diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultUserService.java
index 6a84d247..7f272ab9 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/DefaultUserService.java
@@ -874,7 +874,7 @@ public class DefaultUserService
         throws RedbackServiceException
     {
         User user = getUser( username );
-        if ( user == null )
+        if ( user != null )
         {
             user.setLocked( false );
             updateUser( user );
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java
index dbb17eb6..04e66390 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/UserServiceTest.java
@@ -69,7 +69,7 @@ public class UserServiceTest
         assertFalse( users.isEmpty() );
     }
 
-    @Test( expected = ServerWebApplicationException.class )
+    @Test (expected = ServerWebApplicationException.class)
     public void getUsersWithoutAuthz()
         throws Exception
     {
@@ -379,6 +379,45 @@ public class UserServiceTest
         getUserService( authorizationHeader ).deleteUser( "toto" );
     }
 
+    @Test
+    public void lockUnlockUser()
+        throws Exception
+    {
+        try
+        {
+
+            // START SNIPPET: create-user
+            User user = new User( "toto", "toto the king", "toto@toto.fr", false, false );
+            user.setPassword( "foo123" );
+            user.setPermanent( false );
+            user.setPasswordChangeRequired( false );
+            user.setLocked( false );
+            user.setValidated( true );
+            UserService userService = getUserService( authorizationHeader );
+            userService.createUser( user );
+            // END SNIPPET: create-user
+            user = userService.getUser( "toto" );
+            assertNotNull( user );
+            assertEquals( "toto the king", user.getFullName() );
+            assertEquals( "toto@toto.fr", user.getEmail() );
+            getLoginService( encode( "toto", "foo123" ) ).pingWithAutz();
+
+            userService.lockUser( "toto" );
+
+            assertTrue( userService.getUser( "toto" ).isLocked() );
+
+            userService.unlockUser( "toto" );
+
+            assertFalse( userService.getUser( "toto" ).isLocked() );
+        }
+        finally
+        {
+            getUserService( authorizationHeader ).deleteUser( "toto" );
+            getUserService( authorizationHeader ).removeFromCache( "toto" );
+            assertNull( getUserService( authorizationHeader ).getUser( "toto" ) );
+        }
+    }
+
     public void guestUserCreate()
         throws Exception
     {