Uni.Ba.ApiSecurityTest.postman_test_run.json (100%)
 rename {use-api/src/it/java/org.tzi.use/postman_collection => secure-use-api/src/test/postman/use_logic}/use-webapi-extended.postman_collection.json (100%)
 rename {use-api/src/it/java/org.tzi.use/postman_collection => secure-use-api/src/test/postman/use_logic}/use-webapi.postman_collection.json (100%)
 rename {securety_api => secure-use-api}/src/test/resources/.gitkeep (100%)
 delete mode 100644 securety_api/pom.xml
 delete mode 100644 securety_api/src/main/resources/application.properties
 delete mode 100644 securety_api/src/main/resources/templates/hello.html
 delete mode 100644 securety_api/src/test/java/com/secure_use_api/SecureUseAppiApplicationTests.java
 delete mode 100644 use-api/src/main/java/org/tzi/use/UseWebAPIApplication.java

diff --git a/securety_api/src/main/java/com/.DS_Store b/.DS_Store
similarity index 60%
rename from securety_api/src/main/java/com/.DS_Store
rename to .DS_Store
index 6be1c0d5bbbc408f205de4056d5e5bbbb8784026..edc9948eb27e09f64ab6c2711a255530ef932320 100644
GIT binary patch
literal 8196
zcmeHMO-~a+7=8x|-3l0DG~uAhCf-cJ@}WY!lu}|yPz*~XMosBg%Es+((+?{lBt2{5
z-J^FCuf~H{|AGI-c+lsaU2u0w3nCGWGs(=m-F=>UXP$XyW@k%8BGW2O6HO42fy{P%
z1jQkVpL6a?1HqkZumXId3YBS<JgTfXU1)tnE1(t73TOqi0$PFdpaAx4PDYP?-+!u0
zt$<eGzf^$N2NRiXI<Otz%B2H^JOaSRa9bu^;~XG4W?<8S?f6zwQKx@;5CK&LM-1W9
z@!VuMY&x(V-}-bCKAlA1Sp+8(A-#iVN;rwMZ*{2^&<b=bz-RXaEzvgR$qk?1y<)-f
z3V6yBY7u$rhfKI4ii5F659u+j&;z=+;zZCN6!aLC@J*mdEvn-CfJ;sIYLbn6Zj>pw
zHBmoYzeO8p!78mP=+_E5Mh<^_poW6`rr?Ir4(@FWr4z*tR1|Cs{+DT!tSC+@@;;=<
zAUwCI8AS>997e^d23(b<=p{<UH?eMEbb{95dy%qqA9f0il2SkG6=qye7;6}(!&D1%
zE>Z)d!lP4%orLAzlhCF{w&D-{5jR4;?#nH-8?_*YJ{D?@-Dsv#U&X*+Y-l)c#ElW-
znYHb;t!BR2YGm^DC;V%}^PIx|b-wV(F1K^zmzO-ZnYZ0?T@vh48IY%&wp;Sr8L#D*
z8j@@I4~&G7$c<0z?#|BNNt)BCTYE`!cVQ-#H0Ne-@9iawE7xz{UC%vts;>76`XPy6
zQ=u{c_d&@K*0+yNW!frw)fzK~-n>g6g|B+qY@mrT|LObH&+RWfxBB|1dZpjy)V4$I
zdJ7Ln_;_K}UB`1d`dN!h{bB-<Xm>|1&zwkX^sgg_dEj)#vpQdnRmWM!+04R1(wv!_
z`@=XpR$rBI8V!w;jWu=W@Odj&weXzp$vbN;PifBf?4P1vyx(faYkVZ4M?>g_RK7|D
zMDb2^mE?6i!ZQwdMMOPT*(jcOy$JqSt14isYcSTN2%6{i$<m-to8a^Ra_{f|C#zhu
zv;taze?kEf%UanCn!5iQq_&#R+9vWAGAG7$d@Cs^<Z&EU9>-x1{xHO~2`F>Yf$jJf
acaZ-2hk#Rm&(!<>xqD~V`@fu9{feJJkHC`v

delta 238
zcmZp1XfcprU|?W$DortDU=RQ@Ie-{MGjUEV6q~50D9Q|y2a6Rkq%y=alrj`Eq;4!+
z&S(mf;REp)l7XT~vOrad3<V6Co;mr+NjdpRP$M0IwBBSpAxTcCDGc$G6NK70OfAfG
z6pSq_C%+T&m4-_}j3^5(%FD^mO9we(W8r$1#q1m$f*^~5K!6)axPqLzvG6<dWPTY(
WkY7NKWdYGl5YK?cHplbKVFm!{4=O7F

diff --git a/.env b/.env
new file mode 100644
index 0000000..311fbca
--- /dev/null
+++ b/.env
@@ -0,0 +1,4 @@
+SECRET_ACCESS_TOKEN_KEY=AuthSecretKey
+SECRET_REFRESH_TOKEN_KEY=RefreshTokenKey
+RATE_LIMIT_PER_SECOND=10
+RESOURCE_LIMIT_PER_DAY=60
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
index 9886518..86a2001 100644
--- a/.idea/misc.xml
+++ b/.idea/misc.xml
@@ -8,6 +8,14 @@
         <option value="$PROJECT_DIR$/use-api/pom.xml" />
       </list>
     </option>
+    <option name="ignoredFiles">
+      <set>
+        <option value="$PROJECT_DIR$/secure-use-api-second/pom.xml" />
+        <option value="$PROJECT_DIR$/secure-use-api/pom.xml" />
+        <option value="$PROJECT_DIR$/secure-use-api_old/pom.xml" />
+      </set>
+    </option>
+    <option name="workspaceImportForciblyTurnedOn" value="true" />
   </component>
   <component name="ProjectRootManager" version="2" languageLevel="JDK_21" default="true" project-jdk-name="21" project-jdk-type="JavaSDK">
     <output url="file://$PROJECT_DIR$/out" />
diff --git a/.vscode/README.md b/.vscode/README.md
deleted file mode 100644
index e577411..0000000
--- a/.vscode/README.md
+++ /dev/null
@@ -1,14 +0,0 @@
-# For VS Code users
-
-This directory contains the configuration files and related contents for Visual Studio Code.
-
-## How to develop USE with Visual Studio Code
-
-1. Install Visual Studio Code from [https://code.visualstudio.com/](https://code.visualstudio.com/).
-    - [Java Extension Pack](https://marketplace.visualstudio.com/items?itemName=vscjava.vscode-java-pack) is recommended for Java development.
-
-2. Clone the USE repository from [https://github.com/useocl/use](https://github.com/useocl/use).
-    - Currently USE is using JDK version 21. Install if you don't have it.
-    - From the USE repository root, open the command prompt and run `mvn package` to generate the `target\generated-sources\antlr3` directory (which use-core depends on), and the `.jar` files.
-
-3. Open the USE repository in Visual Studio Code and start developing!
diff --git a/pom.xml b/pom.xml
index 01f5f2d..9140a31 100644
--- a/pom.xml
+++ b/pom.xml
@@ -12,7 +12,7 @@
         <module>use-core</module>
         <module>use-gui</module>
         <module>use-assembly</module>
-        <module>use-api</module>
+        <module>secure-use-api</module>
     </modules>
 
     <properties>
diff --git a/securety_api/src/test/java/com/.DS_Store b/secure-use-api/.DS_Store
similarity index 89%
rename from securety_api/src/test/java/com/.DS_Store
rename to secure-use-api/.DS_Store
index 6be1c0d5bbbc408f205de4056d5e5bbbb8784026..42637716aa01e1db4f62fbfc1a25aa1dc06590d8 100644
GIT binary patch
delta 170
zcmZoMXfc=|#>B`mu~2NHo)(X1PJVJyPJR*t1B1ZC!sWcoKn4p#4nsaeIz#bf9VU5y
zc7_5VFPA}&p#n(eAZq}sT@S>1|G@yrVqjoqC}t>PNJdq~D2q_FIgxo8%jN>++l-sp
eIruq%E&+;sXP(S2V#xtAfRTZLX>)+c7G?m?K`kTz

delta 379
zcmZoMXfc=|#>B)qu~2NHo)!;75ko3NJVPl%F+=L+iHyq`6`2_r82CV3hGd{Hk~C0R
zB0~W~=41&*`Fgx6lFEw<l5+BsfF|uoD#*z!E-^5;#>m9X!pg?Z!Op?W5gVM5UmjeN
zSW;T-lvorE;)Uer=On?{iAiCZspatkBF_1FC5f4NsYPH7nJKA2B{AWddG#sz<xcsf
zc`3zU&A|{E4o(ivcmav(YEug{9R*_x%UT_UYD*&n9R(9(v)Wot4pC)&>!A4ToZP(p
zE}-LpfRPbGGw?!b7}X7A;PxaxFdWK)i}G^v^U{F|8G%8!o@FyT2R{ceXn~yX%#-;=
QEIELNgU#O@AhLxS0Qh-ar2qf`

diff --git a/securety_api/.env b/secure-use-api/.env
similarity index 100%
rename from securety_api/.env
rename to secure-use-api/.env
diff --git a/use-api/Dockerfile b/secure-use-api/Dockerfile
similarity index 100%
rename from use-api/Dockerfile
rename to secure-use-api/Dockerfile
diff --git a/use-api/docker-compose.yml b/secure-use-api/docker-compose.yml
similarity index 100%
rename from use-api/docker-compose.yml
rename to secure-use-api/docker-compose.yml
diff --git a/secure-use-api/logs/filter-logs.log b/secure-use-api/logs/filter-logs.log
new file mode 100644
index 0000000..72cb2b7
--- /dev/null
+++ b/secure-use-api/logs/filter-logs.log
@@ -0,0 +1,146 @@
+127.0.0.1 - - [15/Dec/2025:02:27:52 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:30:47 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:30:50 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:30:50 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:30:50 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:30:51 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "DELETE /api/delete/b2d956ee-7589-4c17-a74a-360083c24e92 HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "DELETE /api/delete/b2d956ee-7589-4c17-a74a-360083c24e92 HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:54 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:30:54 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:54 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:54 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:14 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:14 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:34 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:54 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:54 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
+127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:54 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:56 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:56 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:56 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:31:58 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "DELETE /api/delete/34bb8aad-da45-4ef2-a748-c4cd424c3aa9 HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "DELETE /api/delete/34bb8aad-da45-4ef2-a748-c4cd424c3aa9 HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:32:00 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:20 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:20 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:40 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:33:00 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:33:00 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
+127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:33:00 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:02 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:02 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:02 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:04 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "DELETE /api/delete/d110e1f9-6ce2-45c9-b985-e70a3b61cb0e HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "DELETE /api/delete/d110e1f9-6ce2-45c9-b985-e70a3b61cb0e HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:33:06 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:26 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:26 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:46 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:34:06 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:34:06 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:34:06 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:08 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:08 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:08 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:10 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:11 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:11 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:11 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "DELETE /api/delete/c0bec021-0625-43b8-880b-300d5fefe999 HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "DELETE /api/delete/c0bec021-0625-43b8-880b-300d5fefe999 HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:34:12 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:32 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:32 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:52 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:35:12 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:35:12 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:35:12 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:14 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:14 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:14 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:16 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:17 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:17 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:17 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "DELETE /api/delete/136ae8ba-5a6a-42ad-92d8-beaa34a0e399 HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "DELETE /api/delete/136ae8ba-5a6a-42ad-92d8-beaa34a0e399 HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:35:18 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:38 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:38 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:58 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:36:18 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:36:19 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
+127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:36:19 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:36:19 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:36:19 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:36:19 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
+127.0.0.1 - - [15/Dec/2025:02:36:19 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
diff --git a/use-api/pom.xml b/secure-use-api/pom.xml
similarity index 77%
rename from use-api/pom.xml
rename to secure-use-api/pom.xml
index 17b6807..504b433 100644
--- a/use-api/pom.xml
+++ b/secure-use-api/pom.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
-         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
     <parent>
         <artifactId>use</artifactId>
         <groupId>org.tzi.use</groupId>
@@ -9,8 +9,7 @@
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
-    <artifactId>use-api</artifactId>
-
+    <artifactId>secure-use-api</artifactId>
 
     <properties>
         <maven.compiler.source>21</maven.compiler.source>
@@ -23,7 +22,7 @@
             <dependency>
                 <groupId>org.springframework.boot</groupId>
                 <artifactId>spring-boot-dependencies</artifactId>
-                <version>3.1.5</version>
+                <version>3.5.5</version>
                 <type>pom</type>
                 <scope>import</scope>
             </dependency>
@@ -84,7 +83,7 @@
         <dependency>
             <groupId>org.springdoc</groupId>
             <artifactId>springdoc-openapi-starter-webmvc-ui</artifactId>
-            <version>2.5.0</version> <!-- or the latest version -->
+            <version>2.8.14</version> <!-- or the latest version -->
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -131,11 +130,93 @@
             <version>7.1.1</version>
             <scope>compile</scope>
         </dependency>
-
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-data-mongodb</artifactId>
         </dependency>
+
+
+        <!-- ######## -->
+        <!-- Security -->
+        <!-- ######## -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-security</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-validation</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-test</artifactId>
+            <scope>test</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>de.mkammerer</groupId>
+            <artifactId>argon2-jvm</artifactId>
+            <version>2.7</version>
+        </dependency>
+
+        <!-- H2 Database Dependency (In memory for testing) -->
+        <dependency>
+            <groupId>com.h2database</groupId>
+            <artifactId>h2</artifactId>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>jakarta.persistence</groupId>
+            <artifactId>jakarta.persistence-api</artifactId>
+            <version>3.1.0</version>
+        </dependency>
+
+        <!-- RateLimiter -->
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <version>32.1.3-jre</version>
+        </dependency>
+
+        <!-- JWT Library -->
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>4.2.1</version>
+        </dependency>
+
+        <!-- .env Library -->
+        <dependency>
+            <groupId>io.github.cdimascio</groupId>
+            <artifactId>dotenv-java</artifactId>
+            <version>2.0.0</version>
+        </dependency>
+
+        <!-- json Library -->
+        <dependency>
+            <groupId>com.google.code.gson</groupId>
+            <artifactId>gson</artifactId>
+            <version>2.13.2</version>
+        </dependency>
     </dependencies>
 
     <build>
@@ -181,6 +262,9 @@
                         <compilerArg>
                             -Amapstruct.defaultComponentModel=spring
                         </compilerArg>
+                        <compilerArg>
+                            -parameters
+                        </compilerArg>
                     </compilerArgs>
                 </configuration>
             </plugin>
@@ -251,4 +335,5 @@
 <!--            </plugin>-->
         </plugins>
     </build>
+
 </project>
\ No newline at end of file
diff --git a/securety_api/src/.DS_Store b/secure-use-api/src/.DS_Store
similarity index 100%
rename from securety_api/src/.DS_Store
rename to secure-use-api/src/.DS_Store
diff --git a/securety_api/src/main/.DS_Store b/secure-use-api/src/main/.DS_Store
similarity index 100%
rename from securety_api/src/main/.DS_Store
rename to secure-use-api/src/main/.DS_Store
diff --git a/securety_api/src/main/java/.DS_Store b/secure-use-api/src/main/java/.DS_Store
similarity index 100%
rename from securety_api/src/main/java/.DS_Store
rename to secure-use-api/src/main/java/.DS_Store
diff --git a/securety_api/src/main/java/com/secure_use_api/SecureUseApiApplication.java b/secure-use-api/src/main/java/org/tzi/use/SecureUseApi.java
similarity index 59%
rename from securety_api/src/main/java/com/secure_use_api/SecureUseApiApplication.java
rename to secure-use-api/src/main/java/org/tzi/use/SecureUseApi.java
index 734c39e..f8636e7 100644
--- a/securety_api/src/main/java/com/secure_use_api/SecureUseApiApplication.java
+++ b/secure-use-api/src/main/java/org/tzi/use/SecureUseApi.java
@@ -1,11 +1,11 @@
-package com.secure_use_api;
+package org.tzi.use;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 
 @SpringBootApplication
-public class SecureUseApiApplication {
+public class SecureUseApi {
 	public static void main(String[] args) {
-		SpringApplication.run(SecureUseApiApplication.class, args);
+		SpringApplication.run(SecureUseApi.class, args);
 	}
 }
\ No newline at end of file
diff --git a/securety_api/src/main/java/com/secure_use_api/exceptions/CustomAuthenticationEntryPoint.java b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomAuthenticationEntryPoint.java
similarity index 94%
rename from securety_api/src/main/java/com/secure_use_api/exceptions/CustomAuthenticationEntryPoint.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomAuthenticationEntryPoint.java
index a7ea4e2..657f575 100644
--- a/securety_api/src/main/java/com/secure_use_api/exceptions/CustomAuthenticationEntryPoint.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomAuthenticationEntryPoint.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.exceptions;
+package org.tzi.use.api_security.exceptions;
 
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.AuthenticationException;
diff --git a/securety_api/src/main/java/com/secure_use_api/exceptions/CustomExceptionHandler.java b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomExceptionHandler.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/exceptions/CustomExceptionHandler.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomExceptionHandler.java
index 5e8791c..9a074ae 100644
--- a/securety_api/src/main/java/com/secure_use_api/exceptions/CustomExceptionHandler.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomExceptionHandler.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.exceptions;
+package org.tzi.use.api_security.exceptions;
 
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
diff --git a/securety_api/src/main/java/com/secure_use_api/exceptions/ExceptionResponse.java b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/ExceptionResponse.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/exceptions/ExceptionResponse.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/ExceptionResponse.java
index c1642f9..0e5ae72 100644
--- a/securety_api/src/main/java/com/secure_use_api/exceptions/ExceptionResponse.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/ExceptionResponse.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.exceptions;
+package org.tzi.use.api_security.exceptions;
 
 import java.io.IOException;
 import java.time.Instant;
diff --git a/securety_api/src/main/java/com/secure_use_api/exceptions/Exceptions.java b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/Exceptions.java
similarity index 92%
rename from securety_api/src/main/java/com/secure_use_api/exceptions/Exceptions.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/Exceptions.java
index 131a04a..50ecc36 100644
--- a/securety_api/src/main/java/com/secure_use_api/exceptions/Exceptions.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/Exceptions.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.exceptions;
+package org.tzi.use.api_security.exceptions;
 
 public class Exceptions {
     public static class UserAlreadyExists extends RuntimeException {
diff --git a/securety_api/src/main/java/com/secure_use_api/model/ApiTokenModel.java b/secure-use-api/src/main/java/org/tzi/use/api_security/model/ApiTokenModel.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/model/ApiTokenModel.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/model/ApiTokenModel.java
index f53d506..db9e858 100644
--- a/securety_api/src/main/java/com/secure_use_api/model/ApiTokenModel.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/model/ApiTokenModel.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.model;
+package org.tzi.use.api_security.model;
 
 import java.sql.Timestamp;
 import java.util.UUID;
diff --git a/securety_api/src/main/java/com/secure_use_api/model/RefreshTokenModel.java b/secure-use-api/src/main/java/org/tzi/use/api_security/model/RefreshTokenModel.java
similarity index 95%
rename from securety_api/src/main/java/com/secure_use_api/model/RefreshTokenModel.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/model/RefreshTokenModel.java
index e6769c2..1a45bca 100644
--- a/securety_api/src/main/java/com/secure_use_api/model/RefreshTokenModel.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/model/RefreshTokenModel.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.model;
+package org.tzi.use.api_security.model;
 
 import java.sql.Timestamp;
 import java.util.UUID;
diff --git a/securety_api/src/main/java/com/secure_use_api/model/UserAdditionsModel.java b/secure-use-api/src/main/java/org/tzi/use/api_security/model/UserAdditionsModel.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/model/UserAdditionsModel.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/model/UserAdditionsModel.java
index 5b52d04..6286b08 100644
--- a/securety_api/src/main/java/com/secure_use_api/model/UserAdditionsModel.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/model/UserAdditionsModel.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.model;
+package org.tzi.use.api_security.model;
 
 import java.sql.Timestamp;
 import java.util.ArrayList;
diff --git a/securety_api/src/main/java/com/secure_use_api/model/UserComposite.java b/secure-use-api/src/main/java/org/tzi/use/api_security/model/UserComposite.java
similarity index 94%
rename from securety_api/src/main/java/com/secure_use_api/model/UserComposite.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/model/UserComposite.java
index 4390428..4cb52dd 100644
--- a/securety_api/src/main/java/com/secure_use_api/model/UserComposite.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/model/UserComposite.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.model;
+package org.tzi.use.api_security.model;
 
 public class UserComposite {
     private UserMetaModel userMeta;
diff --git a/securety_api/src/main/java/com/secure_use_api/model/UserMetaModel.java b/secure-use-api/src/main/java/org/tzi/use/api_security/model/UserMetaModel.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/model/UserMetaModel.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/model/UserMetaModel.java
index 9a47cde..eb0bd5e 100644
--- a/securety_api/src/main/java/com/secure_use_api/model/UserMetaModel.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/model/UserMetaModel.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.model;
+package org.tzi.use.api_security.model;
 
 import java.sql.Timestamp;
 import java.util.ArrayList;
diff --git a/securety_api/src/main/java/com/secure_use_api/model/UserSecurityModel.java b/secure-use-api/src/main/java/org/tzi/use/api_security/model/UserSecurityModel.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/model/UserSecurityModel.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/model/UserSecurityModel.java
index 271d735..fbffa51 100644
--- a/securety_api/src/main/java/com/secure_use_api/model/UserSecurityModel.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/model/UserSecurityModel.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.model;
+package org.tzi.use.api_security.model;
 
 import java.sql.Timestamp;
 import java.util.UUID;
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/ApiTokenRepository.java b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/ApiTokenRepository.java
similarity index 81%
rename from securety_api/src/main/java/com/secure_use_api/repository/ApiTokenRepository.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/repository/ApiTokenRepository.java
index 5af86d4..588dab4 100644
--- a/securety_api/src/main/java/com/secure_use_api/repository/ApiTokenRepository.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/ApiTokenRepository.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.repository;
+package org.tzi.use.api_security.repository;
 
 import java.util.List;
 import java.util.UUID;
@@ -6,7 +6,7 @@
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
-import com.secure_use_api.model.ApiTokenModel;
+import org.tzi.use.api_security.model.ApiTokenModel;
 
 @Repository
 public interface ApiTokenRepository extends JpaRepository<ApiTokenModel, UUID> {
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/RefreshTokenRepository.java b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/RefreshTokenRepository.java
similarity index 86%
rename from securety_api/src/main/java/com/secure_use_api/repository/RefreshTokenRepository.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/repository/RefreshTokenRepository.java
index 773759b..6769936 100644
--- a/securety_api/src/main/java/com/secure_use_api/repository/RefreshTokenRepository.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/RefreshTokenRepository.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.repository;
+package org.tzi.use.api_security.repository;
 
 import java.util.Date;
 import java.util.UUID;
@@ -9,7 +9,7 @@
 import org.springframework.stereotype.Repository;
 
 import jakarta.transaction.Transactional;
-import com.secure_use_api.model.RefreshTokenModel;
+import org.tzi.use.api_security.model.RefreshTokenModel;
 
 @Repository
 public interface RefreshTokenRepository extends JpaRepository<RefreshTokenModel, UUID> {
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/UserAdditionsRepository.java b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserAdditionsRepository.java
similarity index 90%
rename from securety_api/src/main/java/com/secure_use_api/repository/UserAdditionsRepository.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserAdditionsRepository.java
index 9148ef5..56e4463 100644
--- a/securety_api/src/main/java/com/secure_use_api/repository/UserAdditionsRepository.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserAdditionsRepository.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.repository;
+package org.tzi.use.api_security.repository;
 
 import java.sql.Timestamp;
 import java.util.UUID;
@@ -9,7 +9,7 @@
 import org.springframework.stereotype.Repository;
 
 import jakarta.transaction.Transactional;
-import com.secure_use_api.model.UserAdditionsModel;
+import org.tzi.use.api_security.model.UserAdditionsModel;
 
 @Repository
 public interface UserAdditionsRepository extends JpaRepository<UserAdditionsModel, UUID> {
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/UserMetaRepository.java b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserMetaRepository.java
similarity index 76%
rename from securety_api/src/main/java/com/secure_use_api/repository/UserMetaRepository.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserMetaRepository.java
index e383777..d739c83 100644
--- a/securety_api/src/main/java/com/secure_use_api/repository/UserMetaRepository.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserMetaRepository.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.repository;
+package org.tzi.use.api_security.repository;
 
 import java.util.Optional;
 import java.util.UUID;
@@ -6,7 +6,7 @@
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
-import com.secure_use_api.model.UserMetaModel;
+import org.tzi.use.api_security.model.UserMetaModel;
 
 @Repository
 public interface UserMetaRepository extends JpaRepository<UserMetaModel, UUID> {
diff --git a/securety_api/src/main/java/com/secure_use_api/repository/UserSecurityRepository.java b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserSecurityRepository.java
similarity index 70%
rename from securety_api/src/main/java/com/secure_use_api/repository/UserSecurityRepository.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserSecurityRepository.java
index 5eda66c..b6244e8 100644
--- a/securety_api/src/main/java/com/secure_use_api/repository/UserSecurityRepository.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/repository/UserSecurityRepository.java
@@ -1,11 +1,11 @@
-package com.secure_use_api.repository;
+package org.tzi.use.api_security.repository;
 
 import java.util.UUID;
 
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.stereotype.Repository;
 
-import com.secure_use_api.model.UserSecurityModel;
+import org.tzi.use.api_security.model.UserSecurityModel;
 
 @Repository
 public interface UserSecurityRepository extends JpaRepository<UserSecurityModel, UUID> {
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/controller/ApiTokenController.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/ApiTokenController.java
similarity index 81%
rename from securety_api/src/main/java/com/secure_use_api/rest/controller/ApiTokenController.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/ApiTokenController.java
index f0d108b..955db25 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/controller/ApiTokenController.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/ApiTokenController.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.controller;
+package org.tzi.use.api_security.rest.controller;
 
 import java.util.List;
 import java.util.UUID;
@@ -12,13 +12,13 @@
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.secure_use_api.exceptions.Exceptions.UserAlreadyExists;
-import com.secure_use_api.rest.dto.TokensDto;
-import com.secure_use_api.rest.dto.IdActionDto;
-import com.secure_use_api.rest.service.ApiTokenService;
-import com.secure_use_api.security.RequireScope;
-import com.secure_use_api.security.UserAuthentication;
-import com.secure_use_api.token.ApiToken;
+import org.tzi.use.api_security.exceptions.Exceptions;
+import org.tzi.use.api_security.rest.dto.IdActionDto;
+import org.tzi.use.api_security.rest.dto.TokensDto;
+import org.tzi.use.api_security.rest.service.ApiTokenService;
+import org.tzi.use.api_security.security.RequireScope;
+import org.tzi.use.api_security.security.UserAuthentication;
+import org.tzi.use.api_security.token.ApiToken;
 
 @RestController
 @RequestMapping("api")
@@ -36,7 +36,7 @@ public ResponseEntity<List<String>> getAll() {
             List<String> apiTokenList = this.service.getAllAsStrings(user.getUserId());
 
             return ResponseEntity.ok(apiTokenList);
-        } catch (UserAlreadyExists err) {
+        } catch (Exceptions.UserAlreadyExists err) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
         }
     }
@@ -50,7 +50,7 @@ public ResponseEntity<TokensDto> create() {
             ApiToken apiToken = this.service.create(user.getUserId(), user.getName());
 
             return ResponseEntity.ok(new TokensDto(apiToken.toTokenString(), null));
-        } catch (UserAlreadyExists err) {
+        } catch (Exceptions.UserAlreadyExists err) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
         }
     }
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/controller/AuthenticationController.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/AuthenticationController.java
similarity index 78%
rename from securety_api/src/main/java/com/secure_use_api/rest/controller/AuthenticationController.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/AuthenticationController.java
index 120161a..1633c7c 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/controller/AuthenticationController.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/AuthenticationController.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.controller;
+package org.tzi.use.api_security.rest.controller;
 
 import java.util.List;
 import java.util.Optional;
@@ -20,22 +20,20 @@
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.secure_use_api.exceptions.Exceptions.ExpiredException;
-import com.secure_use_api.exceptions.Exceptions.InvalidException;
-import com.secure_use_api.exceptions.Exceptions.UserAlreadyExists;
-import com.secure_use_api.rest.dto.TokensDto;
-import com.secure_use_api.rest.dto.IdActionDto;
-import com.secure_use_api.rest.dto.RefreshTokenDto;
-import com.secure_use_api.rest.dto.UserLoginDto;
-import com.secure_use_api.rest.dto.UserRegistrationDto;
-import com.secure_use_api.rest.service.RefreshTokenService;
-import com.secure_use_api.rest.service.UserService;
-import com.secure_use_api.rest.service.AuthenticationService;
-import com.secure_use_api.security.RequireScope;
-import com.secure_use_api.security.Role;
-import com.secure_use_api.security.UserAuthentication;
-import com.secure_use_api.token.AccessToken;
-import com.secure_use_api.token.RefreshToken;
+import org.tzi.use.api_security.exceptions.Exceptions;
+import org.tzi.use.api_security.rest.service.AuthenticationService;
+import org.tzi.use.api_security.rest.service.RefreshTokenService;
+import org.tzi.use.api_security.rest.service.UserService;
+import org.tzi.use.api_security.security.RequireScope;
+import org.tzi.use.api_security.security.Role;
+import org.tzi.use.api_security.security.UserAuthentication;
+import org.tzi.use.api_security.token.AccessToken;
+import org.tzi.use.api_security.token.RefreshToken;
+import org.tzi.use.api_security.rest.dto.TokensDto;
+import org.tzi.use.api_security.rest.dto.IdActionDto;
+import org.tzi.use.api_security.rest.dto.RefreshTokenDto;
+import org.tzi.use.api_security.rest.dto.UserLoginDto;
+import org.tzi.use.api_security.rest.dto.UserRegistrationDto;
 
 @RestController
 @RequestMapping("auth")
@@ -72,7 +70,7 @@ public ResponseEntity<IdActionDto> register(@RequestBody @Valid UserRegistration
             this.userService.createUserAdditions(userId);
 
             return ResponseEntity.ok(new IdActionDto(userId, "UserCreated"));
-        } catch (UserAlreadyExists err) {
+        } catch (Exceptions.UserAlreadyExists err) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
         }
     }
@@ -105,17 +103,17 @@ public ResponseEntity<TokensDto> refresh(
             Optional<RefreshToken> refreshToken = RefreshToken.fromTokenString(refreshTokenRequest.getRefreshToken());
 
             if (!accessToken.isPresent()) {
-                throw new InvalidException("Authorization Header does not contain a Valid AccessToken");
+                throw new Exceptions.InvalidException("Authorization Header does not contain a Valid AccessToken");
             } else if (!refreshToken.isPresent()) {
-                throw new InvalidException("RefreshToken is not a Valid Token");
+                throw new Exceptions.InvalidException("RefreshToken is not a Valid Token");
             }
 
             AccessToken newAccessToken = refreshTokenService.devaluate(refreshToken.get(), accessToken.get());
             RefreshToken newRefreshToken = refreshTokenService.create(newAccessToken);
 
             return ResponseEntity.ok(new TokensDto(newAccessToken.toTokenString(), newRefreshToken.toTokenString()));
-        } catch (JWTVerificationException | ExpiredException | InvalidException | IllegalArgumentException
-                | AuthenticationException err) {
+        } catch (JWTVerificationException | Exceptions.ExpiredException | Exceptions.InvalidException | IllegalArgumentException
+                 | AuthenticationException err) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
         }
     }
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/controller/UserController.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/UserController.java
similarity index 75%
rename from securety_api/src/main/java/com/secure_use_api/rest/controller/UserController.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/UserController.java
index e400569..2d53a50 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/controller/UserController.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/UserController.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.controller;
+package org.tzi.use.api_security.rest.controller;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
@@ -8,11 +8,11 @@
 
 import org.springframework.security.core.context.SecurityContextHolder;
 
-import com.secure_use_api.rest.dto.ResourceLimitLeftDto;
-import com.secure_use_api.rest.middleware.ResourceLimitMiddleware.ResourceLimited;
-import com.secure_use_api.rest.service.UserService;
-import com.secure_use_api.security.RequireScope;
-import com.secure_use_api.security.UserAuthentication;
+import org.tzi.use.api_security.rest.dto.ResourceLimitLeftDto;
+import org.tzi.use.api_security.rest.middleware.ResourceLimitMiddleware;
+import org.tzi.use.api_security.rest.service.UserService;
+import org.tzi.use.api_security.security.RequireScope;
+import org.tzi.use.api_security.security.UserAuthentication;
 
 @RestController
 @RequestMapping("user")
@@ -22,7 +22,7 @@ public class UserController {
     private UserService userService;
 
     @GetMapping(path = "longRun")
-    @ResourceLimited
+    @ResourceLimitMiddleware.ResourceLimited
     public ResponseEntity<String> longRunningTask() {
         try {
             // Simulate a long-running task (e.g., 20 seconds)
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/IdActionDto.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/IdActionDto.java
similarity index 91%
rename from securety_api/src/main/java/com/secure_use_api/rest/dto/IdActionDto.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/IdActionDto.java
index 09148f4..167d112 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/dto/IdActionDto.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/IdActionDto.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.dto;
+package org.tzi.use.api_security.rest.dto;
 
 import java.util.UUID;
 
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/RefreshTokenDto.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/RefreshTokenDto.java
similarity index 92%
rename from securety_api/src/main/java/com/secure_use_api/rest/dto/RefreshTokenDto.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/RefreshTokenDto.java
index 8558de8..f5e48db 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/dto/RefreshTokenDto.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/RefreshTokenDto.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.dto;
+package org.tzi.use.api_security.rest.dto;
 
 import jakarta.validation.constraints.NotEmpty;
 import jakarta.validation.constraints.NotNull;
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/ResourceLimitLeftDto.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/ResourceLimitLeftDto.java
similarity index 93%
rename from securety_api/src/main/java/com/secure_use_api/rest/dto/ResourceLimitLeftDto.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/ResourceLimitLeftDto.java
index adee85b..0bb251b 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/dto/ResourceLimitLeftDto.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/ResourceLimitLeftDto.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.dto;
+package org.tzi.use.api_security.rest.dto;
 
 import jakarta.validation.constraints.Max;
 import jakarta.validation.constraints.Min;
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/TokensDto.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/TokensDto.java
similarity index 92%
rename from securety_api/src/main/java/com/secure_use_api/rest/dto/TokensDto.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/TokensDto.java
index 97988c8..6d7eb42 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/dto/TokensDto.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/TokensDto.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.dto;
+package org.tzi.use.api_security.rest.dto;
 
 import jakarta.validation.constraints.NotNull;
 import jakarta.validation.constraints.Size;
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/UserLoginDto.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/UserLoginDto.java
similarity index 94%
rename from securety_api/src/main/java/com/secure_use_api/rest/dto/UserLoginDto.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/UserLoginDto.java
index c35871b..ea44a5c 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/dto/UserLoginDto.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/UserLoginDto.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.dto;
+package org.tzi.use.api_security.rest.dto;
 
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.NotEmpty;
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/dto/UserRegistrationDto.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/UserRegistrationDto.java
similarity index 94%
rename from securety_api/src/main/java/com/secure_use_api/rest/dto/UserRegistrationDto.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/UserRegistrationDto.java
index 70e9190..8ceb51c 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/dto/UserRegistrationDto.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/dto/UserRegistrationDto.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.dto;
+package org.tzi.use.api_security.rest.dto;
 
 import jakarta.validation.constraints.Email;
 import jakarta.validation.constraints.NotEmpty;
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuditLogMiddleware.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuditLogMiddleware.java
similarity index 96%
rename from securety_api/src/main/java/com/secure_use_api/rest/middleware/AuditLogMiddleware.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuditLogMiddleware.java
index 4350f43..ab8b571 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuditLogMiddleware.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuditLogMiddleware.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.middleware;
+package org.tzi.use.api_security.rest.middleware;
 
 import java.io.IOException;
 import java.time.OffsetDateTime;
@@ -14,7 +14,7 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import com.secure_use_api.security.UserAuthentication;
+import org.tzi.use.api_security.security.UserAuthentication;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthenticationMiddleware.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthenticationMiddleware.java
similarity index 80%
rename from securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthenticationMiddleware.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthenticationMiddleware.java
index 1fb2668..4622e2d 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthenticationMiddleware.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthenticationMiddleware.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.middleware;
+package org.tzi.use.api_security.rest.middleware;
 
 import java.io.IOException;
 import java.util.Optional;
@@ -13,13 +13,12 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import com.secure_use_api.exceptions.ExceptionResponse;
-import com.secure_use_api.exceptions.Exceptions.ExpiredException;
-import com.secure_use_api.exceptions.Exceptions.InvalidException;
-import com.secure_use_api.rest.service.ApiTokenService;
-import com.secure_use_api.security.UserAuthentication;
-import com.secure_use_api.token.AccessToken;
-import com.secure_use_api.token.ApiToken;
+import org.tzi.use.api_security.exceptions.ExceptionResponse;
+import org.tzi.use.api_security.exceptions.Exceptions;
+import org.tzi.use.api_security.rest.service.ApiTokenService;
+import org.tzi.use.api_security.security.UserAuthentication;
+import org.tzi.use.api_security.token.AccessToken;
+import org.tzi.use.api_security.token.ApiToken;
 
 @Component
 public class AuthenticationMiddleware extends OncePerRequestFilter {
@@ -46,7 +45,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                 Optional<ApiToken> apiToken;
 
                 if (!accessTokenOptional.isPresent()) {
-                    throw new InvalidException("Authorization Header does not contain a Valid AccessToken");
+                    throw new Exceptions.InvalidException("Authorization Header does not contain a Valid AccessToken");
                 }
 
                 accessToken = accessTokenOptional.get();
@@ -57,7 +56,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                     // Since ApiTokens don't have an expire time, we check presents in db to make
                     // them manually revokable by removing
                     if (this.service.get(accessToken.getUid(), accessToken.getUserId()).isEmpty()) {
-                        throw new ExpiredException("Token has expire");
+                        throw new Exceptions.ExpiredException("Token has expire");
                     }
                 }
 
@@ -65,7 +64,7 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
                         accessToken.getRoles());
 
                 SecurityContextHolder.getContext().setAuthentication(user);
-            } catch (InvalidException | ExpiredException e) {
+            } catch (Exceptions.InvalidException | Exceptions.ExpiredException e) {
                 ExceptionResponse exRes = new ExceptionResponse(HttpStatus.UNAUTHORIZED, "Authentication Token wrong",
                         request.getRequestURI());
 
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthorizationMiddleware.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthorizationMiddleware.java
similarity index 90%
rename from securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthorizationMiddleware.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthorizationMiddleware.java
index 8dd048e..550f1bf 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/middleware/AuthorizationMiddleware.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthorizationMiddleware.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.middleware;
+package org.tzi.use.api_security.rest.middleware;
 
 import java.io.IOException;
 import java.lang.reflect.Method;
@@ -11,10 +11,10 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import com.secure_use_api.exceptions.ExceptionResponse;
-import com.secure_use_api.security.RequireScope;
-import com.secure_use_api.security.Role;
-import com.secure_use_api.security.UserAuthentication;
+import org.tzi.use.api_security.exceptions.ExceptionResponse;
+import org.tzi.use.api_security.security.RequireScope;
+import org.tzi.use.api_security.security.Role;
+import org.tzi.use.api_security.security.UserAuthentication;
 
 import org.springframework.web.servlet.HandlerInterceptor;
 
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/ExceptionHandlerMiddleware.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/ExceptionHandlerMiddleware.java
similarity index 88%
rename from securety_api/src/main/java/com/secure_use_api/rest/middleware/ExceptionHandlerMiddleware.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/ExceptionHandlerMiddleware.java
index dc1dee6..780403c 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/middleware/ExceptionHandlerMiddleware.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/ExceptionHandlerMiddleware.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.middleware;
+package org.tzi.use.api_security.rest.middleware;
 
 import java.io.IOException;
 
@@ -9,7 +9,7 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import com.secure_use_api.exceptions.ExceptionResponse;
+import org.tzi.use.api_security.exceptions.ExceptionResponse;
 
 // Allows Filters to throw the custom ExceptionResponse which is written to the response and is made to be read by the client
 @Component
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/RateLimitMiddleware.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/RateLimitMiddleware.java
similarity index 89%
rename from securety_api/src/main/java/com/secure_use_api/rest/middleware/RateLimitMiddleware.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/RateLimitMiddleware.java
index 5c824cc..c4b36fa 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/middleware/RateLimitMiddleware.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/RateLimitMiddleware.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.middleware;
+package org.tzi.use.api_security.rest.middleware;
 
 import java.io.IOException;
 
@@ -12,8 +12,8 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import com.secure_use_api.exceptions.ExceptionResponse;
-import com.secure_use_api.util.Config;
+import org.tzi.use.api_security.exceptions.ExceptionResponse;
+import org.tzi.use.api_security.util.Config;
 
 @Component
 public class RateLimitMiddleware extends OncePerRequestFilter {
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/middleware/ResourceLimitMiddleware.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/ResourceLimitMiddleware.java
similarity index 93%
rename from securety_api/src/main/java/com/secure_use_api/rest/middleware/ResourceLimitMiddleware.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/ResourceLimitMiddleware.java
index d955a65..2aa7d0f 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/middleware/ResourceLimitMiddleware.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/ResourceLimitMiddleware.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.middleware;
+package org.tzi.use.api_security.rest.middleware;
 
 import java.io.IOException;
 import java.lang.annotation.ElementType;
@@ -20,9 +20,9 @@
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import com.secure_use_api.exceptions.ExceptionResponse;
-import com.secure_use_api.rest.service.UserService;
-import com.secure_use_api.security.UserAuthentication;
+import org.tzi.use.api_security.exceptions.ExceptionResponse;
+import org.tzi.use.api_security.rest.service.UserService;
+import org.tzi.use.api_security.security.UserAuthentication;
 
 @Component
 public class ResourceLimitMiddleware implements HandlerInterceptor {
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/service/ApiTokenService.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/ApiTokenService.java
similarity index 87%
rename from securety_api/src/main/java/com/secure_use_api/rest/service/ApiTokenService.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/ApiTokenService.java
index 049745c..6c4495a 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/service/ApiTokenService.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/ApiTokenService.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.service;
+package org.tzi.use.api_security.rest.service;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -9,10 +9,10 @@
 import org.springframework.stereotype.Service;
 
 import jakarta.transaction.Transactional;
-import com.secure_use_api.model.ApiTokenModel;
-import com.secure_use_api.repository.ApiTokenRepository;
-import com.secure_use_api.security.Role;
-import com.secure_use_api.token.ApiToken;
+import org.tzi.use.api_security.model.ApiTokenModel;
+import org.tzi.use.api_security.repository.ApiTokenRepository;
+import org.tzi.use.api_security.security.Role;
+import org.tzi.use.api_security.token.ApiToken;
 
 @Service
 public class ApiTokenService {
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/service/AuthenticationService.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/AuthenticationService.java
similarity index 83%
rename from securety_api/src/main/java/com/secure_use_api/rest/service/AuthenticationService.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/AuthenticationService.java
index ac646dd..a8fbac4 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/service/AuthenticationService.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/AuthenticationService.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.service;
+package org.tzi.use.api_security.rest.service;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationManager;
@@ -10,14 +10,14 @@
 import de.mkammerer.argon2.Argon2;
 import de.mkammerer.argon2.Argon2Factory;
 import jakarta.transaction.Transactional;
-import com.secure_use_api.exceptions.Exceptions.UserAlreadyExists;
-import com.secure_use_api.model.UserMetaModel;
-import com.secure_use_api.model.UserSecurityModel;
-import com.secure_use_api.repository.UserMetaRepository;
-import com.secure_use_api.repository.UserSecurityRepository;
-import com.secure_use_api.security.Role;
-import com.secure_use_api.security.UserDetailsImpl;
-import com.secure_use_api.token.AccessToken;
+import org.tzi.use.api_security.repository.UserSecurityRepository;
+import org.tzi.use.api_security.exceptions.Exceptions.UserAlreadyExists;
+import org.tzi.use.api_security.model.UserMetaModel;
+import org.tzi.use.api_security.model.UserSecurityModel;
+import org.tzi.use.api_security.repository.UserMetaRepository;
+import org.tzi.use.api_security.security.Role;
+import org.tzi.use.api_security.security.UserDetailsImpl;
+import org.tzi.use.api_security.token.AccessToken;
 
 import java.util.ArrayList;
 import java.util.Collection;
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/service/RefreshTokenService.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/RefreshTokenService.java
similarity index 79%
rename from securety_api/src/main/java/com/secure_use_api/rest/service/RefreshTokenService.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/RefreshTokenService.java
index e9745e1..05badf4 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/service/RefreshTokenService.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/RefreshTokenService.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.service;
+package org.tzi.use.api_security.rest.service;
 
 import java.sql.Timestamp;
 import java.util.Date;
@@ -7,12 +7,12 @@
 import org.springframework.stereotype.Service;
 
 import jakarta.transaction.Transactional;
-import com.secure_use_api.exceptions.Exceptions.ExpiredException;
-import com.secure_use_api.exceptions.Exceptions.InvalidException;
-import com.secure_use_api.model.RefreshTokenModel;
-import com.secure_use_api.repository.RefreshTokenRepository;
-import com.secure_use_api.token.AccessToken;
-import com.secure_use_api.token.RefreshToken;
+import org.tzi.use.api_security.exceptions.Exceptions.ExpiredException;
+import org.tzi.use.api_security.exceptions.Exceptions.InvalidException;
+import org.tzi.use.api_security.model.RefreshTokenModel;
+import org.tzi.use.api_security.repository.RefreshTokenRepository;
+import org.tzi.use.api_security.token.AccessToken;
+import org.tzi.use.api_security.token.RefreshToken;
 
 @Service
 public class RefreshTokenService {
diff --git a/securety_api/src/main/java/com/secure_use_api/rest/service/UserService.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/UserService.java
similarity index 90%
rename from securety_api/src/main/java/com/secure_use_api/rest/service/UserService.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/UserService.java
index 86fa310..7bb3651 100644
--- a/securety_api/src/main/java/com/secure_use_api/rest/service/UserService.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/service/UserService.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.rest.service;
+package org.tzi.use.api_security.rest.service;
 
 import java.sql.Timestamp;
 import java.time.Instant;
@@ -10,11 +10,11 @@
 import org.springframework.stereotype.Service;
 
 import jakarta.transaction.Transactional;
-import com.secure_use_api.model.UserAdditionsModel;
-import com.secure_use_api.model.UserMetaModel;
-import com.secure_use_api.repository.UserAdditionsRepository;
-import com.secure_use_api.repository.UserMetaRepository;
-import com.secure_use_api.util.Config;
+import org.tzi.use.api_security.model.UserAdditionsModel;
+import org.tzi.use.api_security.model.UserMetaModel;
+import org.tzi.use.api_security.repository.UserAdditionsRepository;
+import org.tzi.use.api_security.repository.UserMetaRepository;
+import org.tzi.use.api_security.util.Config;
 
 @Service
 public class UserService {
diff --git a/securety_api/src/main/java/com/secure_use_api/security/CustomAuthProvider.java b/secure-use-api/src/main/java/org/tzi/use/api_security/security/CustomAuthProvider.java
similarity index 88%
rename from securety_api/src/main/java/com/secure_use_api/security/CustomAuthProvider.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/security/CustomAuthProvider.java
index fb2e99c..8641789 100644
--- a/securety_api/src/main/java/com/secure_use_api/security/CustomAuthProvider.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/security/CustomAuthProvider.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.security;
+package org.tzi.use.api_security.security;
 
 import java.sql.Timestamp;
 import java.util.Date;
@@ -14,11 +14,11 @@
 
 import de.mkammerer.argon2.Argon2;
 import de.mkammerer.argon2.Argon2Factory;
-import com.secure_use_api.model.UserComposite;
-import com.secure_use_api.model.UserMetaModel;
-import com.secure_use_api.model.UserSecurityModel;
-import com.secure_use_api.repository.UserMetaRepository;
-import com.secure_use_api.repository.UserSecurityRepository;
+import org.tzi.use.api_security.repository.UserSecurityRepository;
+import org.tzi.use.api_security.model.UserComposite;
+import org.tzi.use.api_security.model.UserMetaModel;
+import org.tzi.use.api_security.model.UserSecurityModel;
+import org.tzi.use.api_security.repository.UserMetaRepository;
 
 @Component
 public class CustomAuthProvider implements AuthenticationProvider {
diff --git a/securety_api/src/main/java/com/secure_use_api/security/RequireScope.java b/secure-use-api/src/main/java/org/tzi/use/api_security/security/RequireScope.java
similarity index 88%
rename from securety_api/src/main/java/com/secure_use_api/security/RequireScope.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/security/RequireScope.java
index 3569b7c..348f0e7 100644
--- a/securety_api/src/main/java/com/secure_use_api/security/RequireScope.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/security/RequireScope.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.security;
+package org.tzi.use.api_security.security;
 
 import java.lang.annotation.Retention;
 import java.lang.annotation.Target;
diff --git a/securety_api/src/main/java/com/secure_use_api/security/Role.java b/secure-use-api/src/main/java/org/tzi/use/api_security/security/Role.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/security/Role.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/security/Role.java
index 000ac4b..f48c9aa 100644
--- a/securety_api/src/main/java/com/secure_use_api/security/Role.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/security/Role.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.security;
+package org.tzi.use.api_security.security;
 
 import java.util.ArrayList;
 import java.util.Arrays;
diff --git a/securety_api/src/main/java/com/secure_use_api/security/SecurityConfig.java b/secure-use-api/src/main/java/org/tzi/use/api_security/security/SecurityConfig.java
similarity index 84%
rename from securety_api/src/main/java/com/secure_use_api/security/SecurityConfig.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/security/SecurityConfig.java
index d3c1f8b..05cee34 100644
--- a/securety_api/src/main/java/com/secure_use_api/security/SecurityConfig.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/security/SecurityConfig.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.security;
+package org.tzi.use.api_security.security;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
@@ -13,14 +13,14 @@
 import org.springframework.security.web.context.SecurityContextHolderFilter;
 import org.springframework.security.web.session.DisableEncodeUrlFilter;
 
-import com.secure_use_api.exceptions.CustomAuthenticationEntryPoint;
-import com.secure_use_api.rest.middleware.AuditLogMiddleware;
-import com.secure_use_api.rest.middleware.AuthenticationMiddleware;
-import com.secure_use_api.rest.middleware.ExceptionHandlerMiddleware;
-import com.secure_use_api.rest.middleware.RateLimitMiddleware;
+import org.tzi.use.api_security.exceptions.CustomAuthenticationEntryPoint;
+import org.tzi.use.api_security.rest.middleware.AuditLogMiddleware;
+import org.tzi.use.api_security.rest.middleware.AuthenticationMiddleware;
+import org.tzi.use.api_security.rest.middleware.ExceptionHandlerMiddleware;
+import org.tzi.use.api_security.rest.middleware.RateLimitMiddleware;
 
 @Configuration
-@EnableWebSecurity(debug = true)
+@EnableWebSecurity
 public class SecurityConfig {
 	@Autowired
 	private ExceptionHandlerMiddleware exceptionHandlerMiddleware;
@@ -47,8 +47,9 @@ public AuthenticationManager authenticationManager(AuthenticationConfiguration a
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		http.csrf(csrf -> csrf.disable()) // disable crsf because we are stateless (no cookies for authentication)
 			.authorizeHttpRequests((request) -> request
-					.requestMatchers(HttpMethod.GET, "/h2-console/**").permitAll()
-					.requestMatchers(HttpMethod.POST, "/auth/register", "/auth/login", "/h2-console/**").permitAll()
+					// .requestMatchers(HttpMethod.GET, "/h2-console/**").permitAll()
+					// .requestMatchers(HttpMethod.POST, "/h2-console/**").permitAll()
+					.requestMatchers(HttpMethod.POST, "/auth/register", "/auth/login").permitAll()
 					.requestMatchers(HttpMethod.PUT, "/auth/login").permitAll()
 					.requestMatchers("/error").permitAll()
 					.anyRequest().authenticated()) // Require all request except the above to be authenticated
diff --git a/securety_api/src/main/java/com/secure_use_api/security/UserAuthentication.java b/secure-use-api/src/main/java/org/tzi/use/api_security/security/UserAuthentication.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/security/UserAuthentication.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/security/UserAuthentication.java
index 0cfe793..2348113 100644
--- a/securety_api/src/main/java/com/secure_use_api/security/UserAuthentication.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/security/UserAuthentication.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.security;
+package org.tzi.use.api_security.security;
 
 import java.util.ArrayList;
 import java.util.Collection;
diff --git a/securety_api/src/main/java/com/secure_use_api/security/UserDetailsImpl.java b/secure-use-api/src/main/java/org/tzi/use/api_security/security/UserDetailsImpl.java
similarity index 94%
rename from securety_api/src/main/java/com/secure_use_api/security/UserDetailsImpl.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/security/UserDetailsImpl.java
index 0b67f41..3574914 100644
--- a/securety_api/src/main/java/com/secure_use_api/security/UserDetailsImpl.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/security/UserDetailsImpl.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.security;
+package org.tzi.use.api_security.security;
 
 import java.util.Collection;
 import java.util.List;
@@ -9,7 +9,7 @@
 
 import com.fasterxml.jackson.annotation.JsonIgnore;
 
-import com.secure_use_api.model.UserComposite;
+import org.tzi.use.api_security.model.UserComposite;
 
 public class UserDetailsImpl implements UserDetails {
 
diff --git a/securety_api/src/main/java/com/secure_use_api/security/WebConfig.java b/secure-use-api/src/main/java/org/tzi/use/api_security/security/WebConfig.java
similarity index 88%
rename from securety_api/src/main/java/com/secure_use_api/security/WebConfig.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/security/WebConfig.java
index 74cd505..0424f57 100644
--- a/securety_api/src/main/java/com/secure_use_api/security/WebConfig.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/security/WebConfig.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.security;
+package org.tzi.use.api_security.security;
 
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
@@ -6,8 +6,8 @@
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
-import com.secure_use_api.rest.middleware.AuthorizationMiddleware;
-import com.secure_use_api.rest.middleware.ResourceLimitMiddleware;
+import org.tzi.use.api_security.rest.middleware.AuthorizationMiddleware;
+import org.tzi.use.api_security.rest.middleware.ResourceLimitMiddleware;
 
 @Configuration
 public class WebConfig implements WebMvcConfigurer {
diff --git a/securety_api/src/main/java/com/secure_use_api/token/AbstractToken.java b/secure-use-api/src/main/java/org/tzi/use/api_security/token/AbstractToken.java
similarity index 88%
rename from securety_api/src/main/java/com/secure_use_api/token/AbstractToken.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/token/AbstractToken.java
index 907d6e0..e8feed2 100644
--- a/securety_api/src/main/java/com/secure_use_api/token/AbstractToken.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/token/AbstractToken.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.token;
+package org.tzi.use.api_security.token;
 
 import java.lang.reflect.Type;
 import java.util.Map;
diff --git a/securety_api/src/main/java/com/secure_use_api/token/AccessToken.java b/secure-use-api/src/main/java/org/tzi/use/api_security/token/AccessToken.java
similarity index 96%
rename from securety_api/src/main/java/com/secure_use_api/token/AccessToken.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/token/AccessToken.java
index 13ad6b8..8c6ffdf 100644
--- a/securety_api/src/main/java/com/secure_use_api/token/AccessToken.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/token/AccessToken.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.token;
+package org.tzi.use.api_security.token;
 
 import java.util.Date;
 import java.util.HashMap;
@@ -9,8 +9,8 @@
 import java.util.stream.Collectors;
 
 import com.google.gson.Gson;
-import com.secure_use_api.security.Role;
-import com.secure_use_api.util.Config;
+import org.tzi.use.api_security.security.Role;
+import org.tzi.use.api_security.util.Config;
 
 public class AccessToken extends AbstractToken {
     static long expirationTime = 720000;
diff --git a/securety_api/src/main/java/com/secure_use_api/token/ApiToken.java b/secure-use-api/src/main/java/org/tzi/use/api_security/token/ApiToken.java
similarity index 92%
rename from securety_api/src/main/java/com/secure_use_api/token/ApiToken.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/token/ApiToken.java
index 0240120..20f9fbd 100644
--- a/securety_api/src/main/java/com/secure_use_api/token/ApiToken.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/token/ApiToken.java
@@ -1,10 +1,10 @@
-package com.secure_use_api.token;
+package org.tzi.use.api_security.token;
 
 import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 
-import com.secure_use_api.security.Role;
+import org.tzi.use.api_security.security.Role;
 
 public class ApiToken extends AccessToken {
     public static Optional<ApiToken> fromAccessToken(AccessToken accessToken) {
diff --git a/securety_api/src/main/java/com/secure_use_api/token/JwtHandler.java b/secure-use-api/src/main/java/org/tzi/use/api_security/token/JwtHandler.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/token/JwtHandler.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/token/JwtHandler.java
index b78a2c0..56d9625 100644
--- a/securety_api/src/main/java/com/secure_use_api/token/JwtHandler.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/token/JwtHandler.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.token;
+package org.tzi.use.api_security.token;
 
 import java.lang.reflect.Type;
 import java.util.Base64;
diff --git a/securety_api/src/main/java/com/secure_use_api/token/PasetoHandler.java b/secure-use-api/src/main/java/org/tzi/use/api_security/token/PasetoHandler.java
similarity index 93%
rename from securety_api/src/main/java/com/secure_use_api/token/PasetoHandler.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/token/PasetoHandler.java
index 6de87ea..3d2bf1b 100644
--- a/securety_api/src/main/java/com/secure_use_api/token/PasetoHandler.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/token/PasetoHandler.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.token;
+package org.tzi.use.api_security.token;
 
 import java.util.Map;
 import java.util.Optional;
diff --git a/securety_api/src/main/java/com/secure_use_api/token/RefreshToken.java b/secure-use-api/src/main/java/org/tzi/use/api_security/token/RefreshToken.java
similarity index 97%
rename from securety_api/src/main/java/com/secure_use_api/token/RefreshToken.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/token/RefreshToken.java
index 480b77f..b76ba98 100644
--- a/securety_api/src/main/java/com/secure_use_api/token/RefreshToken.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/token/RefreshToken.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.token;
+package org.tzi.use.api_security.token;
 
 import java.util.Date;
 import java.util.HashMap;
@@ -7,7 +7,7 @@
 import java.util.UUID;
 
 import com.google.gson.Gson;
-import com.secure_use_api.util.Config;
+import org.tzi.use.api_security.util.Config;
 
 public class RefreshToken extends AbstractToken {
     static long expirationTime = 2592000000L; // 30 day
diff --git a/securety_api/src/main/java/com/secure_use_api/token/SimpleTokenStringHandler.java b/secure-use-api/src/main/java/org/tzi/use/api_security/token/SimpleTokenStringHandler.java
similarity index 84%
rename from securety_api/src/main/java/com/secure_use_api/token/SimpleTokenStringHandler.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/token/SimpleTokenStringHandler.java
index e07587d..cbc38bd 100644
--- a/securety_api/src/main/java/com/secure_use_api/token/SimpleTokenStringHandler.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/token/SimpleTokenStringHandler.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.token;
+package org.tzi.use.api_security.token;
 
 import java.util.Map;
 import java.util.Optional;
diff --git a/securety_api/src/main/java/com/secure_use_api/util/Config.java b/secure-use-api/src/main/java/org/tzi/use/api_security/util/Config.java
similarity index 95%
rename from securety_api/src/main/java/com/secure_use_api/util/Config.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/util/Config.java
index 58e6724..caba5f4 100644
--- a/securety_api/src/main/java/com/secure_use_api/util/Config.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/util/Config.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.util;
+package org.tzi.use.api_security.util;
 
 import io.github.cdimascio.dotenv.Dotenv;
 
diff --git a/securety_api/src/main/java/com/secure_use_api/util/HibernateUtil.java b/secure-use-api/src/main/java/org/tzi/use/api_security/util/HibernateUtil.java
similarity index 94%
rename from securety_api/src/main/java/com/secure_use_api/util/HibernateUtil.java
rename to secure-use-api/src/main/java/org/tzi/use/api_security/util/HibernateUtil.java
index bfaff90..61cb724 100644
--- a/securety_api/src/main/java/com/secure_use_api/util/HibernateUtil.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/util/HibernateUtil.java
@@ -1,4 +1,4 @@
-package com.secure_use_api.util;
+package org.tzi.use.api_security.util;
 
 import org.hibernate.Session;
 import org.hibernate.SessionFactory;
diff --git a/use-api/src/main/java/org/tzi/use/DTO/AggregationTypeDTO.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AggregationTypeDTO.java
similarity index 90%
rename from use-api/src/main/java/org/tzi/use/DTO/AggregationTypeDTO.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AggregationTypeDTO.java
index 43f8e7a..4cd2a27 100644
--- a/use-api/src/main/java/org/tzi/use/DTO/AggregationTypeDTO.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AggregationTypeDTO.java
@@ -1,4 +1,4 @@
-package org.tzi.use.DTO;
+package org.tzi.use.use_logic.DTO;
 
 public enum AggregationTypeDTO {
     NONE("association"),
diff --git a/use-api/src/main/java/org/tzi/use/DTO/AssociationDTO.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AssociationDTO.java
similarity index 93%
rename from use-api/src/main/java/org/tzi/use/DTO/AssociationDTO.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AssociationDTO.java
index f6e96e9..3a79f01 100644
--- a/use-api/src/main/java/org/tzi/use/DTO/AssociationDTO.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AssociationDTO.java
@@ -1,4 +1,4 @@
-package org.tzi.use.DTO;
+package org.tzi.use.use_logic.DTO;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/DTO/AttributeDTO.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AttributeDTO.java
similarity index 86%
rename from use-api/src/main/java/org/tzi/use/DTO/AttributeDTO.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AttributeDTO.java
index 8640f9a..23d6ffc 100644
--- a/use-api/src/main/java/org/tzi/use/DTO/AttributeDTO.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/AttributeDTO.java
@@ -1,4 +1,4 @@
-package org.tzi.use.DTO;
+package org.tzi.use.use_logic.DTO;
 
 import lombok.Data;
 import lombok.NoArgsConstructor;
diff --git a/use-api/src/main/java/org/tzi/use/DTO/ClassDTO.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/ClassDTO.java
similarity index 91%
rename from use-api/src/main/java/org/tzi/use/DTO/ClassDTO.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/ClassDTO.java
index e9d194f..23900eb 100644
--- a/use-api/src/main/java/org/tzi/use/DTO/ClassDTO.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/ClassDTO.java
@@ -1,4 +1,4 @@
-package org.tzi.use.DTO;
+package org.tzi.use.use_logic.DTO;
 
 import lombok.*;
 
diff --git a/use-api/src/main/java/org/tzi/use/DTO/InvariantDTO.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/InvariantDTO.java
similarity index 88%
rename from use-api/src/main/java/org/tzi/use/DTO/InvariantDTO.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/InvariantDTO.java
index 5a4d51a..0e64936 100644
--- a/use-api/src/main/java/org/tzi/use/DTO/InvariantDTO.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/InvariantDTO.java
@@ -1,4 +1,4 @@
-package org.tzi.use.DTO;
+package org.tzi.use.use_logic.DTO;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/DTO/ModelDTO.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/ModelDTO.java
similarity index 73%
rename from use-api/src/main/java/org/tzi/use/DTO/ModelDTO.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/ModelDTO.java
index 9e61a79..d060eb0 100644
--- a/use-api/src/main/java/org/tzi/use/DTO/ModelDTO.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/ModelDTO.java
@@ -1,9 +1,9 @@
-package org.tzi.use.DTO;
+package org.tzi.use.use_logic.DTO;
 
 import lombok.*;
-import org.tzi.use.entities.AssociationNTT;
-import org.tzi.use.entities.InvariantNTT;
-import org.tzi.use.entities.PrePostConditionNTT;
+import org.tzi.use.use_logic.entities.AssociationNTT;
+import org.tzi.use.use_logic.entities.InvariantNTT;
+import org.tzi.use.use_logic.entities.PrePostConditionNTT;
 
 import java.util.ArrayList;
 import java.util.List;
diff --git a/use-api/src/main/java/org/tzi/use/DTO/OperationDTO.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/OperationDTO.java
similarity index 88%
rename from use-api/src/main/java/org/tzi/use/DTO/OperationDTO.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/OperationDTO.java
index e7d59c0..7221a6b 100644
--- a/use-api/src/main/java/org/tzi/use/DTO/OperationDTO.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/OperationDTO.java
@@ -1,4 +1,4 @@
-package org.tzi.use.DTO;
+package org.tzi.use.use_logic.DTO;
 
 import lombok.Data;
 import lombok.NoArgsConstructor;
diff --git a/use-api/src/main/java/org/tzi/use/DTO/PrePostConditionDTO.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/PrePostConditionDTO.java
similarity index 89%
rename from use-api/src/main/java/org/tzi/use/DTO/PrePostConditionDTO.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/PrePostConditionDTO.java
index ce81034..d0434ae 100644
--- a/use-api/src/main/java/org/tzi/use/DTO/PrePostConditionDTO.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/DTO/PrePostConditionDTO.java
@@ -1,4 +1,4 @@
-package org.tzi.use.DTO;
+package org.tzi.use.use_logic.DTO;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/GlobalExceptionHandler.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/GlobalExceptionHandler.java
similarity index 99%
rename from use-api/src/main/java/org/tzi/use/GlobalExceptionHandler.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/GlobalExceptionHandler.java
index 0d47155..82378df 100644
--- a/use-api/src/main/java/org/tzi/use/GlobalExceptionHandler.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/GlobalExceptionHandler.java
@@ -1,4 +1,4 @@
-package org.tzi.use;
+package org.tzi.use.use_logic;
 
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.http.HttpStatus;
diff --git a/use-api/src/main/java/org/tzi/use/OpenApiConfig.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/OpenApiConfig.java
similarity index 96%
rename from use-api/src/main/java/org/tzi/use/OpenApiConfig.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/OpenApiConfig.java
index ce8f2cf..1153347 100644
--- a/use-api/src/main/java/org/tzi/use/OpenApiConfig.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/OpenApiConfig.java
@@ -1,4 +1,4 @@
-package org.tzi.use;
+package org.tzi.use.use_logic;
 
 import io.swagger.v3.oas.annotations.OpenAPIDefinition;
 import io.swagger.v3.oas.annotations.info.Contact;
diff --git a/use-api/src/main/java/org/tzi/use/UseModelFacade.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/UseModelFacade.java
similarity index 98%
rename from use-api/src/main/java/org/tzi/use/UseModelFacade.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/UseModelFacade.java
index 627753c..faf1784 100644
--- a/use-api/src/main/java/org/tzi/use/UseModelFacade.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/UseModelFacade.java
@@ -1,9 +1,9 @@
-package org.tzi.use;
+package org.tzi.use.use_logic;
 
 import org.springframework.stereotype.Component;
 import org.tzi.use.api.UseApiException;
 import org.tzi.use.api.UseModelApi;
-import org.tzi.use.entities.*;
+import org.tzi.use.use_logic.entities.*;
 
 import java.util.HashMap;
 import java.util.Map;
diff --git a/use-api/src/main/java/org/tzi/use/entities/AggregationTypeNTT.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AggregationTypeNTT.java
similarity index 89%
rename from use-api/src/main/java/org/tzi/use/entities/AggregationTypeNTT.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AggregationTypeNTT.java
index 283875f..367f947 100644
--- a/use-api/src/main/java/org/tzi/use/entities/AggregationTypeNTT.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AggregationTypeNTT.java
@@ -1,4 +1,4 @@
-package org.tzi.use.entities;
+package org.tzi.use.use_logic.entities;
 
 public enum AggregationTypeNTT {
     NONE("association"),
diff --git a/use-api/src/main/java/org/tzi/use/entities/AssociationNTT.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AssociationNTT.java
similarity index 92%
rename from use-api/src/main/java/org/tzi/use/entities/AssociationNTT.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AssociationNTT.java
index ae7956d..ca017dc 100644
--- a/use-api/src/main/java/org/tzi/use/entities/AssociationNTT.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AssociationNTT.java
@@ -1,4 +1,4 @@
-package org.tzi.use.entities;
+package org.tzi.use.use_logic.entities;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/entities/AttributeNTT.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AttributeNTT.java
similarity index 84%
rename from use-api/src/main/java/org/tzi/use/entities/AttributeNTT.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AttributeNTT.java
index 16bf702..6a16f00 100644
--- a/use-api/src/main/java/org/tzi/use/entities/AttributeNTT.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/AttributeNTT.java
@@ -1,4 +1,4 @@
-package org.tzi.use.entities;
+package org.tzi.use.use_logic.entities;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/entities/ClassNTT.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/ClassNTT.java
similarity index 91%
rename from use-api/src/main/java/org/tzi/use/entities/ClassNTT.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/entities/ClassNTT.java
index 75b7349..0555d98 100644
--- a/use-api/src/main/java/org/tzi/use/entities/ClassNTT.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/ClassNTT.java
@@ -1,4 +1,4 @@
-package org.tzi.use.entities;
+package org.tzi.use.use_logic.entities;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/entities/InvariantNTT.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/InvariantNTT.java
similarity index 86%
rename from use-api/src/main/java/org/tzi/use/entities/InvariantNTT.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/entities/InvariantNTT.java
index 8b0ef79..5fc09ad 100644
--- a/use-api/src/main/java/org/tzi/use/entities/InvariantNTT.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/InvariantNTT.java
@@ -1,4 +1,4 @@
-package org.tzi.use.entities;
+package org.tzi.use.use_logic.entities;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/entities/ModelNTT.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/ModelNTT.java
similarity index 90%
rename from use-api/src/main/java/org/tzi/use/entities/ModelNTT.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/entities/ModelNTT.java
index a59bc39..49da57d 100644
--- a/use-api/src/main/java/org/tzi/use/entities/ModelNTT.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/ModelNTT.java
@@ -1,11 +1,11 @@
-package org.tzi.use.entities;
+package org.tzi.use.use_logic.entities;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
 import lombok.NoArgsConstructor;
 import org.springframework.data.annotation.Id;
 import org.springframework.data.mongodb.core.mapping.Document;
-import org.tzi.use.DTO.ClassDTO;
+import org.tzi.use.use_logic.DTO.ClassDTO;
 
 import java.util.ArrayList;
 import java.util.List;
diff --git a/use-api/src/main/java/org/tzi/use/entities/OperationNTT.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/OperationNTT.java
similarity index 86%
rename from use-api/src/main/java/org/tzi/use/entities/OperationNTT.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/entities/OperationNTT.java
index bc9c3db..fcf8a8d 100644
--- a/use-api/src/main/java/org/tzi/use/entities/OperationNTT.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/OperationNTT.java
@@ -1,4 +1,4 @@
-package org.tzi.use.entities;
+package org.tzi.use.use_logic.entities;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/entities/PrePostConditionNTT.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/PrePostConditionNTT.java
similarity index 87%
rename from use-api/src/main/java/org/tzi/use/entities/PrePostConditionNTT.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/entities/PrePostConditionNTT.java
index f307844..d7f172b 100644
--- a/use-api/src/main/java/org/tzi/use/entities/PrePostConditionNTT.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/entities/PrePostConditionNTT.java
@@ -1,4 +1,4 @@
-package org.tzi.use.entities;
+package org.tzi.use.use_logic.entities;
 
 import lombok.AllArgsConstructor;
 import lombok.Data;
diff --git a/use-api/src/main/java/org/tzi/use/mapper/AssociationMapper.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/AssociationMapper.java
similarity index 65%
rename from use-api/src/main/java/org/tzi/use/mapper/AssociationMapper.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/AssociationMapper.java
index 7dd6e92..bab8eef 100644
--- a/use-api/src/main/java/org/tzi/use/mapper/AssociationMapper.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/AssociationMapper.java
@@ -1,9 +1,9 @@
-package org.tzi.use.mapper;
+package org.tzi.use.use_logic.mapper;
 
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingConstants;
-import org.tzi.use.DTO.AssociationDTO;
-import org.tzi.use.entities.AssociationNTT;
+import org.tzi.use.use_logic.DTO.AssociationDTO;
+import org.tzi.use.use_logic.entities.AssociationNTT;
 
 @Mapper(componentModel = MappingConstants.ComponentModel.SPRING)
 public interface AssociationMapper {
diff --git a/use-api/src/main/java/org/tzi/use/mapper/AttributeMapper.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/AttributeMapper.java
similarity index 65%
rename from use-api/src/main/java/org/tzi/use/mapper/AttributeMapper.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/AttributeMapper.java
index 6fc5a3b..aea6543 100644
--- a/use-api/src/main/java/org/tzi/use/mapper/AttributeMapper.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/AttributeMapper.java
@@ -1,9 +1,9 @@
-package org.tzi.use.mapper;
+package org.tzi.use.use_logic.mapper;
 
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingConstants;
-import org.tzi.use.DTO.AttributeDTO;
-import org.tzi.use.entities.AttributeNTT;
+import org.tzi.use.use_logic.DTO.AttributeDTO;
+import org.tzi.use.use_logic.entities.AttributeNTT;
 
 @Mapper(componentModel = MappingConstants.ComponentModel.SPRING)
 public interface AttributeMapper {
diff --git a/use-api/src/main/java/org/tzi/use/mapper/ClassMapper.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/ClassMapper.java
similarity index 65%
rename from use-api/src/main/java/org/tzi/use/mapper/ClassMapper.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/ClassMapper.java
index bdd6640..d4a7fff 100644
--- a/use-api/src/main/java/org/tzi/use/mapper/ClassMapper.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/ClassMapper.java
@@ -1,10 +1,10 @@
-package org.tzi.use.mapper;
+package org.tzi.use.use_logic.mapper;
 
 
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingConstants;
-import org.tzi.use.DTO.ClassDTO;
-import org.tzi.use.entities.ClassNTT;
+import org.tzi.use.use_logic.DTO.ClassDTO;
+import org.tzi.use.use_logic.entities.ClassNTT;
 
 @Mapper(componentModel = MappingConstants.ComponentModel.SPRING)
 public interface ClassMapper {
diff --git a/use-api/src/main/java/org/tzi/use/mapper/InvariantMapper.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/InvariantMapper.java
similarity index 65%
rename from use-api/src/main/java/org/tzi/use/mapper/InvariantMapper.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/InvariantMapper.java
index ec9931c..911c060 100644
--- a/use-api/src/main/java/org/tzi/use/mapper/InvariantMapper.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/InvariantMapper.java
@@ -1,9 +1,9 @@
-package org.tzi.use.mapper;
+package org.tzi.use.use_logic.mapper;
 
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingConstants;
-import org.tzi.use.DTO.InvariantDTO;
-import org.tzi.use.entities.InvariantNTT;
+import org.tzi.use.use_logic.DTO.InvariantDTO;
+import org.tzi.use.use_logic.entities.InvariantNTT;
 
 @Mapper(componentModel = MappingConstants.ComponentModel.SPRING)
 
diff --git a/use-api/src/main/java/org/tzi/use/mapper/ModelMapper.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/ModelMapper.java
similarity index 77%
rename from use-api/src/main/java/org/tzi/use/mapper/ModelMapper.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/ModelMapper.java
index ae90f23..0d9ccc9 100644
--- a/use-api/src/main/java/org/tzi/use/mapper/ModelMapper.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/ModelMapper.java
@@ -1,9 +1,9 @@
-package org.tzi.use.mapper;
+package org.tzi.use.use_logic.mapper;
 
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingConstants;
-import org.tzi.use.DTO.ModelDTO;
-import org.tzi.use.entities.ModelNTT;
+import org.tzi.use.use_logic.DTO.ModelDTO;
+import org.tzi.use.use_logic.entities.ModelNTT;
 
 /**
  * MapStruct mapper to convert between ModelNTT (entity) and ModelDTO (data transfer object).
diff --git a/use-api/src/main/java/org/tzi/use/mapper/OperationMapper.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/OperationMapper.java
similarity index 65%
rename from use-api/src/main/java/org/tzi/use/mapper/OperationMapper.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/OperationMapper.java
index ba73ba3..49f26d8 100644
--- a/use-api/src/main/java/org/tzi/use/mapper/OperationMapper.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/OperationMapper.java
@@ -1,9 +1,9 @@
-package org.tzi.use.mapper;
+package org.tzi.use.use_logic.mapper;
 
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingConstants;
-import org.tzi.use.DTO.OperationDTO;
-import org.tzi.use.entities.OperationNTT;
+import org.tzi.use.use_logic.DTO.OperationDTO;
+import org.tzi.use.use_logic.entities.OperationNTT;
 
 @Mapper(componentModel = MappingConstants.ComponentModel.SPRING)
 public interface OperationMapper {
diff --git a/use-api/src/main/java/org/tzi/use/mapper/PrePostConditionMapper.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/PrePostConditionMapper.java
similarity index 66%
rename from use-api/src/main/java/org/tzi/use/mapper/PrePostConditionMapper.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/PrePostConditionMapper.java
index ca571ac..2334dcd 100644
--- a/use-api/src/main/java/org/tzi/use/mapper/PrePostConditionMapper.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/mapper/PrePostConditionMapper.java
@@ -1,9 +1,9 @@
-package org.tzi.use.mapper;
+package org.tzi.use.use_logic.mapper;
 
 import org.mapstruct.Mapper;
 import org.mapstruct.MappingConstants;
-import org.tzi.use.DTO.PrePostConditionDTO;
-import org.tzi.use.entities.PrePostConditionNTT;
+import org.tzi.use.use_logic.DTO.PrePostConditionDTO;
+import org.tzi.use.use_logic.entities.PrePostConditionNTT;
 
 @Mapper(componentModel = MappingConstants.ComponentModel.SPRING)
 public interface PrePostConditionMapper {
diff --git a/use-api/src/main/java/org/tzi/use/repository/ModelRepo.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/repository/ModelRepo.java
similarity index 71%
rename from use-api/src/main/java/org/tzi/use/repository/ModelRepo.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/repository/ModelRepo.java
index 0ded7ac..5c2942e 100644
--- a/use-api/src/main/java/org/tzi/use/repository/ModelRepo.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/repository/ModelRepo.java
@@ -1,7 +1,7 @@
-package org.tzi.use.repository;
+package org.tzi.use.use_logic.repository;
 
 import org.springframework.data.mongodb.repository.MongoRepository;
-import org.tzi.use.entities.ModelNTT;
+import org.tzi.use.use_logic.entities.ModelNTT;
 
 import java.util.Optional;
 
diff --git a/use-api/src/main/java/org/tzi/use/rest/controller/ClassController.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/rest/controller/ClassController.java
similarity index 96%
rename from use-api/src/main/java/org/tzi/use/rest/controller/ClassController.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/rest/controller/ClassController.java
index 5ca3a37..65c350c 100644
--- a/use-api/src/main/java/org/tzi/use/rest/controller/ClassController.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/rest/controller/ClassController.java
@@ -1,4 +1,4 @@
-package org.tzi.use.rest.controller;
+package org.tzi.use.use_logic.rest.controller;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.http.HttpStatus;
@@ -9,11 +9,11 @@
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
-import org.tzi.use.DTO.AttributeDTO;
-import org.tzi.use.DTO.ClassDTO;
-import org.tzi.use.DTO.OperationDTO;
+import org.tzi.use.use_logic.DTO.AttributeDTO;
+import org.tzi.use.use_logic.DTO.ClassDTO;
+import org.tzi.use.use_logic.DTO.OperationDTO;
 import org.tzi.use.api.UseApiException;
-import org.tzi.use.rest.services.ClassService;
+import org.tzi.use.use_logic.rest.services.ClassService;
 import org.springframework.hateoas.EntityModel;
 import org.springframework.hateoas.CollectionModel;
 
diff --git a/use-api/src/main/java/org/tzi/use/rest/controller/ModelController.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/rest/controller/ModelController.java
similarity index 99%
rename from use-api/src/main/java/org/tzi/use/rest/controller/ModelController.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/rest/controller/ModelController.java
index aa9fc26..4c3d8b2 100644
--- a/use-api/src/main/java/org/tzi/use/rest/controller/ModelController.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/rest/controller/ModelController.java
@@ -1,4 +1,4 @@
-package org.tzi.use.rest.controller;
+package org.tzi.use.use_logic.rest.controller;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.hateoas.CollectionModel;
@@ -6,9 +6,9 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.*;
-import org.tzi.use.DTO.*;
+import org.tzi.use.use_logic.DTO.*;
 import org.tzi.use.api.UseApiException;
-import org.tzi.use.rest.services.ModelService;
+import org.tzi.use.use_logic.rest.services.ModelService;
 
 import java.util.List;
 import java.util.stream.Collectors;
@@ -37,6 +37,7 @@ public class ModelController {
      * @return The model with HATEOAS links
      */
     @GetMapping("/model/{modelName}")
+    // @ResourceLimited
     public ResponseEntity<EntityModel<ModelDTO>> getModelByName(@PathVariable String modelName) {
         ModelDTO modelDTO = modelService.getModelByName(modelName);
 
diff --git a/use-api/src/main/java/org/tzi/use/rest/services/ClassService.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/rest/services/ClassService.java
similarity index 87%
rename from use-api/src/main/java/org/tzi/use/rest/services/ClassService.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/rest/services/ClassService.java
index f4a9128..d8f1715 100644
--- a/use-api/src/main/java/org/tzi/use/rest/services/ClassService.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/rest/services/ClassService.java
@@ -1,18 +1,18 @@
-package org.tzi.use.rest.services;
+package org.tzi.use.use_logic.rest.services;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.stereotype.Service;
-import org.tzi.use.DTO.AttributeDTO;
-import org.tzi.use.DTO.ClassDTO;
-import org.tzi.use.DTO.OperationDTO;
-import org.tzi.use.UseModelFacade;
+import org.tzi.use.use_logic.DTO.AttributeDTO;
+import org.tzi.use.use_logic.DTO.ClassDTO;
+import org.tzi.use.use_logic.DTO.OperationDTO;
+import org.tzi.use.use_logic.UseModelFacade;
 import org.tzi.use.api.UseApiException;
-import org.tzi.use.entities.AttributeNTT;
-import org.tzi.use.entities.ClassNTT;
-import org.tzi.use.entities.ModelNTT;
-import org.tzi.use.entities.OperationNTT;
-import org.tzi.use.mapper.*;
-import org.tzi.use.repository.ModelRepo;
+import org.tzi.use.use_logic.entities.AttributeNTT;
+import org.tzi.use.use_logic.entities.ClassNTT;
+import org.tzi.use.use_logic.entities.ModelNTT;
+import org.tzi.use.use_logic.entities.OperationNTT;
+import org.tzi.use.use_logic.mapper.*;
+import org.tzi.use.use_logic.repository.ModelRepo;
 
 import java.util.List;
 
diff --git a/use-api/src/main/java/org/tzi/use/rest/services/ModelService.java b/secure-use-api/src/main/java/org/tzi/use/use_logic/rest/services/ModelService.java
similarity index 96%
rename from use-api/src/main/java/org/tzi/use/rest/services/ModelService.java
rename to secure-use-api/src/main/java/org/tzi/use/use_logic/rest/services/ModelService.java
index dc41215..d76d96d 100644
--- a/use-api/src/main/java/org/tzi/use/rest/services/ModelService.java
+++ b/secure-use-api/src/main/java/org/tzi/use/use_logic/rest/services/ModelService.java
@@ -1,14 +1,14 @@
-package org.tzi.use.rest.services;
+package org.tzi.use.use_logic.rest.services;
 
 import lombok.RequiredArgsConstructor;
 import org.springframework.dao.DuplicateKeyException;
 import org.springframework.stereotype.Service;
-import org.tzi.use.DTO.*;
-import org.tzi.use.UseModelFacade;
+import org.tzi.use.use_logic.DTO.*;
+import org.tzi.use.use_logic.UseModelFacade;
 import org.tzi.use.api.UseApiException;
-import org.tzi.use.entities.*;
-import org.tzi.use.mapper.*;
-import org.tzi.use.repository.ModelRepo;
+import org.tzi.use.use_logic.entities.*;
+import org.tzi.use.use_logic.mapper.*;
+import org.tzi.use.use_logic.repository.ModelRepo;
 
 import java.util.List;
 
diff --git a/securety_api/src/main/resources/.DS_Store b/secure-use-api/src/main/resources/.DS_Store
similarity index 100%
rename from securety_api/src/main/resources/.DS_Store
rename to secure-use-api/src/main/resources/.DS_Store
diff --git a/use-api/src/main/resources/application.properties b/secure-use-api/src/main/resources/application.properties
similarity index 57%
rename from use-api/src/main/resources/application.properties
rename to secure-use-api/src/main/resources/application.properties
index 6c231f1..0894b9c 100644
--- a/use-api/src/main/resources/application.properties
+++ b/secure-use-api/src/main/resources/application.properties
@@ -1,3 +1,7 @@
+#---------------------------------
+# LOGIC PART
+#---------------------------------
+
 spring.application.name=usewebapi
 spring.jpa.hibernate.ddl-auto=create-drop
 spring.graphql.graphiql.enabled=true
@@ -18,3 +22,17 @@ spring.data.mongodb.password=rootpass
 spring.data.mongodb.database=use-database
 spring.data.mongodb.port=27017
 spring.data.mongodb.host=localhost
+
+#---------------------------------
+# SECURITY PART
+#---------------------------------
+
+# Database connection settings
+spring.datasource.url=jdbc:h2:mem:org.tzi.use
+spring.datasource.driver-class-name=org.h2.Driver
+spring.datasource.username=sa
+spring.datasource.password=
+spring.h2.console.enabled=true
+spring.jpa.hibernate.ddl-auto=update
+
+logging.level.org.springframework.security=TRACE
\ No newline at end of file
diff --git a/use-api/src/main/resources/docker-compose.yml b/secure-use-api/src/main/resources/docker-compose.yml
similarity index 100%
rename from use-api/src/main/resources/docker-compose.yml
rename to secure-use-api/src/main/resources/docker-compose.yml
diff --git a/securety_api/src/main/resources/logback-spring.xml b/secure-use-api/src/main/resources/logback-spring.xml
similarity index 81%
rename from securety_api/src/main/resources/logback-spring.xml
rename to secure-use-api/src/main/resources/logback-spring.xml
index 6fbf6e5..7b98335 100644
--- a/securety_api/src/main/resources/logback-spring.xml
+++ b/secure-use-api/src/main/resources/logback-spring.xml
@@ -5,9 +5,9 @@
 
     <!-- Rolling File Appender for filter logs -->
     <appender name="AUDIT_LOGS" class="ch.qos.logback.core.rolling.RollingFileAppender">
-        <file>logs/filter-logs.log</file>
+        <file>secure-use-api/logs/filter-logs.log</file>
         <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
-            <fileNamePattern>logs/requests.%d{yyyy-MM-dd}.log</fileNamePattern>
+            <fileNamePattern>secure-use-api/logs/requests.%d{yyyy-MM-dd}.log</fileNamePattern>
             <maxHistory>15</maxHistory> <!-- Keep logs for 15 days -->
             <totalSizeCap>1GB</totalSizeCap> <!-- Limit total size of log files -->
         </rollingPolicy>
@@ -17,7 +17,7 @@
     </appender>
 
     <!-- Logger for the AuditLogMiddleware -->
-    <logger name="com.secure_use_api.rest.middleware.AuditLogMiddleware" level="INFO"
+    <logger name="org.tzi.use.api_security.rest.middleware.AuditLogMiddleware" level="INFO"
         additivity="false">
         <appender-ref ref="AUDIT_LOGS" />
     </logger>
diff --git a/securety_api/src/test/.DS_Store b/secure-use-api/src/test/.DS_Store
similarity index 100%
rename from securety_api/src/test/.DS_Store
rename to secure-use-api/src/test/.DS_Store
diff --git a/securety_api/src/test/java/.DS_Store b/secure-use-api/src/test/java/.DS_Store
similarity index 100%
rename from securety_api/src/test/java/.DS_Store
rename to secure-use-api/src/test/java/.DS_Store
diff --git a/use-api/src/test/java/org/tzi/use/RestApiControllerTest.java b/secure-use-api/src/test/java/org/tzi/use/RestApiControllerTest.java
similarity index 95%
rename from use-api/src/test/java/org/tzi/use/RestApiControllerTest.java
rename to secure-use-api/src/test/java/org/tzi/use/RestApiControllerTest.java
index 1d11e9b..be13f9a 100644
--- a/use-api/src/test/java/org/tzi/use/RestApiControllerTest.java
+++ b/secure-use-api/src/test/java/org/tzi/use/RestApiControllerTest.java
@@ -1,12 +1,12 @@
 package org.tzi.use;
 
-import io.restassured.RestAssured;
-import io.restassured.response.Response;
-import org.junit.jupiter.api.BeforeAll;
-import org.junit.jupiter.api.Test;
+// import io.restassured.RestAssured;
+// import io.restassured.response.Response;
+// import org.junit.jupiter.api.BeforeAll;
+// import org.junit.jupiter.api.Test;
 
-import static io.restassured.RestAssured.*;
-import static org.hamcrest.Matchers.*;
+// import static io.restassured.RestAssured.*;
+// import static org.hamcrest.Matchers.*;
 
 @Deprecated
 public class RestApiControllerTest {
diff --git a/securety_api/src/test/postman/.DS_Store b/secure-use-api/src/test/postman/.DS_Store
similarity index 100%
rename from securety_api/src/test/postman/.DS_Store
rename to secure-use-api/src/test/postman/.DS_Store
diff --git a/securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_collection.json b/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_collection.json
similarity index 100%
rename from securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_collection.json
rename to secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_collection.json
diff --git a/securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_test_run.json b/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_test_run.json
similarity index 100%
rename from securety_api/src/test/postman/Uni.Ba.ApiSecurityTest.postman_test_run.json
rename to secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_test_run.json
diff --git a/use-api/src/it/java/org.tzi.use/postman_collection/use-webapi-extended.postman_collection.json b/secure-use-api/src/test/postman/use_logic/use-webapi-extended.postman_collection.json
similarity index 100%
rename from use-api/src/it/java/org.tzi.use/postman_collection/use-webapi-extended.postman_collection.json
rename to secure-use-api/src/test/postman/use_logic/use-webapi-extended.postman_collection.json
diff --git a/use-api/src/it/java/org.tzi.use/postman_collection/use-webapi.postman_collection.json b/secure-use-api/src/test/postman/use_logic/use-webapi.postman_collection.json
similarity index 100%
rename from use-api/src/it/java/org.tzi.use/postman_collection/use-webapi.postman_collection.json
rename to secure-use-api/src/test/postman/use_logic/use-webapi.postman_collection.json
diff --git a/securety_api/src/test/resources/.gitkeep b/secure-use-api/src/test/resources/.gitkeep
similarity index 100%
rename from securety_api/src/test/resources/.gitkeep
rename to secure-use-api/src/test/resources/.gitkeep
diff --git a/securety_api/pom.xml b/securety_api/pom.xml
deleted file mode 100644
index 2564cec..0000000
--- a/securety_api/pom.xml
+++ /dev/null
@@ -1,113 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0"
-    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <groupId>com.secure_use_api</groupId>
-    <artifactId>secure_use_api</artifactId>
-    <version>1.0</version>
-    <packaging>jar</packaging>
-
-    <parent>
-        <groupId>org.springframework.boot</groupId>
-        <artifactId>spring-boot-starter-parent</artifactId>
-        <version>3.5.5</version>
-    </parent>
-
-    <properties>
-        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <start-class>com.secure_use_api.App</start-class>
-        <java.version>17</java.version>
-    </properties>
-
-    <dependencies>
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-test</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-validation</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.security</groupId>
-            <artifactId>spring-security-test</artifactId>
-            <scope>test</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>de.mkammerer</groupId>
-            <artifactId>argon2-jvm</artifactId>
-            <version>2.7</version>
-        </dependency>
-
-        <!-- H2 Database Dependency (In memory for testing) -->
-        <dependency>
-            <groupId>com.h2database</groupId>
-            <artifactId>h2</artifactId>
-            <scope>runtime</scope>
-        </dependency>
-
-        <dependency>
-            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-jpa</artifactId>
-        </dependency>
-
-        <dependency>
-            <groupId>jakarta.persistence</groupId>
-            <artifactId>jakarta.persistence-api</artifactId>
-            <version>3.1.0</version>
-        </dependency>
-
-        <!-- RateLimiter -->
-        <dependency>
-            <groupId>com.google.guava</groupId>
-            <artifactId>guava</artifactId>
-            <version>32.1.3-jre</version>
-        </dependency>
-
-        <!-- JWT Library -->
-        <dependency>
-            <groupId>com.auth0</groupId>
-            <artifactId>java-jwt</artifactId>
-            <version>4.2.1</version>
-        </dependency>
-
-        <!-- .env Library -->
-        <dependency>
-            <groupId>io.github.cdimascio</groupId>
-            <artifactId>dotenv-java</artifactId>
-            <version>2.0.0</version>
-        </dependency>
-
-        <!-- json Library -->
-        <dependency>
-            <groupId>com.google.code.gson</groupId>
-            <artifactId>gson</artifactId>
-            <version>2.13.2</version>
-        </dependency>
-    </dependencies>
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.springframework.boot</groupId>
-                <artifactId>spring-boot-maven-plugin</artifactId>
-            </plugin>
-        </plugins>
-    </build>
-
-</project>
\ No newline at end of file
diff --git a/securety_api/src/main/resources/application.properties b/securety_api/src/main/resources/application.properties
deleted file mode 100644
index b0849ed..0000000
--- a/securety_api/src/main/resources/application.properties
+++ /dev/null
@@ -1,11 +0,0 @@
-spring.application.name=com.secure_use_api
-
-# Database connection settings
-spring.datasource.url=jdbc:h2:mem:com.secure_use_api
-spring.datasource.driver-class-name=org.h2.Driver
-spring.datasource.username=sa
-spring.datasource.password=
-spring.h2.console.enabled=true
-spring.jpa.hibernate.ddl-auto=update
-
-logging.level.org.springframework.security=TRACE
\ No newline at end of file
diff --git a/securety_api/src/main/resources/templates/hello.html b/securety_api/src/main/resources/templates/hello.html
deleted file mode 100644
index 8cb9705..0000000
--- a/securety_api/src/main/resources/templates/hello.html
+++ /dev/null
@@ -1,12 +0,0 @@
-<!DOCTYPE html>
-<html xmlns:th="http://www.thymeleaf.org">
-<head>
-    <meta charset="UTF-8" />
-    <title></title>
-</head>
-<body>
-<p>
-    <span th:text="${hello}">Hello!</span>
-</p>
-</body>
-</html>
\ No newline at end of file
diff --git a/securety_api/src/test/java/com/secure_use_api/SecureUseAppiApplicationTests.java b/securety_api/src/test/java/com/secure_use_api/SecureUseAppiApplicationTests.java
deleted file mode 100644
index 9f82515..0000000
--- a/securety_api/src/test/java/com/secure_use_api/SecureUseAppiApplicationTests.java
+++ /dev/null
@@ -1,13 +0,0 @@
-package com.secure_use_api;
-
-import org.junit.jupiter.api.Test;
-import org.springframework.boot.test.context.SpringBootTest;
-
-@SpringBootTest
-class SecureUseApiApplicationTests {
-
-	@Test
-	void contextLoads() {
-	}
-
-}
diff --git a/use-api/src/main/java/org/tzi/use/UseWebAPIApplication.java b/use-api/src/main/java/org/tzi/use/UseWebAPIApplication.java
deleted file mode 100644
index 0ba75b8..0000000
--- a/use-api/src/main/java/org/tzi/use/UseWebAPIApplication.java
+++ /dev/null
@@ -1,11 +0,0 @@
-package org.tzi.use;
-
-import org.springframework.boot.SpringApplication;
-import org.springframework.boot.autoconfigure.SpringBootApplication;
-
-@SpringBootApplication
-public class UseWebAPIApplication {
-    public static void main(String[] args) {
-        SpringApplication.run(UseWebAPIApplication.class, args);
-    }
-}

From 05c5fa5f4cfaffc87bd5b8839563f3fd813b8e60 Mon Sep 17 00:00:00 2001
From: Frohrian <129013978+Frohrian@users.noreply.github.com>
Date: Mon, 15 Dec 2025 03:06:26 +0100
Subject: [PATCH 3/6] Delete .DS_Store

---
 .DS_Store | Bin 8196 -> 0 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 delete mode 100644 .DS_Store

diff --git a/.DS_Store b/.DS_Store
deleted file mode 100644
index edc9948eb27e09f64ab6c2711a255530ef932320..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 8196
zcmeHMO-~a+7=8x|-3l0DG~uAhCf-cJ@}WY!lu}|yPz*~XMosBg%Es+((+?{lBt2{5
z-J^FCuf~H{|AGI-c+lsaU2u0w3nCGWGs(=m-F=>UXP$XyW@k%8BGW2O6HO42fy{P%
z1jQkVpL6a?1HqkZumXId3YBS<JgTfXU1)tnE1(t73TOqi0$PFdpaAx4PDYP?-+!u0
zt$<eGzf^$N2NRiXI<Otz%B2H^JOaSRa9bu^;~XG4W?<8S?f6zwQKx@;5CK&LM-1W9
z@!VuMY&x(V-}-bCKAlA1Sp+8(A-#iVN;rwMZ*{2^&<b=bz-RXaEzvgR$qk?1y<)-f
z3V6yBY7u$rhfKI4ii5F659u+j&;z=+;zZCN6!aLC@J*mdEvn-CfJ;sIYLbn6Zj>pw
zHBmoYzeO8p!78mP=+_E5Mh<^_poW6`rr?Ir4(@FWr4z*tR1|Cs{+DT!tSC+@@;;=<
zAUwCI8AS>997e^d23(b<=p{<UH?eMEbb{95dy%qqA9f0il2SkG6=qye7;6}(!&D1%
zE>Z)d!lP4%orLAzlhCF{w&D-{5jR4;?#nH-8?_*YJ{D?@-Dsv#U&X*+Y-l)c#ElW-
znYHb;t!BR2YGm^DC;V%}^PIx|b-wV(F1K^zmzO-ZnYZ0?T@vh48IY%&wp;Sr8L#D*
z8j@@I4~&G7$c<0z?#|BNNt)BCTYE`!cVQ-#H0Ne-@9iawE7xz{UC%vts;>76`XPy6
zQ=u{c_d&@K*0+yNW!frw)fzK~-n>g6g|B+qY@mrT|LObH&+RWfxBB|1dZpjy)V4$I
zdJ7Ln_;_K}UB`1d`dN!h{bB-<Xm>|1&zwkX^sgg_dEj)#vpQdnRmWM!+04R1(wv!_
z`@=XpR$rBI8V!w;jWu=W@Odj&weXzp$vbN;PifBf?4P1vyx(faYkVZ4M?>g_RK7|D
zMDb2^mE?6i!ZQwdMMOPT*(jcOy$JqSt14isYcSTN2%6{i$<m-to8a^Ra_{f|C#zhu
zv;taze?kEf%UanCn!5iQq_&#R+9vWAGAG7$d@Cs^<Z&EU9>-x1{xHO~2`F>Yf$jJf
acaZ-2hk#Rm&(!<>xqD~V`@fu9{feJJkHC`v


From 54165a8c9f9518d6479d3cc910cc7fc656b9e8cf Mon Sep 17 00:00:00 2001
From: Florian Rohr <florian.rohr@haw_hamburg.com>
Date: Mon, 15 Dec 2025 03:11:44 +0100
Subject: [PATCH 4/6] Changes to be committed: 	deleted:   
 secure-use-api/.env 	deleted:    secure-use-api/logs/filter-logs.log

---
 secure-use-api/.env                 |   4 -
 secure-use-api/logs/filter-logs.log | 146 ----------------------------
 2 files changed, 150 deletions(-)
 delete mode 100644 secure-use-api/.env
 delete mode 100644 secure-use-api/logs/filter-logs.log

diff --git a/secure-use-api/.env b/secure-use-api/.env
deleted file mode 100644
index 5613441..0000000
--- a/secure-use-api/.env
+++ /dev/null
@@ -1,4 +0,0 @@
-SECRET_ACCESS_TOKEN_KEY=AuthSecretKey
-SECRET_REFRESH_TOKEN_KEY=RefreshTokenKey
-RATE_LIMIT_PER_SECOND=1
-RESOURCE_LIMIT_PER_DAY=60
\ No newline at end of file
diff --git a/secure-use-api/logs/filter-logs.log b/secure-use-api/logs/filter-logs.log
deleted file mode 100644
index 72cb2b7..0000000
--- a/secure-use-api/logs/filter-logs.log
+++ /dev/null
@@ -1,146 +0,0 @@
-127.0.0.1 - - [15/Dec/2025:02:27:52 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:30:47 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:30:50 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:30:50 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:30:50 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:30:51 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "DELETE /api/delete/b2d956ee-7589-4c17-a74a-360083c24e92 HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:53 +0100] "DELETE /api/delete/b2d956ee-7589-4c17-a74a-360083c24e92 HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:54 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:30:54 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:54 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:30:54 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:14 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:14 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:34 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:54 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:54 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
-127.0.0.1 - a6efae46-827e-4dbb-95b1-d4c5b4034f20 [15/Dec/2025:02:31:54 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:54 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:56 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:56 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:56 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:31:58 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:31:59 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "DELETE /api/delete/34bb8aad-da45-4ef2-a748-c4cd424c3aa9 HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "DELETE /api/delete/34bb8aad-da45-4ef2-a748-c4cd424c3aa9 HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:32:00 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:00 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:20 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:20 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:32:40 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:33:00 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:33:00 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
-127.0.0.1 - f6e5c63c-d059-4816-865b-a5989aa82f27 [15/Dec/2025:02:33:00 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:00 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:02 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:02 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:02 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:04 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:05 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "DELETE /api/delete/d110e1f9-6ce2-45c9-b985-e70a3b61cb0e HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "DELETE /api/delete/d110e1f9-6ce2-45c9-b985-e70a3b61cb0e HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:33:06 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:06 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:26 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:26 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:33:46 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:34:06 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:34:06 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 41747f24-5e6d-49a7-8529-796fb76e1628 [15/Dec/2025:02:34:06 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:06 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:08 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:08 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:08 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:10 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:11 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:11 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:11 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "DELETE /api/delete/c0bec021-0625-43b8-880b-300d5fefe999 HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "DELETE /api/delete/c0bec021-0625-43b8-880b-300d5fefe999 HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:34:12 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:12 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:32 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:32 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:34:52 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:35:12 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:35:12 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 3ce1ac49-7e55-41a4-9135-7d5f3c799d89 [15/Dec/2025:02:35:12 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:12 +0100] "POST /auth/register HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:14 +0100] "POST /auth/register HTTP/1.1" 400 123 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:14 +0100] "GET /auth HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:14 +0100] "POST /auth/login HTTP/1.1" 400 110 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:16 +0100] "POST /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:17 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:17 +0100] "PUT /auth/login HTTP/1.1" 200 594 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:17 +0100] "GET /auth/ HTTP/1.1" 200 24 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "POST /api/create HTTP/1.1" 200 325 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /api/getAll HTTP/1.1" 200 297 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /auth/ HTTP/1.1" 200 29 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "DELETE /auth/delete HTTP/1.1" 403 129 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "DELETE /api/delete/136ae8ba-5a6a-42ad-92d8-beaa34a0e399 HTTP/1.1" 403 165 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "DELETE /api/delete/136ae8ba-5a6a-42ad-92d8-beaa34a0e399 HTTP/1.1" 200 73 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /api/getAll HTTP/1.1" 200 2 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:35:18 +0100] "GET /auth/ HTTP/1.1" 401 115 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:18 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:38 +0100] "GET /user/resourceLimit HTTP/1.1" 200 32 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:38 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:35:58 +0100] "GET /user/longRun HTTP/1.1" 200 8 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:36:18 +0100] "GET /user/longRun HTTP/1.1" 403 148 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:36:19 +0100] "GET /user/resourceLimit HTTP/1.1" 200 31 - "PostmanRuntime/7.49.1"
-127.0.0.1 - 1da5e68a-a46c-4aaf-ab83-a3dd6e5a16d0 [15/Dec/2025:02:36:19 +0100] "DELETE /auth/delete HTTP/1.1" 200 72 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:36:19 +0100] "POST /auth/login HTTP/1.1" 400 138 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:36:19 +0100] "GET /auth/ HTTP/1.1" 401 143 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:36:19 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"
-127.0.0.1 - - [15/Dec/2025:02:36:19 +0100] "GET /user/resourceLimit HTTP/1.1" 401 156 - "PostmanRuntime/7.49.1"

From 6ec1256214450bd6e757b9a0ef6838449a05bc3a Mon Sep 17 00:00:00 2001
From: Florian Rohr <florian.rohr@haw_hamburg.com>
Date: Mon, 15 Dec 2025 15:39:45 +0100
Subject: [PATCH 5/6] Resolved ExceptionHandler bug with wrong content type
 header

---
 .../exceptions/CustomExceptionHandler.java    | 28 ++++++++++++++++++-
 1 file changed, 27 insertions(+), 1 deletion(-)

diff --git a/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomExceptionHandler.java b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomExceptionHandler.java
index 9a074ae..3324c94 100644
--- a/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomExceptionHandler.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/exceptions/CustomExceptionHandler.java
@@ -21,6 +21,30 @@ protected ResponseEntity<Object> handleMethodArgumentNotValid(MethodArgumentNotV
 
                 Map<String, String> errors = new HashMap<>();
 
+                ex.getBindingResult().getFieldErrors()
+                                .forEach(error -> errors.put(error.getField(), error.getDefaultMessage()));
+
+                ExceptionResponse exceptionResponse = new ExceptionResponse(HttpStatus.BAD_REQUEST, errors,
+                                request.getDescription(false));
+                
+                // Headers for the response
+                HttpHeaders responseHeaders = new HttpHeaders();
+                responseHeaders.add("content-type", "application/problem+json");
+
+                // Using ExceptionResponseRecord here because else the whole stack trace of
+                // parent class RuntimeError is included which would give a tone of server
+                // information to the client
+                return ResponseEntity
+                                .status(exceptionResponse.getHttpStatus())
+                                .headers(responseHeaders)
+                                .body(exceptionResponse.toExceptionResponseRecord());
+        }
+
+        public ResponseEntity<Object> handleMethodArgumentNotValid(MethodArgumentNotValidException ex,
+                        WebRequest request) {
+
+                Map<String, String> errors = new HashMap<>();
+
                 ex.getBindingResult().getFieldErrors()
                                 .forEach(error -> errors.put(error.getField(), error.getDefaultMessage()));
 
@@ -29,7 +53,9 @@ protected ResponseEntity<Object> handleMethodArgumentNotValid(MethodArgumentNotV
 
                 System.out.println(exceptionResponse);
 
-                // Using ExceptionResponseRecord here because else the whole stack trace of parent class RuntimeError is included which would give a tone of server information to the client
+                // Using ExceptionResponseRecord here because else the whole stack trace of
+                // parent class RuntimeError is included which would give a tone of server
+                // information to the client
                 return new ResponseEntity<>(exceptionResponse.toExceptionResponseRecord(),
                                 exceptionResponse.getHttpStatus());
         }

From 7dfec1f12ab0d434d19f6d4be4acb00c3b1af1df Mon Sep 17 00:00:00 2001
From: Florian Rohr <florian.rohr@haw_hamburg.com>
Date: Tue, 16 Dec 2025 04:58:09 +0100
Subject: [PATCH 6/6] Removed unnecessary console prints

---
 .../controller/AuthenticationController.java  |    3 -
 .../rest/middleware/AuditLogMiddleware.java   |    2 -
 .../middleware/AuthenticationMiddleware.java  |    3 -
 ...Ba.ApiSecurityTest.postman_collection.json |  224 +++-
 ...i.Ba.ApiSecurityTest.postman_test_run.json | 1082 +++++------------
 5 files changed, 507 insertions(+), 807 deletions(-)

diff --git a/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/AuthenticationController.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/AuthenticationController.java
index 1633c7c..8626ccd 100644
--- a/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/AuthenticationController.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/controller/AuthenticationController.java
@@ -81,9 +81,6 @@ public ResponseEntity<TokensDto> login(@RequestBody @Valid UserLoginDto loginReq
             AccessToken accessToken = this.authService.login(loginRequest.getEmail(), loginRequest.getPassword());
             RefreshToken refreshToken = refreshTokenService.create(accessToken);
 
-            System.out.println(accessToken);
-            System.out.println("lbub");
-
             return ResponseEntity.ok(new TokensDto(accessToken.toTokenString(), refreshToken.toTokenString()));
         } catch (AuthenticationException err) {
             throw new ResponseStatusException(HttpStatus.BAD_REQUEST, err.getMessage());
diff --git a/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuditLogMiddleware.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuditLogMiddleware.java
index ab8b571..676977a 100644
--- a/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuditLogMiddleware.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuditLogMiddleware.java
@@ -50,8 +50,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
         Authentication anonymousUser = SecurityContextHolder.getContext().getAuthentication();
         UserAuthentication user = null;
 
-        System.out.println(anonymousUser);
-
         // If user is know and of instance UserAuthentication and not
         // org.springframework.security.authentication.AnonymousAuthenticationToken
         if (anonymousUser != null && anonymousUser instanceof UserAuthentication) {
diff --git a/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthenticationMiddleware.java b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthenticationMiddleware.java
index 4622e2d..9a47e88 100644
--- a/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthenticationMiddleware.java
+++ b/secure-use-api/src/main/java/org/tzi/use/api_security/rest/middleware/AuthenticationMiddleware.java
@@ -33,9 +33,6 @@ protected void doFilterInternal(HttpServletRequest request, HttpServletResponse
 
         String authorizationHeader = request.getHeader("Authorization");
 
-        System.out.println("hey");
-        System.out.println(authorizationHeader);
-
         if (authorizationHeader != null && authorizationHeader.startsWith("Bearer ")) {
             try {
                 // Extract the token by removing the "Bearer " prefix
diff --git a/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_collection.json b/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_collection.json
index 9a9b7df..fb6ef3d 100644
--- a/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_collection.json
+++ b/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_collection.json
@@ -6,6 +6,71 @@
 		"_exporter_id": "17943160"
 	},
 	"item": [
+		{
+			"name": "RegisterUserInputValidationFail",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 400', function () {",
+							"    pm.expect(pm.response.code).to.equal(400);",
+							"})",
+							"",
+							"pm.test('Response content type is application/problem+json', function () {",
+							"    pm.expect(pm.response.headers.get('Content-Type')).to.equal('application/problem+json');",
+							"})",
+							"",
+							"pm.test('The password to short message must be present', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.message.password).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'Value should not be empty');",
+							"})",
+							"",
+							"pm.test('The email not well-formated message must be present', function () {",
+							"    const responseData = pm.response.json();",
+							"    pm.expect(responseData).to.be.an('object');",
+							"    pm.expect(responseData.message.email).to.exist.and.to.be.a('string').and.to.have.lengthOf.at.least(1, 'Value should not be empty');",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"method": "POST",
+				"header": [
+					{
+						"key": "Authorization",
+						"value": "Bearer xyz",
+						"type": "text",
+						"disabled": true
+					}
+				],
+				"body": {
+					"mode": "raw",
+					"raw": "{\n    \"email\": \"noValidEmail\",\n    \"password\": \"short\"\n}",
+					"options": {
+						"raw": {
+							"language": "json"
+						}
+					}
+				},
+				"url": {
+					"raw": "{{Host}}/auth/register",
+					"host": [
+						"{{Host}}"
+					],
+					"path": [
+						"auth",
+						"register"
+					]
+				}
+			},
+			"response": []
+		},
 		{
 			"name": "RegisterUserSuccess",
 			"event": [
@@ -414,7 +479,7 @@
 			"response": []
 		},
 		{
-			"name": "HelloAuthenticatedSuccess",
+			"name": "HelloAuthenticatedRefreshedSuccess",
 			"event": [
 				{
 					"listen": "test",
@@ -817,7 +882,7 @@
 			"response": []
 		},
 		{
-			"name": "DeleteApiToken",
+			"name": "DeleteApiTokenSuccess",
 			"event": [
 				{
 					"listen": "prerequest",
@@ -1104,7 +1169,7 @@
 			"response": []
 		},
 		{
-			"name": "ResourceLimit",
+			"name": "ResourceLimitReduced",
 			"event": [
 				{
 					"listen": "test",
@@ -1314,7 +1379,7 @@
 			"response": []
 		},
 		{
-			"name": "ResourceLimit",
+			"name": "ResourceLimitZero",
 			"event": [
 				{
 					"listen": "test",
@@ -1448,7 +1513,7 @@
 			"response": []
 		},
 		{
-			"name": "LoginUserFail",
+			"name": "LoginUserFailDeleted",
 			"event": [
 				{
 					"listen": "test",
@@ -1492,6 +1557,147 @@
 				}
 			},
 			"response": []
+		},
+		{
+			"name": "RateLimitFirst",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 401', function () {",
+							"    pm.expect(pm.response.code).to.equal(401);",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "127.0.0.1:8080/auth/",
+					"host": [
+						"127",
+						"0",
+						"0",
+						"1"
+					],
+					"port": "8080",
+					"path": [
+						"auth",
+						""
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "RateLimitSecond",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 401 or 429', function () {",
+							"    pm.expect(pm.response.code).to.be.oneOf([401, 429])",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "127.0.0.1:8080/user/resourceLimit",
+					"host": [
+						"127",
+						"0",
+						"0",
+						"1"
+					],
+					"port": "8080",
+					"path": [
+						"user",
+						"resourceLimit"
+					]
+				}
+			},
+			"response": []
+		},
+		{
+			"name": "RateLimitFailRequest",
+			"event": [
+				{
+					"listen": "test",
+					"script": {
+						"exec": [
+							"pm.test('Response status code is 429', function () {",
+							"    pm.expect(pm.response.code).to.equal(429);",
+							"})"
+						],
+						"type": "text/javascript",
+						"packages": {},
+						"requests": {}
+					}
+				}
+			],
+			"request": {
+				"auth": {
+					"type": "bearer",
+					"bearer": [
+						{
+							"key": "token",
+							"value": "{{AccessToken}}",
+							"type": "string"
+						}
+					]
+				},
+				"method": "GET",
+				"header": [],
+				"url": {
+					"raw": "127.0.0.1:8080/user/resourceLimit",
+					"host": [
+						"127",
+						"0",
+						"0",
+						"1"
+					],
+					"port": "8080",
+					"path": [
+						"user",
+						"resourceLimit"
+					]
+				}
+			},
+			"response": []
 		}
 	],
 	"event": [
@@ -1531,14 +1737,6 @@
 			"key": "UserPassword",
 			"value": "SecurePassword"
 		},
-		{
-			"key": "AccessToken",
-			"value": ""
-		},
-		{
-			"key": "RefreshToken",
-			"value": ""
-		},
 		{
 			"key": "ApiToken",
 			"value": ""
diff --git a/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_test_run.json b/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_test_run.json
index 409cf7c..e55dca1 100644
--- a/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_test_run.json
+++ b/secure-use-api/src/test/postman/api_security/Uni.Ba.ApiSecurityTest.postman_test_run.json
@@ -1,22 +1,67 @@
 {
-	"id": "95fff205-c3c4-445e-82aa-5af17b63047c",
+	"id": "92405825-09dd-4279-984c-9e0be2793380",
 	"name": "Uni.Ba.ApiSecurityTest",
-	"timestamp": "2025-09-28T00:10:08.992Z",
+	"timestamp": "2025-12-15T14:43:28.502Z",
 	"collection_id": "17943160-53687375-8243-4fe8-98d1-543e1f899f2d",
 	"folder_id": 0,
 	"environment_id": "0",
-	"totalPass": 400,
+	"totalPass": 86,
 	"delay": 0,
 	"persist": true,
 	"status": "finished",
-	"startedAt": "2025-09-28T00:04:22.434Z",
+	"startedAt": "2025-12-15T14:42:17.139Z",
 	"totalFail": 0,
 	"results": [
+		{
+			"id": "b9a5d7a6-b8dd-428c-9c1c-474fb3a2ad07",
+			"name": "RegisterUserInputValidationFail",
+			"url": "127.0.0.1:8080/auth/register",
+			"time": 1088,
+			"responseCode": {
+				"code": 400,
+				"name": "Bad Request"
+			},
+			"tests": {
+				"Response status code is 400": true,
+				"Response content type is application/problem+json": true,
+				"The password to short message must be present": true,
+				"The email not well-formated message must be present": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 400": {
+					"pass": 1,
+					"fail": 0
+				},
+				"Response content type is application/problem+json": {
+					"pass": 1,
+					"fail": 0
+				},
+				"The password to short message must be present": {
+					"pass": 1,
+					"fail": 0
+				},
+				"The email not well-formated message must be present": {
+					"pass": 1,
+					"fail": 0
+				}
+			},
+			"times": [
+				1088
+			],
+			"allTests": [
+				{
+					"Response status code is 400": true,
+					"Response content type is application/problem+json": true,
+					"The password to short message must be present": true,
+					"The email not well-formated message must be present": true
+				}
+			]
+		},
 		{
 			"id": "15986188-ab75-40be-8bdb-79f41bf87a1a",
 			"name": "RegisterUserSuccess",
 			"url": "127.0.0.1:8080/auth/register",
-			"time": 2584,
+			"time": 3252,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -30,62 +75,30 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response Content-Type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response contains required fields: id and actionType": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"The id must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"ActionType must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				3115,
-				1840,
-				1760,
-				2088,
-				2584
+				3252
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains required fields: id and actionType": true,
-					"The id must be a non-empty string": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains required fields: id and actionType": true,
-					"The id must be a non-empty string": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains required fields: id and actionType": true,
-					"The id must be a non-empty string": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains required fields: id and actionType": true,
-					"The id must be a non-empty string": true,
-					"ActionType must be a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response Content-Type is application/json": true,
@@ -99,7 +112,7 @@
 			"id": "6e7bde1a-79e0-4ffe-8dea-8c91a902b1d5",
 			"name": "RegisterUserFail",
 			"url": "127.0.0.1:8080/auth/register",
-			"time": 87,
+			"time": 73,
 			"responseCode": {
 				"code": 400,
 				"name": "Bad Request"
@@ -110,38 +123,18 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 400": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/problem+json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				135,
-				29,
-				25,
-				30,
-				87
+				73
 			],
 			"allTests": [
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
 				{
 					"Response status code is 400": true,
 					"Response content type is application/problem+json": true
@@ -152,7 +145,7 @@
 			"id": "8a3bc1df-b648-438c-80a8-d06ef6a9a382",
 			"name": "HelloAuthenticatedFail",
 			"url": "127.0.0.1:8080/auth",
-			"time": 30,
+			"time": 18,
 			"responseCode": {
 				"code": 401,
 				"name": "Unauthorized"
@@ -163,38 +156,18 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 401": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/problem+json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				144,
-				26,
-				15,
-				18,
-				30
+				18
 			],
 			"allTests": [
-				{
-					"Response status code is 401": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 401": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 401": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 401": true,
-					"Response content type is application/problem+json": true
-				},
 				{
 					"Response status code is 401": true,
 					"Response content type is application/problem+json": true
@@ -205,7 +178,7 @@
 			"id": "a28f4dde-4e32-43be-9914-b97c1058e54d",
 			"name": "LoginUserFail",
 			"url": "127.0.0.1:8080/auth/login",
-			"time": 1648,
+			"time": 2059,
 			"responseCode": {
 				"code": 400,
 				"name": "Bad Request"
@@ -216,38 +189,18 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 400": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/problem+json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				2518,
-				2451,
-				1853,
-				1601,
-				1648
+				2059
 			],
 			"allTests": [
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
 				{
 					"Response status code is 400": true,
 					"Response content type is application/problem+json": true
@@ -258,7 +211,7 @@
 			"id": "fbd12ddf-939c-4266-aa77-2442fe55c2df",
 			"name": "LoginUserSuccess",
 			"url": "127.0.0.1:8080/auth/login",
-			"time": 1622,
+			"time": 1915,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -272,62 +225,30 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response Content-Type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response has required fields": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Token must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"The refreshToken must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				2556,
-				1604,
-				1606,
-				1891,
-				1622
+				1915
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields": true,
-					"Token must be a non-empty string": true,
-					"The refreshToken must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields": true,
-					"Token must be a non-empty string": true,
-					"The refreshToken must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields": true,
-					"Token must be a non-empty string": true,
-					"The refreshToken must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields": true,
-					"Token must be a non-empty string": true,
-					"The refreshToken must be a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response Content-Type is application/json": true,
@@ -341,7 +262,7 @@
 			"id": "ecb38d56-b671-47a9-9adf-886211b4b5a0",
 			"name": "HelloAuthenticatedSuccess",
 			"url": "127.0.0.1:8080/auth/",
-			"time": 22,
+			"time": 66,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -351,30 +272,14 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				86,
-				18,
-				26,
-				18,
-				22
+				66
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
 				{
 					"Response status code is 200": true
 				}
@@ -384,7 +289,7 @@
 			"id": "7fdf3024-02e5-43e3-89a6-12e0f0474377",
 			"name": "RefreshAccessToken",
 			"url": "127.0.0.1:8080/auth/login",
-			"time": 29,
+			"time": 99,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -398,62 +303,30 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response Content-Type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response has required fields: token and refreshToken": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Token is a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"RefreshToken must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				80,
-				40,
-				47,
-				43,
-				29
+				99
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields: token and refreshToken": true,
-					"Token is a non-empty string": true,
-					"RefreshToken must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields: token and refreshToken": true,
-					"Token is a non-empty string": true,
-					"RefreshToken must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields: token and refreshToken": true,
-					"Token is a non-empty string": true,
-					"RefreshToken must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields: token and refreshToken": true,
-					"Token is a non-empty string": true,
-					"RefreshToken must be a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response Content-Type is application/json": true,
@@ -465,9 +338,9 @@
 		},
 		{
 			"id": "72d7b0c0-7c32-4c81-9210-576734e41136",
-			"name": "HelloAuthenticatedSuccess",
+			"name": "HelloAuthenticatedRefreshedSuccess",
 			"url": "127.0.0.1:8080/auth/",
-			"time": 13,
+			"time": 35,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -477,30 +350,14 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				43,
-				21,
-				31,
-				19,
-				13
+				35
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
 				{
 					"Response status code is 200": true
 				}
@@ -510,7 +367,7 @@
 			"id": "e609169d-9e3a-4867-8aaa-1edb98a2ce7c",
 			"name": "GetAllApiTokensEmpty",
 			"url": "127.0.0.1:8080/api/getAll",
-			"time": 30,
+			"time": 52,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -523,54 +380,26 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response is an array": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"The response array must be empty": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				68,
-				29,
-				33,
-				22,
-				30
+				52
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response is an array": true,
-					"The response array must be empty": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response is an array": true,
-					"The response array must be empty": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response is an array": true,
-					"The response array must be empty": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response is an array": true,
-					"The response array must be empty": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response content type is application/json": true,
@@ -583,7 +412,7 @@
 			"id": "9c133ae9-c512-49bd-b34b-472f2d7898de",
 			"name": "CreateApiToken",
 			"url": "127.0.0.1:8080/api/create",
-			"time": 18,
+			"time": 34,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -596,54 +425,26 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response Content-Type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response has required fields: token and refreshToken": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Token is a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				152,
-				28,
-				26,
-				35,
-				18
+				34
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields: token and refreshToken": true,
-					"Token is a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields: token and refreshToken": true,
-					"Token is a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields: token and refreshToken": true,
-					"Token is a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response has required fields: token and refreshToken": true,
-					"Token is a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response Content-Type is application/json": true,
@@ -656,7 +457,7 @@
 			"id": "031eeba4-d034-4cb1-8616-f6c96824e98d",
 			"name": "GetAllApiTokensNotEmpty",
 			"url": "127.0.0.1:8080/api/getAll",
-			"time": 20,
+			"time": 25,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -670,62 +471,30 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response Content-Type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response is an array": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response array is not empty": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Each item in the response array is a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				30,
-				26,
-				36,
-				33,
-				20
+				25
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response is an array": true,
-					"Response array is not empty": true,
-					"Each item in the response array is a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response is an array": true,
-					"Response array is not empty": true,
-					"Each item in the response array is a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response is an array": true,
-					"Response array is not empty": true,
-					"Each item in the response array is a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response is an array": true,
-					"Response array is not empty": true,
-					"Each item in the response array is a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response Content-Type is application/json": true,
@@ -749,30 +518,14 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				102,
-				24,
-				42,
-				25,
 				25
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
-				{
-					"Response status code is 200": true
-				},
 				{
 					"Response status code is 200": true
 				}
@@ -782,7 +535,7 @@
 			"id": "ff1f6e83-0c74-4652-9c50-eb981a014315",
 			"name": "DeleteUserFailPermission",
 			"url": "127.0.0.1:8080/auth/delete",
-			"time": 32,
+			"time": 29,
 			"responseCode": {
 				"code": 403,
 				"name": "Forbidden"
@@ -793,38 +546,18 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 403": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/problem+json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				528,
-				22,
-				43,
-				23,
-				32
+				29
 			],
 			"allTests": [
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true
-				},
 				{
 					"Response status code is 403": true,
 					"Response content type is application/problem+json": true
@@ -834,8 +567,8 @@
 		{
 			"id": "3c71f887-7c04-44c5-80f0-beedaaca8aae",
 			"name": "DeleteApiTokenFailPermission",
-			"url": "127.0.0.1:8080/api/delete/b2686d54-52e6-4800-803d-996312c4c434",
-			"time": 30,
+			"url": "127.0.0.1:8080/api/delete/e3f005b2-ae4e-4a36-b789-03f6436246bc",
+			"time": 21,
 			"responseCode": {
 				"code": 403,
 				"name": "Forbidden"
@@ -846,38 +579,18 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 403": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/problem+json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				100,
-				16,
-				181,
-				13,
-				30
+				21
 			],
 			"allTests": [
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true
-				},
 				{
 					"Response status code is 403": true,
 					"Response content type is application/problem+json": true
@@ -886,9 +599,9 @@
 		},
 		{
 			"id": "673dd18c-8143-4423-9734-71dcc4e76425",
-			"name": "DeleteApiToken",
-			"url": "127.0.0.1:8080/api/delete/b2686d54-52e6-4800-803d-996312c4c434",
-			"time": 29,
+			"name": "DeleteApiTokenSuccess",
+			"url": "127.0.0.1:8080/api/delete/e3f005b2-ae4e-4a36-b789-03f6436246bc",
+			"time": 53,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -901,54 +614,26 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Content-Type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response contains the required fields": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"ActionType must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				149,
-				26,
-				17,
-				19,
-				29
+				53
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Content-Type is application/json": true,
-					"Response contains the required fields": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Content-Type is application/json": true,
-					"Response contains the required fields": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Content-Type is application/json": true,
-					"Response contains the required fields": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Content-Type is application/json": true,
-					"Response contains the required fields": true,
-					"ActionType must be a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Content-Type is application/json": true,
@@ -961,7 +646,7 @@
 			"id": "4a4a3c7e-38a6-46cd-ae02-6161f6cd99b9",
 			"name": "GetAllApiTokensEmpty",
 			"url": "127.0.0.1:8080/api/getAll",
-			"time": 21,
+			"time": 37,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -974,54 +659,26 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response is an array": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"The response array must be empty": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				268,
-				16,
-				11,
-				18,
-				21
+				37
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response is an array": true,
-					"The response array must be empty": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response is an array": true,
-					"The response array must be empty": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response is an array": true,
-					"The response array must be empty": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response is an array": true,
-					"The response array must be empty": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response content type is application/json": true,
@@ -1034,7 +691,7 @@
 			"id": "e507a9a5-2232-4d6d-9cd8-8d17b92eda67",
 			"name": "HelloAuthenticatedApiTokenFail",
 			"url": "127.0.0.1:8080/auth/",
-			"time": 11,
+			"time": 33,
 			"responseCode": {
 				"code": 401,
 				"name": "Unauthorized"
@@ -1044,30 +701,14 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 401": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				66,
-				13,
-				22,
-				18,
-				11
+				33
 			],
 			"allTests": [
-				{
-					"Response status code is 401": true
-				},
-				{
-					"Response status code is 401": true
-				},
-				{
-					"Response status code is 401": true
-				},
-				{
-					"Response status code is 401": true
-				},
 				{
 					"Response status code is 401": true
 				}
@@ -1077,7 +718,7 @@
 			"id": "6e232a81-8191-43b7-b9a2-84742b7fd851",
 			"name": "ResourceLimit",
 			"url": "127.0.0.1:8080/user/resourceLimit",
-			"time": 28,
+			"time": 72,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -1091,62 +732,30 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/json": {
-					"pass": 5,
-					"fail": 0
-				},
-				"Response has required fields: time and unitType": {
-					"pass": 5,
-					"fail": 0
-				},
-				"Time is not zero and a non-negative integer": {
-					"pass": 5,
-					"fail": 0
-				},
-				"UnitType must be a non-empty string": {
-					"pass": 5,
-					"fail": 0
-				}
-			},
-			"times": [
-				81,
-				23,
-				19,
-				21,
-				28
-			],
-			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response has required fields: time and unitType": true,
-					"Time is not zero and a non-negative integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response has required fields: time and unitType": true,
-					"Time is not zero and a non-negative integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response has required fields: time and unitType": true,
-					"Time is not zero and a non-negative integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response has required fields: time and unitType": true,
-					"Time is not zero and a non-negative integer": true,
-					"UnitType must be a non-empty string": true
+					"pass": 1,
+					"fail": 0
+				},
+				"Response has required fields: time and unitType": {
+					"pass": 1,
+					"fail": 0
 				},
+				"Time is not zero and a non-negative integer": {
+					"pass": 1,
+					"fail": 0
+				},
+				"UnitType must be a non-empty string": {
+					"pass": 1,
+					"fail": 0
+				}
+			},
+			"times": [
+				72
+			],
+			"allTests": [
 				{
 					"Response status code is 200": true,
 					"Response content type is application/json": true,
@@ -1160,7 +769,7 @@
 			"id": "59381005-fa78-4884-a913-2dd7eb478179",
 			"name": "LongRunningTask",
 			"url": "127.0.0.1:8080/user/longRun",
-			"time": 21742,
+			"time": 20027,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -1171,38 +780,18 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Request duration is at least 20 seconds": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				20188,
-				20031,
-				20038,
-				20038,
-				21742
+				20027
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
 				{
 					"Response status code is 200": true,
 					"Request duration is at least 20 seconds": true
@@ -1211,9 +800,9 @@
 		},
 		{
 			"id": "6e7756d0-501e-4aa6-addd-58e621113dbc",
-			"name": "ResourceLimit",
+			"name": "ResourceLimitReduced",
 			"url": "127.0.0.1:8080/user/resourceLimit",
-			"time": 603,
+			"time": 43,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -1227,62 +816,30 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response has required fields: time and unitType": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Time is not zero and a non-negative integer": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"UnitType must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				71,
-				84,
-				37,
-				35,
-				603
+				43
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response has required fields: time and unitType": true,
-					"Time is not zero and a non-negative integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response has required fields: time and unitType": true,
-					"Time is not zero and a non-negative integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response has required fields: time and unitType": true,
-					"Time is not zero and a non-negative integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response content type is application/json": true,
-					"Response has required fields: time and unitType": true,
-					"Time is not zero and a non-negative integer": true,
-					"UnitType must be a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response content type is application/json": true,
@@ -1296,7 +853,7 @@
 			"id": "c4310c60-8b5d-453f-8393-a5aa5ad70648",
 			"name": "LongRunningTaskSecond",
 			"url": "127.0.0.1:8080/user/longRun",
-			"time": 20192,
+			"time": 20038,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -1307,38 +864,18 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Request duration is at least 20 seconds": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				20051,
-				20058,
-				20041,
-				20047,
-				20192
+				20038
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
 				{
 					"Response status code is 200": true,
 					"Request duration is at least 20 seconds": true
@@ -1349,7 +886,7 @@
 			"id": "c2812d37-ceeb-48be-bb04-256ca59993b4",
 			"name": "LongRunningTaskThird",
 			"url": "127.0.0.1:8080/user/longRun",
-			"time": 20145,
+			"time": 20031,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -1360,38 +897,18 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Request duration is at least 20 seconds": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				20072,
-				20034,
-				20102,
-				20079,
-				20145
+				20031
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
-				{
-					"Response status code is 200": true,
-					"Request duration is at least 20 seconds": true
-				},
 				{
 					"Response status code is 200": true,
 					"Request duration is at least 20 seconds": true
@@ -1402,7 +919,7 @@
 			"id": "1443c123-d96e-4559-86d6-0a5cf76c5abf",
 			"name": "LongRunningTaskFailPermission",
 			"url": "127.0.0.1:8080/user/longRun",
-			"time": 44,
+			"time": 20,
 			"responseCode": {
 				"code": 403,
 				"name": "Forbidden"
@@ -1414,46 +931,22 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 403": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/problem+json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Request duration is less than 20 seconds": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				37,
-				33,
-				60,
-				21,
-				44
+				20
 			],
 			"allTests": [
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true,
-					"Request duration is less than 20 seconds": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true,
-					"Request duration is less than 20 seconds": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true,
-					"Request duration is less than 20 seconds": true
-				},
-				{
-					"Response status code is 403": true,
-					"Response content type is application/problem+json": true,
-					"Request duration is less than 20 seconds": true
-				},
 				{
 					"Response status code is 403": true,
 					"Response content type is application/problem+json": true,
@@ -1463,9 +956,9 @@
 		},
 		{
 			"id": "7630449b-537e-4c0b-912e-57cbbef7c341",
-			"name": "ResourceLimit",
+			"name": "ResourceLimitZero",
 			"url": "127.0.0.1:8080/user/resourceLimit",
-			"time": 30,
+			"time": 29,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -1479,62 +972,30 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response Content-Type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response contains required fields: time and unitType": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Time is a zero or a negativ integer": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"UnitType must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				43,
-				32,
-				22,
-				28,
-				30
+				29
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains required fields: time and unitType": true,
-					"Time is a zero or a negativ integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains required fields: time and unitType": true,
-					"Time is a zero or a negativ integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains required fields: time and unitType": true,
-					"Time is a zero or a negativ integer": true,
-					"UnitType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains required fields: time and unitType": true,
-					"Time is a zero or a negativ integer": true,
-					"UnitType must be a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response Content-Type is application/json": true,
@@ -1548,7 +1009,7 @@
 			"id": "a8c1bd51-d747-47ae-971a-3910ade260ab",
 			"name": "DeleteUser",
 			"url": "127.0.0.1:8080/auth/delete",
-			"time": 52,
+			"time": 37,
 			"responseCode": {
 				"code": 200,
 				"name": "OK"
@@ -1561,54 +1022,26 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 200": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response Content-Type is application/json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response contains the required fields": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"ActionType must be a non-empty string": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				78,
-				50,
-				55,
-				36,
-				52
+				37
 			],
 			"allTests": [
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains the required fields": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains the required fields": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains the required fields": true,
-					"ActionType must be a non-empty string": true
-				},
-				{
-					"Response status code is 200": true,
-					"Response Content-Type is application/json": true,
-					"Response contains the required fields": true,
-					"ActionType must be a non-empty string": true
-				},
 				{
 					"Response status code is 200": true,
 					"Response Content-Type is application/json": true,
@@ -1619,9 +1052,9 @@
 		},
 		{
 			"id": "0055c096-c7af-41f7-857c-5c764624e06a",
-			"name": "LoginUserFail",
+			"name": "LoginUserFailDeleted",
 			"url": "127.0.0.1:8080/auth/login",
-			"time": 69,
+			"time": 25,
 			"responseCode": {
 				"code": 400,
 				"name": "Bad Request"
@@ -1632,49 +1065,114 @@
 			},
 			"testPassFailCounts": {
 				"Response status code is 400": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				},
 				"Response content type is application/problem+json": {
-					"pass": 5,
+					"pass": 1,
 					"fail": 0
 				}
 			},
 			"times": [
-				106,
-				43,
-				58,
-				44,
-				69
+				25
 			],
 			"allTests": [
 				{
 					"Response status code is 400": true,
 					"Response content type is application/problem+json": true
-				},
-				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
+				}
+			]
+		},
+		{
+			"id": "92d0c076-1116-40ff-bdca-f941dbdf37b8",
+			"name": "RateLimitFirst",
+			"url": "127.0.0.1:8080/auth/",
+			"time": 18,
+			"responseCode": {
+				"code": 401,
+				"name": "Unauthorized"
+			},
+			"tests": {
+				"Response status code is 401": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 401": {
+					"pass": 1,
+					"fail": 0
+				}
+			},
+			"times": [
+				18
+			],
+			"allTests": [
 				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
+					"Response status code is 401": true
+				}
+			]
+		},
+		{
+			"id": "d7fed56a-5b32-43e0-be01-600e62d541be",
+			"name": "RateLimitSecond",
+			"url": "127.0.0.1:8080/user/resourceLimit",
+			"time": 6,
+			"responseCode": {
+				"code": 401,
+				"name": "Unauthorized"
+			},
+			"tests": {
+				"Response status code is 401 or 429": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 401 or 429": {
+					"pass": 1,
+					"fail": 0
+				}
+			},
+			"times": [
+				6
+			],
+			"allTests": [
 				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
-				},
+					"Response status code is 401 or 429": true
+				}
+			]
+		},
+		{
+			"id": "82005ed8-b279-4879-920f-31dd0c586a90",
+			"name": "RateLimitFailRequest",
+			"url": "127.0.0.1:8080/user/resourceLimit",
+			"time": 5,
+			"responseCode": {
+				"code": 429,
+				"name": "Unauthorized"
+			},
+			"tests": {
+				"Response status code is 429": true
+			},
+			"testPassFailCounts": {
+				"Response status code is 429": {
+					"pass": 1,
+					"fail": 0
+				}
+			},
+			"times": [
+				5
+			],
+			"allTests": [
 				{
-					"Response status code is 400": true,
-					"Response content type is application/problem+json": true
+					"Response status code is 429": true
 				}
 			]
 		}
 	],
-	"count": 5,
-	"totalTime": 339109,
+	"count": 1,
+	"totalTime": 69265,
 	"collection": {
 		"requests": [
+			{
+				"id": "b9a5d7a6-b8dd-428c-9c1c-474fb3a2ad07",
+				"method": "POST"
+			},
 			{
 				"id": "15986188-ab75-40be-8bdb-79f41bf87a1a",
 				"method": "POST"
@@ -1778,6 +1276,18 @@
 			{
 				"id": "0055c096-c7af-41f7-857c-5c764624e06a",
 				"method": "POST"
+			},
+			{
+				"id": "92d0c076-1116-40ff-bdca-f941dbdf37b8",
+				"method": "GET"
+			},
+			{
+				"id": "d7fed56a-5b32-43e0-be01-600e62d541be",
+				"method": "GET"
+			},
+			{
+				"id": "82005ed8-b279-4879-920f-31dd0c586a90",
+				"method": "GET"
 			}
 		]
 	}