diff --git a/build.gradle b/build.gradle
index 9af87ed3477f344a965cd5287c3f2dd825b56593..3e458afa6ba62ece2b9a0eb4c417e307b3a87b48 100644
--- a/build.gradle
+++ b/build.gradle
@@ -1,6 +1,6 @@
def vXnat = '1.7.0-SNAPSHOT'
def vXnatPipeline = vXnat
-def vSpring = '4.2.4.RELEASE'
+def vSpring = '4.2.5.RELEASE'
def vSpringSecurity = '4.0.3.RELEASE'
def vSwagger = '2.3.1'
def vHibernate = '4.3.11.Final'
@@ -297,6 +297,7 @@ dependencies {
compile "com.fasterxml.jackson.core:jackson-annotations:${vJackson}"
compile "com.fasterxml.jackson.core:jackson-core:${vJackson}"
compile "com.fasterxml.jackson.core:jackson-databind:${vJackson}"
+ compile "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:${vJackson}"
compile "org.json:json:20151123"
compile "xerces:xercesImpl:2.11.0"
diff --git a/src/main/java/org/nrg/xapi/rest/AbstractXnatRestApi.java b/src/main/java/org/nrg/xapi/rest/AbstractXnatRestApi.java
deleted file mode 100644
index 1c2e5618ccf9f84c1fe3c419d581adfa64122139..0000000000000000000000000000000000000000
--- a/src/main/java/org/nrg/xapi/rest/AbstractXnatRestApi.java
+++ /dev/null
@@ -1,39 +0,0 @@
-package org.nrg.xapi.rest;
-
-import org.nrg.xdat.security.XDATUser;
-import org.nrg.xft.security.UserI;
-import org.springframework.http.HttpStatus;
-import org.springframework.security.core.context.SecurityContextHolder;
-
-/**
- * Provides basic functions for integrating Spring REST controllers with XNAT.
- */
-public abstract class AbstractXnatRestApi {
- protected HttpStatus isPermitted(String id) {
- UserI sessionUser = getSessionUser();
- if (sessionUser == null) {
- return HttpStatus.UNAUTHORIZED;
- }
- if ((sessionUser.getUsername().equals(id)) || (isPermitted() == null)) {
- return null;
- }
- return HttpStatus.FORBIDDEN;
- }
-
- protected UserI getSessionUser() {
- Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
- if ((principal instanceof UserI)) {
- return (UserI) principal;
- }
- return null;
- }
-
- protected HttpStatus isPermitted() {
- UserI sessionUser = getSessionUser();
- if ((sessionUser instanceof XDATUser)) {
- return ((XDATUser) sessionUser).isSiteAdmin() ? null : HttpStatus.FORBIDDEN;
- }
-
- return null;
- }
-}
diff --git a/src/main/java/org/nrg/xapi/rest/users/UsersApi.java b/src/main/java/org/nrg/xapi/rest/users/UsersApi.java
index 34fe4503d523444757a45266d1664b4310bfe703..83adf8bec14a3763714b4df255e46c030cd60d9d 100644
--- a/src/main/java/org/nrg/xapi/rest/users/UsersApi.java
+++ b/src/main/java/org/nrg/xapi/rest/users/UsersApi.java
@@ -3,9 +3,8 @@ package org.nrg.xapi.rest.users;
import io.swagger.annotations.*;
import org.apache.commons.lang3.StringUtils;
import org.nrg.xapi.model.users.User;
-import org.nrg.xapi.rest.AbstractXnatRestApi;
import org.nrg.xapi.rest.NotFoundException;
-import org.nrg.xdat.security.XDATUser;
+import org.nrg.xdat.rest.AbstractXnatRestApi;
import org.nrg.xdat.security.helpers.Users;
import org.nrg.xdat.security.user.exceptions.UserInitException;
import org.nrg.xdat.security.user.exceptions.UserNotFoundException;
@@ -16,7 +15,6 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
-import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.bind.annotation.*;
import java.util.ArrayList;