diff --git a/.classpath b/.classpath
index e43402f..63c80a6 100644
--- a/.classpath
+++ b/.classpath
@@ -15,11 +15,13 @@
 		<attributes>
 			<attribute name="optional" value="true"/>
 			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.7">
@@ -30,6 +32,7 @@
 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
 		<attributes>
 			<attribute name="maven.pomderived" value="true"/>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="output" path="target/classes"/>
diff --git a/.project b/.project
index 34bcc98..ebd0631 100644
--- a/.project
+++ b/.project
@@ -15,6 +15,11 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 		<buildCommand>
 			<name>org.eclipse.m2e.core.maven2Builder</name>
 			<arguments>
@@ -22,8 +27,11 @@
 		</buildCommand>
 	</buildSpec>
 	<natures>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.m2e.core.maven2Nature</nature>
 		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
 	</natures>
 </projectDescription>
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index ec4300d..8db228c 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -1,5 +1,9 @@
 eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.7
 org.eclipse.jdt.core.compiler.compliance=1.7
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.release=disabled
 org.eclipse.jdt.core.compiler.source=1.7
diff --git a/pom.xml b/pom.xml
index 68de193..861e2ce 100644
--- a/pom.xml
+++ b/pom.xml
@@ -10,7 +10,7 @@
 
 	<groupId>org.gcube.common</groupId>
 	<artifactId>authorization-service</artifactId>
-	<version>2.0.2-SNAPSHOT</version>
+	<version>2.0.3-SNAPSHOT</version>
 	<name>authorization service</name>
 
 	<packaging>war</packaging>
@@ -115,7 +115,7 @@
 		<dependency>
 			<artifactId>eclipselink</artifactId>
 			<groupId>org.eclipse.persistence</groupId>
-			<version>2.5.1</version>
+			<version>2.6.6</version>
 		</dependency>
 
 		<dependency>
diff --git a/src/main/java/org/gcube/common/authorizationservice/TokenManager.java b/src/main/java/org/gcube/common/authorizationservice/TokenManager.java
index 4cd4c5f..d0d497b 100644
--- a/src/main/java/org/gcube/common/authorizationservice/TokenManager.java
+++ b/src/main/java/org/gcube/common/authorizationservice/TokenManager.java
@@ -1,8 +1,12 @@
 package org.gcube.common.authorizationservice;
 
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 import java.util.UUID;
 
 import javax.inject.Inject;
+import javax.print.attribute.HashAttributeSet;
 import javax.servlet.http.HttpServletRequest;
 import javax.validation.constraints.NotNull;
 import javax.ws.rs.Consumes;
@@ -26,9 +30,12 @@ import org.gcube.common.authorization.library.provider.ContainerInfo;
 import org.gcube.common.authorization.library.provider.ExternalServiceInfo;
 import org.gcube.common.authorization.library.provider.ServiceInfo;
 import org.gcube.common.authorization.library.provider.UserInfo;
+import org.gcube.common.authorization.library.utils.ListMapper;
 import org.gcube.common.authorizationservice.filters.AuthorizedCallFilter;
 import org.gcube.common.authorizationservice.util.Constants;
 import org.gcube.common.authorizationservice.util.TokenPersistence;
+import org.gcube.common.scope.api.ScopeProvider;
+import org.gcube.common.scope.api.ServiceMap;
 
 @Path("token")
 @Slf4j
@@ -61,11 +68,13 @@ public class TokenManager {
 			throw new WebApplicationException(Response.status(Response.Status.NOT_FOUND)
 					.entity("token "+token+" not found").type(MediaType.TEXT_PLAIN).build());
 		}
-
-		//TODO: re-add it with common-scope 2.0
-		/* 
+		
+		
+		/*
 		try{
-			ServiceMap map =   .instance.getMap(info.getContext());
+			ScopeProvider.instance.set(info.getContext());
+			ServiceMap map =  ServiceMap.instance;
+			ScopeProvider.instance.reset();
 			info.setMap(map);
 		}catch(Exception e){
 			log.error("error retrieving map for {}", info.getContext(), e);
@@ -77,7 +86,10 @@ public class TokenManager {
 		return info;
 
 	}
+	
+	
 
+	
 	/**
 	 * 
 	 * retrieves the AuthorzationEntry connected to the specified token
@@ -155,7 +167,35 @@ public class TokenManager {
 					.entity("Error Generating Token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
 		} 
 	}
+	
+	/**
+	 * 
+	 * Generates a token for a user (saving the passed roles) if it doesn't exist yet.
+	 * 
+	 * @param userName
+	 * @param roles
+	 * @return the generated token or the token related to the user (if it was already created)
+	 */
+	@Path("user/{token}/roles")
+	@PUT
+	@Consumes(MediaType.APPLICATION_XML)
+	public String setRoles(ListMapper roles, 
+			@NotNull @PathParam("token") String token) {
 
+		try{
+
+			log.info("update roles called");
+
+			persistence.updateAuthorizationEntry(token, roles.getList())		;				
+
+			return token;
+		}catch(Exception e){
+			log.error("error setting roles to token ",e);
+			throw new WebApplicationException(Response.status(Response.Status.BAD_REQUEST)
+					.entity("Error setting roles to token: "+e.getMessage()).type(MediaType.TEXT_PLAIN).build());
+		} 
+	}
+	
 	
 	/**
 	 * 
diff --git a/src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java b/src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java
index 06dec3c..f485324 100644
--- a/src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java
+++ b/src/main/java/org/gcube/common/authorizationservice/persistence/RelationDBPersistence.java
@@ -18,6 +18,7 @@ import javax.persistence.TypedQuery;
 import lombok.extern.slf4j.Slf4j;
 
 import org.gcube.common.authorization.library.AuthorizationEntry;
+import org.gcube.common.authorization.library.ClientType;
 import org.gcube.common.authorization.library.policies.Policy;
 import org.gcube.common.authorization.library.policies.PolicyType;
 import org.gcube.common.authorization.library.policies.Service2ServicePolicy;
@@ -147,6 +148,42 @@ public class RelationDBPersistence implements TokenPersistence{
 			}
 		}
 	}
+	
+	@Override
+	public void updateAuthorizationEntry(String token,
+			List<String> roles) {
+		
+		EntityManager em = emFactory.createEntityManager();
+		
+		
+		TypedQuery<AuthorizationEntity> query = em.createNamedQuery("Authz.get", AuthorizationEntity.class);
+		query.setParameter("token", token);
+		AuthorizationEntity authEntity;
+		try{
+			authEntity = query.getSingleResult(); 
+		}catch (NoResultException e){
+			log.warn("no result found for token {}",token);
+			throw new IllegalArgumentException("the token does not exist");
+		}
+		
+		
+		if (authEntity.getInfo().getType()== ClientType.USER) {
+			log.debug("setting roles {}", roles);
+			UserInfo ui = new UserInfo(authEntity.getInfo().getId(), roles);
+			authEntity.setInfo(ui);
+			EntityTransaction tx = em.getTransaction();
+			try {
+				tx.begin();
+				AuthorizationEntity merged = em.merge(authEntity);
+				tx.commit();
+				log.debug("entity merged: {}", merged);
+			}finally {
+				em.close();
+			}
+		} else
+			throw new IllegalArgumentException("the token is not representing a user");
+		
+	}
 
 
 	@Override
diff --git a/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java b/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java
index 7670ba1..b7ac49f 100644
--- a/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java
+++ b/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationEntity.java
@@ -1,8 +1,12 @@
 package org.gcube.common.authorizationservice.persistence.entities;
 
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Calendar;
 import java.util.List;
 
+import javax.persistence.Access;
+import javax.persistence.AccessType;
 import javax.persistence.Column;
 import javax.persistence.Convert;
 import javax.persistence.DiscriminatorColumn;
@@ -28,11 +32,14 @@ import org.gcube.common.authorizationservice.persistence.entities.ServicePolicyE
 import org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter;
 import org.gcube.common.authorizationservice.util.Constants;
 import org.jboss.weld.exceptions.IllegalArgumentException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 @Entity
 @Inheritance
 @DiscriminatorColumn(name="EntryType")
 @Table(name="Authorizations")
+@Access(AccessType.FIELD)
 @NamedQueries({
 	@NamedQuery(name="Authz.get", query="SELECT DISTINCT info FROM AuthorizationEntity info WHERE  "
 		+ " info.token=:token"),
@@ -112,6 +119,11 @@ public abstract class AuthorizationEntity {
 		return this.info;
 	}
 	
+	public void setInfo(ClientInfo info) {
+		this.info = info;
+		this.internalInfo = retriveInternalInfo(info);
+	}
+	
 	public String getEntryType() {
 		return entryType;
 	}
@@ -139,7 +151,7 @@ public abstract class AuthorizationEntity {
 	private ClientInfo retieveInfo() {
 		switch (entryType) {
 		case EntityConstants.USER_AUTHORIZATION:
-			return new UserInfo(this.internalInfo.identifier, this.internalInfo.roles);
+			return new UserInfo(this.internalInfo.identifier, this.internalInfo.getRoles());
 		case EntityConstants.SERVICE_AUTHORIZATION:
 			return new ServiceInfo(new ServiceIdentifier(this.internalInfo.service.clientServiceClass, this.internalInfo.service.clientServiceName, this.internalInfo.service.clientServiceIdentifier));
 		case EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION:
@@ -155,15 +167,15 @@ public abstract class AuthorizationEntity {
 	private ClientInfoEntity retriveInternalInfo(ClientInfo info2) {
 		switch (entryType) {
 		case EntityConstants.USER_AUTHORIZATION:
-			return ClientInfoEntity.forUser(info.getId(), info.getRoles());
+			return ClientInfoEntity.forUser(info2.getId(), info2.getRoles());
 		case EntityConstants.SERVICE_AUTHORIZATION:
-			ServiceIdentifier identifier = ((ServiceInfo) this.info).getServiceIdentifier();
+			ServiceIdentifier identifier = ((ServiceInfo) info2).getServiceIdentifier();
 			return ClientInfoEntity.forService(identifier.getServiceClass(), identifier.getServiceName(), identifier.getServiceId());
 		case EntityConstants.EXTERNAL_SERVICE_AUTHORIZATION:
-			ExternalServiceInfo externalServiceInfo = (ExternalServiceInfo) this.info;
+			ExternalServiceInfo externalServiceInfo = (ExternalServiceInfo) info2;
 			return ClientInfoEntity.forExternalService(externalServiceInfo.getId(), externalServiceInfo.getGeneratedBy());
 		case EntityConstants.CONTAINER_AUTHORIZATION:
-			ContainerInfo containerInfo = (ContainerInfo) this.info;
+			ContainerInfo containerInfo = (ContainerInfo) info2 ;
 			return ClientInfoEntity.forContainer(containerInfo.getHost(), containerInfo.getPort());
 		default:
 			throw new IllegalArgumentException("invalid entity type");
@@ -173,20 +185,23 @@ public abstract class AuthorizationEntity {
 	@Override
 	public String toString() {
 		return "AuthorizationEntity [id=" + id + ", token=" + token
-				+ ", creationTime=" + creationTime + ", entryType=" + entryType
+				+ ", creationTime=" + creationTime + ", entryType=" + entryType +", "+internalInfo 
 				+ "]";
 	}
 	
+	
+	
 	@Embeddable
+	@Access(AccessType.FIELD)
 	private static class ClientInfoEntity {
 				
 		// userInfo
 		@Column(name="info_identifier")
 		private String identifier;
 		
+				
 		@Column(name="info_roles", length=2000)
-		@Convert(converter=StringListConverter.class)
-		private List<String> roles;
+		private String internalRoles;
 		
 		//serviceInfo
 		@Embedded
@@ -202,6 +217,10 @@ public abstract class AuthorizationEntity {
 		@Column(name="info_port")
 		private int port;
 		
+		protected List<String> getRoles(){
+			return stringToRoles(internalRoles);
+		}
+		
 		protected static ClientInfoEntity forExternalService(String identifier, String generatedBy){
 			ClientInfoEntity entry =new ClientInfoEntity();
 			entry.generatedBy= generatedBy;
@@ -222,7 +241,7 @@ public abstract class AuthorizationEntity {
 		
 		protected static ClientInfoEntity forUser(String identifier, List<String> roles){
 			ClientInfoEntity entry =new ClientInfoEntity();
-			entry.roles= roles;
+			entry.internalRoles= rolesToString(roles);
 			entry.identifier = identifier;
 			return entry;
 		}
@@ -233,6 +252,28 @@ public abstract class AuthorizationEntity {
 			entry.port = port;
 			return entry;
 		}
+
+		@Override
+		public String toString() {
+			return "ClientInfoEntity [identifier=" + identifier + ", roles=" + internalRoles + ", service=" + service
+					+ ", generatedBy=" + generatedBy + ", host=" + host + ", port=" + port + "]";
+		}
+			
+		private static String rolesToString(List<String> roles) {
+			if (roles!=null && roles.size()>0){
+				StringBuilder builder = new StringBuilder();
+				for (String value: roles)
+					builder.append(value).append(",||,");
+				return builder.substring(0, builder.length()-4);
+			} else return "";
+		}
+		
+		private static List<String> stringToRoles(String entry){
+			if (entry!=null && !entry.isEmpty()){
+				return Arrays.asList(entry.split(",\\|\\|,"));
+			}
+			else return new ArrayList<String>(0);
+		}
 		
 	}
 }
diff --git a/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationId.java b/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationId.java
index 8e6fcd8..45a2816 100644
--- a/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationId.java
+++ b/src/main/java/org/gcube/common/authorizationservice/persistence/entities/AuthorizationId.java
@@ -1,15 +1,22 @@
 package org.gcube.common.authorizationservice.persistence.entities;
 
+import java.io.Serializable;
+
 import javax.persistence.Embeddable;
 
 @Embeddable
-public class AuthorizationId {
+public class AuthorizationId implements Serializable {
 		
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 1L;
+	
 	String context;
 	String clientId;
 	String qualifier;
 	
-	protected AuthorizationId() {
+	public AuthorizationId() {
 		super();
 	}
 
diff --git a/src/main/java/org/gcube/common/authorizationservice/persistence/entities/converters/StringListConverter.java b/src/main/java/org/gcube/common/authorizationservice/persistence/entities/converters/StringListConverter.java
index 3b4af9a..9286ad9 100644
--- a/src/main/java/org/gcube/common/authorizationservice/persistence/entities/converters/StringListConverter.java
+++ b/src/main/java/org/gcube/common/authorizationservice/persistence/entities/converters/StringListConverter.java
@@ -4,13 +4,9 @@ import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
 
-import javax.persistence.AttributeConverter;
-import javax.persistence.Converter;
 
-@Converter
-public class StringListConverter implements AttributeConverter<List<String>, String>{
+public class StringListConverter {
 
-	@Override
 	public String convertToDatabaseColumn(List<String> list) {
 
 		if (list!=null && list.size()>0){
@@ -21,7 +17,6 @@ public class StringListConverter implements AttributeConverter<List<String>, Str
 		} else return "";
 	}
 
-	@Override
 	public List<String> convertToEntityAttribute(String dbEntry) {
 		if (dbEntry!=null && !dbEntry.isEmpty()){
 			return Arrays.asList(dbEntry.split(",\\|\\|,"));
diff --git a/src/main/java/org/gcube/common/authorizationservice/util/TokenPersistence.java b/src/main/java/org/gcube/common/authorizationservice/util/TokenPersistence.java
index a9dcfb8..76e1f5e 100644
--- a/src/main/java/org/gcube/common/authorizationservice/util/TokenPersistence.java
+++ b/src/main/java/org/gcube/common/authorizationservice/util/TokenPersistence.java
@@ -36,5 +36,7 @@ public interface TokenPersistence {
 	Map<String, String> getExistingExternalServices(String generatorId,
 			String context);
 
+	void updateAuthorizationEntry(String token, List<String> roles);
+
 
 }
diff --git a/src/main/resources/META-INF/beans.xml b/src/main/resources/META-INF/beans.xml
index 7c7e8db..00e43a2 100644
--- a/src/main/resources/META-INF/beans.xml
+++ b/src/main/resources/META-INF/beans.xml
@@ -1,5 +1,4 @@
 <beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
-    http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd">
+       xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee">
 </beans>
\ No newline at end of file
diff --git a/src/main/resources/META-INF/persistence.xml b/src/main/resources/META-INF/persistence.xml
index c8809e3..51ebc92 100644
--- a/src/main/resources/META-INF/persistence.xml
+++ b/src/main/resources/META-INF/persistence.xml
@@ -6,18 +6,19 @@
 	<persistence-unit name="authorization" transaction-type="RESOURCE_LOCAL">
 		<provider>org.eclipse.persistence.jpa.PersistenceProvider</provider>
 		
-		<!-- Converters -->
-		<class>org.gcube.common.authorizationservice.persistence.entities.converters.StringListConverter</class>
-		
-		
+				
 		<!-- Entities -->
 		<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity</class>
-		<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
-		<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationEntity.ClientInfoEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.AuthorizationId</class>
 		<class>org.gcube.common.authorizationservice.persistence.entities.ExternalServiceAuthorizationEntity</class>
 		<class>org.gcube.common.authorizationservice.persistence.entities.NodeAuthorizationEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.PendingEntity</class>
 		<class>org.gcube.common.authorizationservice.persistence.entities.PolicyEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.ServiceAuthorizationEntity</class>
 		<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.ServicePolicyEntity.ServiceAccessEntity</class>
+		<class>org.gcube.common.authorizationservice.persistence.entities.UserAuthorizationEntity</class>
 		<class>org.gcube.common.authorizationservice.persistence.entities.UserPolicyEntity</class>
 		<properties>
 			<property name="javax.persistence.jdbc.url"
@@ -28,6 +29,7 @@
 			<property name="eclipselink.ddl-generation" value="create-tables" />
 			<property name="eclipselink.ddl-generation.output-mode"
 				value="database" />
+			<property name="eclipselink.weaving.changetracking" value="false"/>	
 		</properties>
 	</persistence-unit>
 </persistence>
\ No newline at end of file
diff --git a/src/test/resources/META-INF/beans.xml b/src/test/resources/META-INF/beans.xml
index 5cfb427..2177022 100644
--- a/src/test/resources/META-INF/beans.xml
+++ b/src/test/resources/META-INF/beans.xml
@@ -1,7 +1,6 @@
 <beans xmlns="http://xmlns.jcp.org/xml/ns/javaee"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-       xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee 
-    http://xmlns.jcp.org/xml/ns/javaee/beans_1_1.xsd">
+       xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee">
     <alternatives>
     	<class>org.gcube.common.authorizationservice.persistence.DataBaseProducer</class>
     </alternatives>