diff --git a/pom.xml b/pom.xml
index 2dc6fc63f..b675a8e1b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -61,7 +61,7 @@
     <maven-model-converter.version>2.1</maven-model-converter.version>
     <maven.indexer.version>5.1.1</maven.indexer.version>
     <wagon.version>2.9</wagon.version>
-    <redback.version>2.6.1</redback.version>
+    <redback.version>2.6.2-SNAPSHOT</redback.version>
     <redback.cache.version>2.2</redback.cache.version>
     <redback.quartz.version>2.1</redback.quartz.version>
     <redback.registry.version>2.4</redback.registry.version>
@@ -1828,6 +1828,7 @@
               <exclude>*.sh</exclude>
               <exclude>.git/**</exclude>
               <exclude>src/test/resources/projects/compile/goal.txt</exclude>
+              <exclude>src/test/sh/*.sh</exclude>
               <exclude>**/*.iml</exclude>
               <exclude>build-number.txt</exclude>
               <exclude>.idea/**</exclude>
diff --git a/src/test/sh/test_user_update.sh b/src/test/sh/test_user_update.sh
new file mode 100755
index 000000000..131bf4fc5
--- /dev/null
+++ b/src/test/sh/test_user_update.sh
@@ -0,0 +1,91 @@
+#!/bin/bash
+
+MY_USER="test"
+ADMIN_USER="admin"
+ARCHIVA_URL="http://localhost:8080"
+
+while [ ! -z "$1" ]; do
+   case $1 in
+     -u)
+       shift
+       MY_USER_PWD="$1"
+       ;;
+     -a)
+       shift
+       ADMIN_PWD="$1"
+       ;;
+     *)
+       ;;
+   esac
+   shift
+done
+
+if [ -z "${MY_USER_PWD}" ]; then
+  read -s -p "Enter Password of user ${MY_USER}: " MY_USER_PWD
+  echo " "
+fi
+if [ -z "${ADMIN_PWD}" ]; then
+  read -s -p "Enter Password of user ${ADMIN_USER}: " ADMIN_PWD
+  echo " "
+fi
+
+echo "Login with user ${MY_USER}"
+OUTPUT=$(curl -s -w '\nhttp_code=%{response_code}\n' --cookie-jar cookies.txt -H "Content-Type: application/xml" -H "Accept: application/json" -H "Origin: ${ARCHIVA_URL}" -d "<loginRequest><username>${MY_USER}</username><password>${MY_USER_PWD}</password></loginRequest>" "${ARCHIVA_URL}/restServices/redbackServices/loginService/logIn")
+
+CODE=$(echo $OUTPUT |sed -n -e 's/.*http_code=\(.*\)/\1/gp')
+TOKEN=$(echo $OUTPUT |sed -n -e 's/.*"validationToken":"\([^"]\+\)".*/\1/gp')
+
+if [ "$CODE" != "200" ]; then
+  echo "Login with user ${MY_USER} failed. HTTP Response: $CODE"
+  echo "$OUTPUT"
+  exit 1
+fi
+
+NEW_MY_USER_PWD="$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 10 | head -n 1)"
+echo "Updating user password with new value: ${NEW_MY_USER_PWD}"
+OUTPUT=$(curl -s --cookie cookies.txt -w '\nhttp_code=%{response_code}\n' -d "<user><username>${MY_USER}</username><password>${NEW_MY_USER_PWD}</password><validated>true</validated></user>" -H "X-XSRF-TOKEN: ${TOKEN}" -H "Content-Type: application/xml" -H "Origin: ${ARCHIVA_URL}" -H "Accept: application/json"  "${ARCHIVA_URL}/restServices/redbackServices/userService/updateUser")
+
+CODE=$(echo $OUTPUT |sed -n -e 's/.*http_code=\(.*\)/\1/gp')
+if [ "${CODE}" != "200" ]; then
+  echo "Could not update user password"
+  echo "HTTP Response: $CODE"
+  echo "$OUTPUT"
+  exit 1
+fi
+
+NEW_ADMIN_PWD="$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 10 | head -n 1)"
+echo "Trying to update admin password with new value: ${NEW_ADMIN_PWD}"
+
+OUTPUT=$(curl -s --cookie cookies.txt -w '\nhttp_code=%{response_code}\n' -d "<user><username>${ADMIN_USER}</username><password>${NEW_ADMIN_PWD}</password><validated>true</validated></user>" -H "X-XSRF-TOKEN: ${TOKEN}" -H "Content-Type: application/xml" -H "Origin: ${ARCHIVA_URL}" -H "Accept: application/json"  "${ARCHIVA_URL}/restServices/redbackServices/userService/updateUser")
+
+echo "$OUTPUT"
+
+CODE=$(echo $OUTPUT |sed -n -e 's/.*http_code=\(.*\)/\1/gp')
+if [ "${CODE}" == "200" ]; then
+  echo "Could update admin password as normal user! This should not happen."
+  exit 1
+elif [ "${CODE}" == "403" ]; then
+  echo "This is fine. Could not update admin password as normal user."
+else
+  echo "Unexpected response while updating admin password"
+  echo "$OUTPUT"
+  exit 1
+fi
+
+NEW_MY_USER_PWD="$(cat /dev/urandom | tr -dc 'a-z0-9' | fold -w 10 | head -n 1)"
+echo "Setting password for user ${MY_USER} by using admin account to new value: ${NEW_MY_USER_PWD}"
+
+rm -f cookies.txt
+OUTPUT=$(curl -s -w '\nhttp_code=%{response_code}\n' --cookie-jar cookies.txt -H "Content-Type: application/xml" -H "Accept: application/json" -H "Origin: ${ARCHIVA_URL}" -d "<loginRequest><username>${ADMIN_USER}</username><password>${ADMIN_PWD}</password></loginRequest>" "${ARCHIVA_URL}/restServices/redbackServices/loginService/logIn")
+TOKEN=$(echo $OUTPUT |sed -n -e 's/.*"validationToken":"\([^"]\+\)".*/\1/gp')
+
+OUTPUT=$(curl -s --cookie cookies.txt -w '\nhttp_code=%{response_code}\n' -d "<user><username>${MY_USER}</username><password>${NEW_MY_USER_PWD}</password><validated>true</validated></user>" -H "X-XSRF-TOKEN: ${TOKEN}" -H "Content-Type: application/xml" -H "Origin: ${ARCHIVA_URL}" -H "Accept: application/json"  "${ARCHIVA_URL}/restServices/redbackServices/userService/updateUser")
+
+CODE=$(echo $OUTPUT |sed -n -e 's/.*http_code=\(.*\)/\1/gp')
+if [ "$CODE" != "200" ]; then
+  echo "Error during user password update"
+  echo "$OUTPUT"
+  exit 1
+fi
+
+echo "Current password for user ${MY_USER}: ${NEW_MY_USER_PWD}"