Merge with master. Version set to 2.4.1.

7 years ago · 42d57c2216
300 changed files with 18451 additions and 11522 deletions
--- a/application/pom.xml
+++ b/application/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>thingsboard</artifactId>
    </parent>
    <artifactId>application</artifactId>
@ -52,6 +52,10 @@
            <!-- Explicitly bring in the linux classifier, test may fail on 32-bit linux -->
            <classifier>linux-x86_64</classifier>
        </dependency>
+        <dependency>
+            <groupId>org.thingsboard.common</groupId>
+            <artifactId>util</artifactId>
+        </dependency>
        <dependency>
            <groupId>org.thingsboard.rule-engine</groupId>
            <artifactId>rule-engine-api</artifactId>
@ -200,10 +204,6 @@
            <groupId>io.grpc</groupId>
            <artifactId>grpc-stub</artifactId>
        </dependency>
-        <dependency>
-            <groupId>io.springfox</groupId>
-            <artifactId>springfox-swagger-ui</artifactId>
-        </dependency>
        <dependency>
            <groupId>io.springfox</groupId>
            <artifactId>springfox-swagger2</artifactId>
@ -272,6 +272,14 @@
            <groupId>io.springfox.ui</groupId>
            <artifactId>springfox-swagger-ui-rfc6570</artifactId>
        </dependency>
+        <dependency>
+            <groupId>org.passay</groupId>
+            <artifactId>passay</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.github.ua-parser</groupId>
+            <artifactId>uap-java</artifactId>
+        </dependency>
    </dependencies>

    <build>
--- a/application/src/main/data/json/system/widget_bundles/cards.json
+++ b/application/src/main/data/json/system/widget_bundles/cards.json
@ -31,8 +31,8 @@
        "resources": [],
        "templateHtml": "<tb-entities-table-widget \n    table-id=\"tableId\"\n    ctx=\"ctx\">\n</tb-entities-table-widget>",
        "templateCss": "",
-        "controllerScript": "self.onInit = function() {\n    var scope = self.ctx.$scope;\n    var id = self.ctx.$scope.$injector.get('utils').guid();\n    scope.tableId = \"table-\"+id;\n    scope.ctx = self.ctx;\n}\n\nself.onDataUpdated = function() {\n    self.ctx.$scope.$broadcast('entities-table-data-updated', self.ctx.$scope.tableId);\n}\n\nself.typeParameters = function() {\n    return {\n        maxDatasources: 1,\n        dataKeysOptional: true\n    };\n}\n\nself.actionSources = function() {\n    return {\n        'actionCellButton': {\n            name: 'widget-action.action-cell-button',\n            multiple: true\n        },\n        'rowClick': {\n            name: 'widget-action.row-click',\n            multiple: false\n        }\n    };\n}\n\nself.onDestroy = function() {\n}\n",
-        "settingsSchema": "{\n    \"schema\": {\n        \"type\": \"object\",\n        \"title\": \"EntitiesTableSettings\",\n        \"properties\": {\n            \"entitiesTitle\": {\n                \"title\": \"Entities table title\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            },\n            \"enableSearch\": {\n                \"title\": \"Enable entities search\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"displayEntityName\": {\n                \"title\": \"Display entity name column\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"entityNameColumnTitle\": {\n                \"title\": \"Entity name column title\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            },\n            \"displayEntityType\": {\n                \"title\": \"Display entity type column\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"displayPagination\": {\n                \"title\": \"Display pagination\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"defaultPageSize\": {\n                \"title\": \"Default page size\",\n                \"type\": \"number\",\n                \"default\": 10\n            },\n            \"defaultSortOrder\": {\n                \"title\": \"Default sort order\",\n                \"type\": \"string\",\n                \"default\": \"entityName\"\n            }\n        },\n        \"required\": []\n    },\n    \"form\": [\n        \"entitiesTitle\",\n        \"enableSearch\",\n        \"displayEntityName\",\n        \"entityNameColumnTitle\",\n        \"displayEntityType\",\n        \"displayPagination\",\n        \"defaultPageSize\",\n        \"defaultSortOrder\"\n    ]\n}",
+        "controllerScript": "self.onInit = function() {\n    var scope = self.ctx.$scope;\n    var id = self.ctx.$scope.$injector.get('utils').guid();\n    scope.tableId = \"table-\"+id;\n    scope.ctx = self.ctx;\n}\n\nself.onDataUpdated = function() {\n    self.ctx.$scope.$broadcast('entities-table-data-updated', self.ctx.$scope.tableId);\n}\n\nself.typeParameters = function() {\n    return {\n        maxDatasources: 1,\n        dataKeysOptional: true\n    };\n}\n\nself.actionSources = function() {\n    return {\n        'actionCellButton': {\n            name: 'widget-action.action-cell-button',\n            multiple: true\n        },\n        'rowClick': {\n            name: 'widget-action.row-click',\n            multiple: false\n        },\n        'rowDoubleClick': {\n            name: 'widget-action.row-double-click',\n            multiple: false\n        }\n    };\n}\n\nself.onDestroy = function() {\n}\n",
+        "settingsSchema": "{\n    \"schema\": {\n        \"type\": \"object\",\n        \"title\": \"EntitiesTableSettings\",\n        \"properties\": {\n            \"entitiesTitle\": {\n                \"title\": \"Entities table title\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            },\n            \"enableSearch\": {\n                \"title\": \"Enable entities search\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"displayEntityName\": {\n                \"title\": \"Display entity name column\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"entityNameColumnTitle\": {\n                \"title\": \"Entity name column title\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            },\n            \"displayEntityLabel\": {\n                \"title\": \"Display entity label column\",\n                \"type\": \"boolean\",\n                \"default\": false\n            },\n            \"entityLabelColumnTitle\": {\n                \"title\": \"Entity label column title\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            },\n            \"displayEntityType\": {\n                \"title\": \"Display entity type column\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"displayPagination\": {\n                \"title\": \"Display pagination\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"defaultPageSize\": {\n                \"title\": \"Default page size\",\n                \"type\": \"number\",\n                \"default\": 10\n            },\n            \"defaultSortOrder\": {\n                \"title\": \"Default sort order\",\n                \"type\": \"string\",\n                \"default\": \"entityName\"\n            }\n        },\n        \"required\": []\n    },\n    \"form\": [\n        \"entitiesTitle\",\n        \"enableSearch\",\n        \"displayEntityName\",\n        \"entityNameColumnTitle\",\n        \"displayEntityLabel\",\n        \"entityLabelColumnTitle\",\n        \"displayEntityType\",\n        \"displayPagination\",\n        \"defaultPageSize\",\n        \"defaultSortOrder\"\n    ]\n}",
        "dataKeySettingsSchema": "{\n    \"schema\": {\n        \"type\": \"object\",\n        \"title\": \"DataKeySettings\",\n        \"properties\": {\n            \"columnWidth\": {\n                \"title\": \"Column width (px or %)\",\n                \"type\": \"string\",\n                \"default\": \"0px\"\n            },\n            \"useCellStyleFunction\": {\n                \"title\": \"Use cell style function\",\n                \"type\": \"boolean\",\n                \"default\": false\n            },\n            \"cellStyleFunction\": {\n                \"title\": \"Cell style function: f(value)\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            },\n            \"useCellContentFunction\": {\n                \"title\": \"Use cell content function\",\n                \"type\": \"boolean\",\n                \"default\": false\n            },\n            \"cellContentFunction\": {\n                \"title\": \"Cell content function: f(value, entity, filter)\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            }\n        },\n        \"required\": []\n    },\n    \"form\": [\n        \"columnWidth\",\n        \"useCellStyleFunction\",\n        {\n            \"key\": \"cellStyleFunction\",\n            \"type\": \"javascript\"\n        },\n        \"useCellContentFunction\",\n        {\n            \"key\": \"cellContentFunction\",\n            \"type\": \"javascript\"\n        }\n    ]\n}",
        "defaultConfig": "{\"timewindow\":{\"realtime\":{\"interval\":1000,\"timewindowMs\":86400000},\"aggregation\":{\"type\":\"NONE\",\"limit\":200}},\"showTitle\":true,\"backgroundColor\":\"rgb(255, 255, 255)\",\"color\":\"rgba(0, 0, 0, 0.87)\",\"padding\":\"4px\",\"settings\":{\"enableSelection\":true,\"enableSearch\":true,\"displayDetails\":true,\"displayPagination\":true,\"defaultPageSize\":10,\"defaultSortOrder\":\"entityName\",\"displayEntityName\":true,\"displayEntityType\":true},\"title\":\"Entities table\",\"dropShadow\":true,\"enableFullscreen\":true,\"titleStyle\":{\"fontSize\":\"16px\",\"fontWeight\":400,\"padding\":\"5px 10px 5px 10px\"},\"useDashboardTimewindow\":false,\"showLegend\":false,\"datasources\":[{\"type\":\"function\",\"name\":\"Simulated\",\"dataKeys\":[{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Sin\",\"color\":\"#2196f3\",\"settings\":{\"columnWidth\":\"0px\",\"useCellStyleFunction\":false,\"cellStyleFunction\":\"\",\"useCellContentFunction\":false,\"cellContentFunction\":\"\"},\"_hash\":0.472295003170325,\"funcBody\":\"return Math.round(1000*Math.sin(time/5000));\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Cos\",\"color\":\"#4caf50\",\"settings\":{\"columnWidth\":\"0px\",\"useCellStyleFunction\":false,\"cellStyleFunction\":\"\",\"useCellContentFunction\":false,\"cellContentFunction\":\"\"},\"_hash\":0.8926244886945558,\"funcBody\":\"return Math.round(1000*Math.cos(time/5000));\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Random\",\"color\":\"#f44336\",\"settings\":{\"columnWidth\":\"0px\",\"useCellStyleFunction\":false,\"cellStyleFunction\":\"\",\"useCellContentFunction\":false,\"cellContentFunction\":\"\"},\"_hash\":0.6401141393938932,\"funcBody\":\"var value = prevValue + Math.random() * 100 - 50;\\nvar multiplier = Math.pow(10, 2 || 0);\\nvar value = Math.round(value * multiplier) / multiplier;\\nif (value < -1000) {\\n\\tvalue = -1000;\\n} else if (value > 1000) {\\n\\tvalue = 1000;\\n}\\nreturn value;\"}]}]}"
      }
@ -112,7 +112,7 @@
        "templateHtml": "<tb-timeseries-table-widget \n    table-id=\"tableId\"\n    ctx=\"ctx\">\n</tb-timeseries-table-widget>",
        "templateCss": "",
        "controllerScript": "self.onInit = function() {\n    var scope = self.ctx.$scope;\n    var id = self.ctx.$scope.$injector.get('utils').guid();\n    scope.tableId = \"table-\"+id;\n    scope.ctx = self.ctx;\n}\n\nself.onDataUpdated = function() {\n    self.ctx.$scope.$broadcast('timeseries-table-data-updated', self.ctx.$scope.tableId);\n}\n\nself.actionSources = function() {\n    return {\n        'actionCellButton': {\n            name: 'widget-action.action-cell-button',\n            multiple: true\n        },\n        'rowClick': {\n            name: 'widget-action.row-click',\n            multiple: false\n        }\n    };\n}\n\nself.onDestroy = function() {\n}",
-        "settingsSchema": "{\n    \"schema\": {\n        \"type\": \"object\",\n        \"title\": \"TimeseriesTableSettings\",\n        \"properties\": {\n            \"showTimestamp\": {\n                \"title\": \"Display timestamp column\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"displayPagination\": {\n                \"title\": \"Display pagination\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },            \n            \"defaultPageSize\": {\n                \"title\": \"Default page size\",\n                \"type\": \"number\",\n                \"default\": 10\n            },\n            \"hideEmptyLines\": {\n                \"title\": \"Hide empty lines\",\n                \"type\": \"boolean\",\n                \"default\": false\n            }\n        },\n        \"required\": []\n    },\n    \"form\": [\n        \"showTimestamp\",\n        \"displayPagination\",\n        \"defaultPageSize\",\n        \"hideEmptyLines\"\n    ]\n}",
+        "settingsSchema": "{\n    \"schema\": {\n        \"type\": \"object\",\n        \"title\": \"TimeseriesTableSettings\",\n        \"properties\": {\n            \"showTimestamp\": {\n                \"title\": \"Display timestamp column\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },\n            \"showMilliseconds\": {\n                \"title\": \"Display timestamp milliseconds\",\n                \"type\": \"boolean\",\n                \"default\": false\n            },\n            \"displayPagination\": {\n                \"title\": \"Display pagination\",\n                \"type\": \"boolean\",\n                \"default\": true\n            },            \n            \"defaultPageSize\": {\n                \"title\": \"Default page size\",\n                \"type\": \"number\",\n                \"default\": 10\n            },\n            \"hideEmptyLines\": {\n                \"title\": \"Hide empty lines\",\n                \"type\": \"boolean\",\n                \"default\": false\n            }\n        },\n        \"required\": []\n    },\n    \"form\": [\n        \"showTimestamp\",\n        \"showMilliseconds\",\n        \"displayPagination\",\n        \"defaultPageSize\",\n        \"hideEmptyLines\"\n    ]\n}",
        "dataKeySettingsSchema": "{\n    \"schema\": {\n        \"type\": \"object\",\n        \"title\": \"DataKeySettings\",\n        \"properties\": {\n            \"useCellStyleFunction\": {\n                \"title\": \"Use cell style function\",\n                \"type\": \"boolean\",\n                \"default\": false\n            },\n            \"cellStyleFunction\": {\n                \"title\": \"Cell style function: f(value)\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            },\n            \"useCellContentFunction\": {\n                \"title\": \"Use cell content function\",\n                \"type\": \"boolean\",\n                \"default\": false\n            },\n            \"cellContentFunction\": {\n                \"title\": \"Cell content function: f(value, rowData, filter)\",\n                \"type\": \"string\",\n                \"default\": \"\"\n            }\n        },\n        \"required\": []\n    },\n    \"form\": [\n        \"useCellStyleFunction\",\n        {\n            \"key\": \"cellStyleFunction\",\n            \"type\": \"javascript\"\n        },\n        \"useCellContentFunction\",\n        {\n            \"key\": \"cellContentFunction\",\n            \"type\": \"javascript\"\n        }\n    ]\n}",
        "defaultConfig": "{\"datasources\":[{\"type\":\"function\",\"name\":\"function\",\"dataKeys\":[{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Temperature  °C\",\"color\":\"#2196f3\",\"settings\":{\"useCellStyleFunction\":true,\"cellStyleFunction\":\"if (value) {\\n    var percent = (value + 60)/120 * 100;\\n    var color = tinycolor.mix('blue', 'red', amount = percent);\\n    color.setAlpha(.5);\\n    return {\\n      paddingLeft: '20px',\\n      color: '#ffffff',\\n      background: color.toRgbString(),\\n      fontSize: '18px'\\n    };\\n} else {\\n    return {};\\n}\"},\"_hash\":0.8587686344902596,\"funcBody\":\"var value = prevValue + Math.random() * 40 - 20;\\nvar multiplier = Math.pow(10, 1 || 0);\\nvar value = Math.round(value * multiplier) / multiplier;\\nif (value < -60) {\\n\\tvalue = -60;\\n} else if (value > 60) {\\n\\tvalue = 60;\\n}\\nreturn value;\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Humidity, %\",\"color\":\"#ffc107\",\"settings\":{\"useCellStyleFunction\":true,\"cellStyleFunction\":\"if (value) {\\n    var percent = value;\\n    var backgroundColor = tinycolor('blue');\\n    backgroundColor.setAlpha(value/100);\\n    var color = 'blue';\\n    if (value > 50) {\\n        color = 'white';\\n    }\\n    \\n    return {\\n      paddingLeft: '20px',\\n      color: color,\\n      background: backgroundColor.toRgbString(),\\n      fontSize: '18px'\\n    };\\n} else {\\n    return {};\\n}\",\"useCellContentFunction\":false},\"_hash\":0.12775350966079668,\"funcBody\":\"var value = prevValue + Math.random() * 20 - 10;\\nvar multiplier = Math.pow(10, 1 || 0);\\nvar value = Math.round(value * multiplier) / multiplier;\\nif (value < 5) {\\n\\tvalue = 5;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value;\"}]}],\"timewindow\":{\"realtime\":{\"interval\":1000,\"timewindowMs\":60000},\"aggregation\":{\"type\":\"NONE\",\"limit\":200}},\"showTitle\":true,\"backgroundColor\":\"rgb(255, 255, 255)\",\"color\":\"rgba(0, 0, 0, 0.87)\",\"padding\":\"8px\",\"settings\":{\"showTimestamp\":true,\"displayPagination\":true,\"defaultPageSize\":10},\"title\":\"Timeseries table\",\"dropShadow\":true,\"enableFullscreen\":true,\"titleStyle\":{\"fontSize\":\"16px\",\"fontWeight\":400},\"useDashboardTimewindow\":false,\"showLegend\":false,\"widgetStyle\":{},\"actions\":{}}"
      }
--- a/application/src/main/data/json/system/widget_bundles/charts.json
+++ b/application/src/main/data/json/system/widget_bundles/charts.json
@ -71,10 +71,10 @@
        "resources": [],
        "templateHtml": "",
        "templateCss": ".legend {\n    font-size: 13px;\n    line-height: 10px;\n}\n\n.legend table { \n    border-spacing: 0px;\n    border-collapse: separate;\n}\n\n.pie-label {\n    font-size: 12px;\n    font-family: 'Roboto';\n    font-weight: bold;\n    text-align: center;\n    padding: 2px;\n    color: white;\n}\n",
-        "controllerScript": "self.onInit = function() {\n    self.ctx.flot = new TbFlot(self.ctx, 'pie');    \n}\n\nself.onDataUpdated = function() {\n    self.ctx.flot.update();\n}\n\nself.onResize = function() {\n    self.ctx.flot.resize();\n}\n\nself.onEditModeChanged = function() {\n    self.ctx.flot.checkMouseEvents();\n}\n\nself.onMobileModeChanged = function() {\n    self.ctx.flot.checkMouseEvents();\n}\n\nself.getSettingsSchema = function() {\n    return TbFlot.pieSettingsSchema;\n}\n\nself.getDataKeySettingsSchema = function() {\n    return TbFlot.pieDatakeySettingsSchema;\n}\n\nself.onDestroy = function() {\n    self.ctx.flot.destroy();\n}\n",
+        "controllerScript": "self.onInit = function() {\n    self.ctx.flot = new TbFlot(self.ctx, 'pie');    \n}\n\nself.onDataUpdated = function() {\n    self.ctx.flot.update();\n}\n\nself.onResize = function() {\n    self.ctx.flot.resize();\n}\n\nself.onEditModeChanged = function() {\n    self.ctx.flot.checkMouseEvents();\n}\n\nself.onMobileModeChanged = function() {\n    self.ctx.flot.checkMouseEvents();\n}\n\nself.getSettingsSchema = function() {\n    return TbFlot.pieSettingsSchema;\n}\n\nself.getDataKeySettingsSchema = function() {\n    return TbFlot.pieDatakeySettingsSchema;\n}\n\nself.onDestroy = function() {\n    self.ctx.flot.destroy();\n}\nself.actionSources = function() {\n    return {\n        'sliceClick': {\n            name: 'widget-action.pie-slice-click',\n            multiple: false\n        }\n    };\n}\n",
        "settingsSchema": "{}\n",
        "dataKeySettingsSchema": "{}\n",
-        "defaultConfig": "{\"datasources\":[{\"type\":\"function\",\"name\":\"function\",\"dataKeys\":[{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"First\",\"color\":\"#2196f3\",\"settings\":{},\"_hash\":0.15479322438769105,\"funcBody\":\"var value = (prevValue-50) + Math.random() * 2 - 1;\\nif (value < 0) {\\n\\tvalue = 0;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value+50;\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Second\",\"color\":\"#4caf50\",\"settings\":{},\"_hash\":0.6114638304362894,\"funcBody\":\"var value = (prevValue-20) + Math.random() * 2 - 1;\\nif (value < 0) {\\n\\tvalue = 0;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value+20;\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Third\",\"color\":\"#f44336\",\"settings\":{},\"_hash\":0.9955906536344441,\"funcBody\":\"var value = (prevValue-40) + Math.random() * 2 - 1;\\nif (value < 0) {\\n\\tvalue = 0;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value+40;\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Fourth\",\"color\":\"#ffc107\",\"settings\":{},\"_hash\":0.9430835931647599,\"funcBody\":\"var value = (prevValue-50) + Math.random() * 2 - 1;\\nif (value < 0) {\\n\\tvalue = 0;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value+50;\"}]}],\"timewindow\":{\"realtime\":{\"timewindowMs\":60000}},\"showTitle\":true,\"backgroundColor\":\"#fff\",\"color\":\"rgba(0, 0, 0, 0.87)\",\"padding\":\"8px\",\"settings\":{\"radius\":1,\"fontColor\":\"#545454\",\"fontSize\":10,\"decimals\":1,\"legend\":{\"show\":true,\"position\":\"nw\",\"labelBoxBorderColor\":\"#CCCCCC\",\"backgroundColor\":\"#F0F0F0\",\"backgroundOpacity\":0.85},\"innerRadius\":0,\"showLabels\":true,\"stroke\":{\"width\":5},\"tilt\":1,\"animatedPie\":false},\"title\":\"Pie - Flot\",\"dropShadow\":true,\"enableFullscreen\":true,\"titleStyle\":{\"fontSize\":\"16px\",\"fontWeight\":400}}"
+        "defaultConfig": "{\"datasources\":[{\"type\":\"function\",\"name\":\"function\",\"dataKeys\":[{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"First\",\"color\":\"#2196f3\",\"settings\":{},\"_hash\":0.15479322438769105,\"funcBody\":\"var value = (prevValue-50) + Math.random() * 2 - 1;\\nif (value < 0) {\\n\\tvalue = 0;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value+50;\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Second\",\"color\":\"#4caf50\",\"settings\":{},\"_hash\":0.6114638304362894,\"funcBody\":\"var value = (prevValue-20) + Math.random() * 2 - 1;\\nif (value < 0) {\\n\\tvalue = 0;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value+20;\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Third\",\"color\":\"#f44336\",\"settings\":{},\"_hash\":0.9955906536344441,\"funcBody\":\"var value = (prevValue-40) + Math.random() * 2 - 1;\\nif (value < 0) {\\n\\tvalue = 0;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value+40;\"},{\"name\":\"f(x)\",\"type\":\"function\",\"label\":\"Fourth\",\"color\":\"#ffc107\",\"settings\":{},\"_hash\":0.9430835931647599,\"funcBody\":\"var value = (prevValue-50) + Math.random() * 2 - 1;\\nif (value < 0) {\\n\\tvalue = 0;\\n} else if (value > 100) {\\n\\tvalue = 100;\\n}\\nreturn value+50;\"}]}],\"timewindow\":{\"realtime\":{\"timewindowMs\":60000}},\"showTitle\":true,\"backgroundColor\":\"#fff\",\"color\":\"rgba(0, 0, 0, 0.87)\",\"padding\":\"8px\",\"settings\":{\"radius\":1,\"fontColor\":\"#545454\",\"fontSize\":10,\"decimals\":1,\"legend\":{\"show\":true,\"position\":\"nw\",\"labelBoxBorderColor\":\"#CCCCCC\",\"backgroundColor\":\"#F0F0F0\",\"backgroundOpacity\":0.85},\"innerRadius\":0,\"showLabels\":true,\"showPercentages\":true,\"stroke\":{\"width\":5},\"tilt\":1,\"animatedPie\":false},\"title\":\"Pie - Flot\",\"dropShadow\":true,\"enableFullscreen\":true,\"titleStyle\":{\"fontSize\":\"16px\",\"fontWeight\":400}}"
      }
    },
    {
@ -170,4 +170,4 @@
      }
    }
  ]
-}
+}
--- a/application/src/main/data/json/system/widget_bundles/entity_admin_widgets.json
+++ b/application/src/main/data/json/system/widget_bundles/entity_admin_widgets.json
--- a/application/src/main/data/json/system/widget_bundles/input_widgets.json
+++ b/application/src/main/data/json/system/widget_bundles/input_widgets.json
--- a/application/src/main/java/org/thingsboard/server/actors/ruleChain/DefaultTbContext.java
+++ b/application/src/main/java/org/thingsboard/server/actors/ruleChain/DefaultTbContext.java
@ -16,6 +16,7 @@
 package org.thingsboard.server.actors.ruleChain;

 import akka.actor.ActorRef;
+import com.datastax.driver.core.ResultSetFuture;
 import com.datastax.driver.core.utils.UUIDs;
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
@ -60,6 +61,7 @@ import org.thingsboard.server.dao.dashboard.DashboardService;
 import org.thingsboard.server.dao.device.DeviceService;
 import org.thingsboard.server.dao.entityview.EntityViewService;
 import org.thingsboard.server.dao.nosql.CassandraBufferedRateExecutor;
+import org.thingsboard.server.dao.nosql.CassandraStatementTask;
 import org.thingsboard.server.dao.relation.RelationService;
 import org.thingsboard.server.dao.rule.RuleChainService;
 import org.thingsboard.server.dao.tenant.TenantService;
@ -355,8 +357,8 @@ class DefaultTbContext implements TbContext {
    }

    @Override
-    public CassandraBufferedRateExecutor getCassandraBufferedRateExecutor() {
-        return mainCtx.getCassandraBufferedRateExecutor();
+    public ResultSetFuture submitCassandraTask(CassandraStatementTask task) {
+        return mainCtx.getCassandraBufferedRateExecutor().submit(task);
    }

    private TbMsgMetaData getActionMetaData(RuleNodeId ruleNodeId) {
--- a/application/src/main/java/org/thingsboard/server/config/SchedulingConfiguration.java
+++ b/application/src/main/java/org/thingsboard/server/config/SchedulingConfiguration.java
@ -23,9 +23,6 @@ import org.springframework.scheduling.annotation.SchedulingConfigurer;
 import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
 import org.springframework.scheduling.config.ScheduledTaskRegistrar;

-import java.util.concurrent.Executor;
-import java.util.concurrent.Executors;
-
@Configuration
@EnableScheduling
 public class SchedulingConfiguration implements SchedulingConfigurer {
--- a/application/src/main/java/org/thingsboard/server/config/SwaggerConfiguration.java
+++ b/application/src/main/java/org/thingsboard/server/config/SwaggerConfiguration.java
@ -19,6 +19,7 @@ import com.fasterxml.classmate.ResolvedType;
 import com.fasterxml.classmate.TypeResolver;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.base.Predicate;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.thingsboard.server.common.data.security.Authority;
@ -43,71 +44,94 @@ import static springfox.documentation.builders.PathSelectors.regex;
@Configuration
 public class SwaggerConfiguration {

-      @Bean
-      public Docket thingsboardApi() {
-          TypeResolver typeResolver = new TypeResolver();
-          final ResolvedType jsonNodeType =
-                  typeResolver.resolve(
-                          JsonNode.class);
-          final ResolvedType stringType =
-                  typeResolver.resolve(
-                          String.class);
+    @Value("${swagger.api_path_regex}")
+    private String apiPathRegex;
+    @Value("${swagger.security_path_regex}")
+    private String securityPathRegex;
+    @Value("${swagger.non_security_path_regex}")
+    private String nonSecurityPathRegex;
+    @Value("${swagger.title}")
+    private String title;
+    @Value("${swagger.description}")
+    private String description;
+    @Value("${swagger.contact.name}")
+    private String contactName;
+    @Value("${swagger.contact.url}")
+    private String contactUrl;
+    @Value("${swagger.contact.email}")
+    private String contactEmail;
+    @Value("${swagger.license.title}")
+    private String licenseTitle;
+    @Value("${swagger.license.url}")
+    private String licenseUrl;
+    @Value("${swagger.version}")
+    private String version;

-            return new Docket(DocumentationType.SWAGGER_2)
-                    .groupName("thingsboard")
-                    .apiInfo(apiInfo())
-                    .alternateTypeRules(
+    @Bean
+    public Docket thingsboardApi() {
+        TypeResolver typeResolver = new TypeResolver();
+        final ResolvedType jsonNodeType =
+                typeResolver.resolve(
+                        JsonNode.class);
+        final ResolvedType stringType =
+                typeResolver.resolve(
+                        String.class);
+
+        return new Docket(DocumentationType.SWAGGER_2)
+                .groupName("thingsboard")
+                .apiInfo(apiInfo())
+                .alternateTypeRules(
                        new AlternateTypeRule(
                                jsonNodeType,
                                stringType))
-                    .select()
-                    .paths(apiPaths())
-                    .build()
-                    .securitySchemes(newArrayList(jwtTokenKey()))
-                    .securityContexts(newArrayList(securityContext()))
-                    .enableUrlTemplating(true);
-      }
+                .select()
+                .paths(apiPaths())
+                .build()
+                .securitySchemes(newArrayList(jwtTokenKey()))
+                .securityContexts(newArrayList(securityContext()))
+                .enableUrlTemplating(true);
+    }

-      private ApiKey jwtTokenKey() {
-            return new ApiKey("X-Authorization", "JWT token", "header");
-      }
+    private ApiKey jwtTokenKey() {
+        return new ApiKey("X-Authorization", "JWT token", "header");
+    }

-      private SecurityContext securityContext() {
-            return SecurityContext.builder()
-                    .securityReferences(defaultAuth())
-                    .forPaths(securityPaths())
-                    .build();
-      }
+    private SecurityContext securityContext() {
+        return SecurityContext.builder()
+                .securityReferences(defaultAuth())
+                .forPaths(securityPaths())
+                .build();
+    }

-      private Predicate<String> apiPaths() {
-           return regex("/api.*");
-      }
+    private Predicate<String> apiPaths() {
+        return regex(apiPathRegex);
+    }

-      private Predicate<String> securityPaths() {
-           return and(
-                    regex("/api.*"),
-                    not(regex("/api/noauth.*"))
-           );
-      }
+    private Predicate<String> securityPaths() {
+        return and(
+                regex(securityPathRegex),
+                not(regex(nonSecurityPathRegex))
+        );
+    }

-      List<SecurityReference> defaultAuth() {
-            AuthorizationScope[] authorizationScopes = new AuthorizationScope[3];
-            authorizationScopes[0] = new AuthorizationScope(Authority.SYS_ADMIN.name(), "System administrator");
-            authorizationScopes[1] = new AuthorizationScope(Authority.TENANT_ADMIN.name(), "Tenant administrator");
-            authorizationScopes[2] = new AuthorizationScope(Authority.CUSTOMER_USER.name(), "Customer");
-            return newArrayList(
-                    new SecurityReference("X-Authorization", authorizationScopes));
-      }
+    List<SecurityReference> defaultAuth() {
+        AuthorizationScope[] authorizationScopes = new AuthorizationScope[3];
+        authorizationScopes[0] = new AuthorizationScope(Authority.SYS_ADMIN.name(), "System administrator");
+        authorizationScopes[1] = new AuthorizationScope(Authority.TENANT_ADMIN.name(), "Tenant administrator");
+        authorizationScopes[2] = new AuthorizationScope(Authority.CUSTOMER_USER.name(), "Customer");
+        return newArrayList(
+                new SecurityReference("X-Authorization", authorizationScopes));
+    }

-      private ApiInfo apiInfo() {
-            return new ApiInfoBuilder()
-                .title("Thingsboard REST API")
-                .description("For instructions how to authorize requests please visit <a href='http://thingsboard.io/docs/reference/rest-api/'>REST API documentation page</a>.")
-                .contact(new Contact("Thingsboard team", "http://thingsboard.io", "info@thingsboard.io"))
-                .license("Apache License Version 2.0")
-                .licenseUrl("https://github.com/thingsboard/thingsboard/blob/master/LICENSE")
-                .version("2.0")
+    private ApiInfo apiInfo() {
+        return new ApiInfoBuilder()
+                .title(title)
+                .description(description)
+                .contact(new Contact(contactName, contactUrl, contactEmail))
+                .license(licenseTitle)
+                .licenseUrl(licenseUrl)
+                .version(version)
                .build();
-      }
+    }

 }
--- a/application/src/main/java/org/thingsboard/server/controller/AdminController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AdminController.java
@ -28,8 +28,10 @@ import org.thingsboard.server.common.data.AdminSettings;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.dao.settings.AdminSettingsService;
+import org.thingsboard.server.service.security.model.SecuritySettings;
 import org.thingsboard.server.service.security.permission.Operation;
 import org.thingsboard.server.service.security.permission.Resource;
+import org.thingsboard.server.service.security.system.SystemSecurityService;
 import org.thingsboard.server.service.update.UpdateService;
 import org.thingsboard.server.service.update.model.UpdateMessage;

@ -43,6 +45,9 @@ public class AdminController extends BaseController {
    @Autowired
    private AdminSettingsService adminSettingsService;

+    @Autowired
+    private SystemSecurityService systemSecurityService;
+
    @Autowired
    private UpdateService updateService;

@ -74,6 +79,31 @@ public class AdminController extends BaseController {
        }
    }

+    @PreAuthorize("hasAuthority('SYS_ADMIN')")
+    @RequestMapping(value = "/securitySettings", method = RequestMethod.GET)
+    @ResponseBody
+    public SecuritySettings getSecuritySettings() throws ThingsboardException {
+        try {
+            accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.READ);
+            return checkNotNull(systemSecurityService.getSecuritySettings(TenantId.SYS_TENANT_ID));
+        } catch (Exception e) {
+            throw handleException(e);
+        }
+    }
+
+    @PreAuthorize("hasAuthority('SYS_ADMIN')")
+    @RequestMapping(value = "/securitySettings", method = RequestMethod.POST)
+    @ResponseBody
+    public SecuritySettings saveSecuritySettings(@RequestBody SecuritySettings securitySettings) throws ThingsboardException {
+        try {
+            accessControlService.checkPermission(getCurrentUser(), Resource.ADMIN_SETTINGS, Operation.WRITE);
+            securitySettings = checkNotNull(systemSecurityService.saveSecuritySettings(TenantId.SYS_TENANT_ID, securitySettings));
+            return securitySettings;
+        } catch (Exception e) {
+            throw handleException(e);
+        }
+    }
+
    @PreAuthorize("hasAuthority('SYS_ADMIN')")
    @RequestMapping(value = "/settings/testMail", method = RequestMethod.POST)
    public void sendTestMail(@RequestBody AdminSettings adminSettings) throws ThingsboardException {
--- a/application/src/main/java/org/thingsboard/server/controller/AuditLogController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AuditLogController.java
@ -15,6 +15,7 @@
 */
 package org.thingsboard.server.controller;

+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -22,6 +23,7 @@ import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.RestController;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.audit.AuditLog;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.CustomerId;
@ -31,7 +33,10 @@ import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.page.TimePageData;
 import org.thingsboard.server.common.data.page.TimePageLink;

+import java.util.Arrays;
+import java.util.List;
 import java.util.UUID;
+import java.util.stream.Collectors;

@RestController
@RequestMapping("/api")
@ -46,12 +51,14 @@ public class AuditLogController extends BaseController {
            @RequestParam(required = false) Long startTime,
            @RequestParam(required = false) Long endTime,
            @RequestParam(required = false, defaultValue = "false") boolean ascOrder,
-            @RequestParam(required = false) String offset) throws ThingsboardException {
+            @RequestParam(required = false) String offset,
+            @RequestParam(name = "actionTypes", required = false) String actionTypesStr) throws ThingsboardException {
        try {
            checkParameter("CustomerId", strCustomerId);
            TenantId tenantId = getCurrentUser().getTenantId();
            TimePageLink pageLink = createPageLink(limit, startTime, endTime, ascOrder, offset);
-            return checkNotNull(auditLogService.findAuditLogsByTenantIdAndCustomerId(tenantId, new CustomerId(UUID.fromString(strCustomerId)), pageLink));
+            List<ActionType> actionTypes = parseActionTypesStr(actionTypesStr);
+            return checkNotNull(auditLogService.findAuditLogsByTenantIdAndCustomerId(tenantId, new CustomerId(UUID.fromString(strCustomerId)), actionTypes, pageLink));
        } catch (Exception e) {
            throw handleException(e);
        }
@ -66,12 +73,14 @@ public class AuditLogController extends BaseController {
            @RequestParam(required = false) Long startTime,
            @RequestParam(required = false) Long endTime,
            @RequestParam(required = false, defaultValue = "false") boolean ascOrder,
-            @RequestParam(required = false) String offset) throws ThingsboardException {
+            @RequestParam(required = false) String offset,
+            @RequestParam(name = "actionTypes", required = false) String actionTypesStr) throws ThingsboardException {
        try {
            checkParameter("UserId", strUserId);
            TenantId tenantId = getCurrentUser().getTenantId();
            TimePageLink pageLink = createPageLink(limit, startTime, endTime, ascOrder, offset);
-            return checkNotNull(auditLogService.findAuditLogsByTenantIdAndUserId(tenantId, new UserId(UUID.fromString(strUserId)), pageLink));
+            List<ActionType> actionTypes = parseActionTypesStr(actionTypesStr);
+            return checkNotNull(auditLogService.findAuditLogsByTenantIdAndUserId(tenantId, new UserId(UUID.fromString(strUserId)), actionTypes, pageLink));
        } catch (Exception e) {
            throw handleException(e);
        }
@ -87,13 +96,15 @@ public class AuditLogController extends BaseController {
            @RequestParam(required = false) Long startTime,
            @RequestParam(required = false) Long endTime,
            @RequestParam(required = false, defaultValue = "false") boolean ascOrder,
-            @RequestParam(required = false) String offset) throws ThingsboardException {
+            @RequestParam(required = false) String offset,
+            @RequestParam(name = "actionTypes", required = false) String actionTypesStr) throws ThingsboardException {
        try {
            checkParameter("EntityId", strEntityId);
            checkParameter("EntityType", strEntityType);
            TenantId tenantId = getCurrentUser().getTenantId();
            TimePageLink pageLink = createPageLink(limit, startTime, endTime, ascOrder, offset);
-            return checkNotNull(auditLogService.findAuditLogsByTenantIdAndEntityId(tenantId, EntityIdFactory.getByTypeAndId(strEntityType, strEntityId), pageLink));
+            List<ActionType> actionTypes = parseActionTypesStr(actionTypesStr);
+            return checkNotNull(auditLogService.findAuditLogsByTenantIdAndEntityId(tenantId, EntityIdFactory.getByTypeAndId(strEntityType, strEntityId), actionTypes, pageLink));
        } catch (Exception e) {
            throw handleException(e);
        }
@ -107,13 +118,24 @@ public class AuditLogController extends BaseController {
            @RequestParam(required = false) Long startTime,
            @RequestParam(required = false) Long endTime,
            @RequestParam(required = false, defaultValue = "false") boolean ascOrder,
-            @RequestParam(required = false) String offset) throws ThingsboardException {
+            @RequestParam(required = false) String offset,
+            @RequestParam(name = "actionTypes", required = false) String actionTypesStr) throws ThingsboardException {
        try {
            TenantId tenantId = getCurrentUser().getTenantId();
            TimePageLink pageLink = createPageLink(limit, startTime, endTime, ascOrder, offset);
-            return checkNotNull(auditLogService.findAuditLogsByTenantId(tenantId, pageLink));
+            List<ActionType> actionTypes = parseActionTypesStr(actionTypesStr);
+            return checkNotNull(auditLogService.findAuditLogsByTenantId(tenantId, actionTypes, pageLink));
        } catch (Exception e) {
            throw handleException(e);
        }
    }
+
+    private List<ActionType> parseActionTypesStr(String actionTypesStr) {
+        List<ActionType> result = null;
+        if (StringUtils.isNoneBlank(actionTypesStr)) {
+            String[] tmp = actionTypesStr.split(",");
+            result = Arrays.stream(tmp).map(at -> ActionType.valueOf(at.toUpperCase())).collect(Collectors.toList());
+        }
+        return result;
+    }
 }
--- a/application/src/main/java/org/thingsboard/server/controller/AuthController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/AuthController.java
@ -24,6 +24,7 @@ import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@ -34,15 +35,24 @@ import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 import org.thingsboard.rule.engine.api.MailService;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.security.UserCredentials;
+import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.service.security.auth.jwt.RefreshTokenRepository;
+import org.thingsboard.server.service.security.auth.rest.RestAuthenticationDetails;
+import org.thingsboard.server.service.security.model.SecuritySettings;
 import org.thingsboard.server.service.security.model.SecurityUser;
+import org.thingsboard.server.service.security.model.UserPasswordPolicy;
 import org.thingsboard.server.service.security.model.UserPrincipal;
 import org.thingsboard.server.service.security.model.token.JwtToken;
 import org.thingsboard.server.service.security.model.token.JwtTokenFactory;
+import org.thingsboard.server.service.security.permission.Operation;
+import org.thingsboard.server.service.security.permission.Resource;
+import org.thingsboard.server.service.security.system.SystemSecurityService;
+import ua_parser.Client;

 import javax.servlet.http.HttpServletRequest;
 import java.net.URI;
@ -65,6 +75,12 @@ public class AuthController extends BaseController {
    @Autowired
    private MailService mailService;

+    @Autowired
+    private SystemSecurityService systemSecurityService;
+
+    @Autowired
+    private AuditLogService auditLogService;
+
    @PreAuthorize("isAuthenticated()")
    @RequestMapping(value = "/auth/user", method = RequestMethod.GET)
    public @ResponseBody User getUser() throws ThingsboardException {
@ -76,6 +92,13 @@ public class AuthController extends BaseController {
        }
    }

+    @PreAuthorize("isAuthenticated()")
+    @RequestMapping(value = "/auth/logout", method = RequestMethod.POST)
+    @ResponseStatus(value = HttpStatus.OK)
+    public void logout(HttpServletRequest request) throws ThingsboardException {
+        logLogoutAction(request);
+    }
+
    @PreAuthorize("isAuthenticated()")
    @RequestMapping(value = "/auth/changePassword", method = RequestMethod.POST)
    @ResponseStatus(value = HttpStatus.OK)
@ -89,8 +112,24 @@ public class AuthController extends BaseController {
            if (!passwordEncoder.matches(currentPassword, userCredentials.getPassword())) {
                throw new ThingsboardException("Current password doesn't match!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
            }
+            systemSecurityService.validatePassword(securityUser.getTenantId(), newPassword, userCredentials);
+            if (passwordEncoder.matches(newPassword, userCredentials.getPassword())) {
+                throw new ThingsboardException("New password should be different from existing!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+            }
            userCredentials.setPassword(passwordEncoder.encode(newPassword));
-            userService.saveUserCredentials(securityUser.getTenantId(), userCredentials);
+            userService.replaceUserCredentials(securityUser.getTenantId(), userCredentials);
+        } catch (Exception e) {
+            throw handleException(e);
+        }
+    }
+
+    @RequestMapping(value = "/noauth/userPasswordPolicy", method = RequestMethod.GET)
+    @ResponseBody
+    public UserPasswordPolicy getUserPasswordPolicy() throws ThingsboardException {
+        try {
+            SecuritySettings securitySettings =
+                    checkNotNull(systemSecurityService.getSecuritySettings(TenantId.SYS_TENANT_ID));
+            return securitySettings.getPasswordPolicy();
        } catch (Exception e) {
            throw handleException(e);
        }
@ -167,6 +206,7 @@ public class AuthController extends BaseController {
        try {
            String activateToken = activateRequest.get("activateToken").asText();
            String password = activateRequest.get("password").asText();
+            systemSecurityService.validatePassword(TenantId.SYS_TENANT_ID, password, null);
            String encodedPassword = passwordEncoder.encode(password);
            UserCredentials credentials = userService.activateUserCredentials(TenantId.SYS_TENANT_ID, activateToken, encodedPassword);
            User user = userService.findUserById(TenantId.SYS_TENANT_ID, credentials.getUserId());
@ -206,10 +246,14 @@ public class AuthController extends BaseController {
            String password = resetPasswordRequest.get("password").asText();
            UserCredentials userCredentials = userService.findUserCredentialsByResetToken(TenantId.SYS_TENANT_ID, resetToken);
            if (userCredentials != null) {
+                systemSecurityService.validatePassword(TenantId.SYS_TENANT_ID, password, userCredentials);
+                if (passwordEncoder.matches(password, userCredentials.getPassword())) {
+                    throw new ThingsboardException("New password should be different from existing!", ThingsboardErrorCode.BAD_REQUEST_PARAMS);
+                }
                String encodedPassword = passwordEncoder.encode(password);
                userCredentials.setPassword(encodedPassword);
                userCredentials.setResetToken(null);
-                userCredentials = userService.saveUserCredentials(TenantId.SYS_TENANT_ID, userCredentials);
+                userCredentials = userService.replaceUserCredentials(TenantId.SYS_TENANT_ID, userCredentials);
                User user = userService.findUserById(TenantId.SYS_TENANT_ID, userCredentials.getUserId());
                UserPrincipal principal = new UserPrincipal(UserPrincipal.Type.USER_NAME, user.getEmail());
                SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), principal);
@ -234,4 +278,54 @@ public class AuthController extends BaseController {
        }
    }

+    private void logLogoutAction(HttpServletRequest request) throws ThingsboardException {
+        try {
+            SecurityUser user = getCurrentUser();
+            RestAuthenticationDetails details = new RestAuthenticationDetails(request);
+            String clientAddress = details.getClientAddress();
+            String browser = "Unknown";
+            String os = "Unknown";
+            String device = "Unknown";
+            if (details.getUserAgent() != null) {
+                Client userAgent = details.getUserAgent();
+                if (userAgent.userAgent != null) {
+                    browser = userAgent.userAgent.family;
+                    if (userAgent.userAgent.major != null) {
+                        browser += " " + userAgent.userAgent.major;
+                        if (userAgent.userAgent.minor != null) {
+                            browser += "." + userAgent.userAgent.minor;
+                            if (userAgent.userAgent.patch != null) {
+                                browser += "." + userAgent.userAgent.patch;
+                            }
+                        }
+                    }
+                }
+                if (userAgent.os != null) {
+                    os = userAgent.os.family;
+                    if (userAgent.os.major != null) {
+                        os += " " + userAgent.os.major;
+                        if (userAgent.os.minor != null) {
+                            os += "." + userAgent.os.minor;
+                            if (userAgent.os.patch != null) {
+                                os += "." + userAgent.os.patch;
+                                if (userAgent.os.patchMinor != null) {
+                                    os += "." + userAgent.os.patchMinor;
+                                }
+                            }
+                        }
+                    }
+                }
+                if (userAgent.device != null) {
+                    device = userAgent.device.family;
+                }
+            }
+            auditLogService.logEntityAction(
+                    user.getTenantId(), user.getCustomerId(), user.getId(),
+                    user.getName(), user.getId(), null, ActionType.LOGOUT, null, clientAddress, browser, os, device);
+
+        } catch (Exception e) {
+            throw handleException(e);
+        }
+    }
+
 }
--- a/application/src/main/java/org/thingsboard/server/controller/DeviceController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/DeviceController.java
@ -46,6 +46,7 @@ import org.thingsboard.server.common.data.page.TextPageLink;
 import org.thingsboard.server.common.data.security.DeviceCredentials;
 import org.thingsboard.server.controller.claim.data.ClaimRequest;
 import org.thingsboard.server.dao.device.claim.ClaimResponse;
+import org.thingsboard.server.dao.device.claim.ClaimResult;
 import org.thingsboard.server.dao.exception.IncorrectParameterException;
 import org.thingsboard.server.dao.model.ModelConstants;
 import org.thingsboard.server.service.security.model.SecurityUser;
@ -406,19 +407,23 @@ public class DeviceController extends BaseController {
                    device.getId(), device);
            String secretKey = getSecretKey(claimRequest);

-            ListenableFuture<ClaimResponse> future = claimDevicesService.claimDevice(device, customerId, secretKey);
-            Futures.addCallback(future, new FutureCallback<ClaimResponse>() {
+            ListenableFuture<ClaimResult> future = claimDevicesService.claimDevice(device, customerId, secretKey);
+            Futures.addCallback(future, new FutureCallback<ClaimResult>() {
                @Override
-                public void onSuccess(@Nullable ClaimResponse result) {
+                public void onSuccess(@Nullable ClaimResult result) {
                    HttpStatus status;
-                    if (result.equals(ClaimResponse.SUCCESS)) {
-                        status = HttpStatus.OK;
+                    if (result != null) {
+                        if (result.getResponse().equals(ClaimResponse.SUCCESS)) {
+                            status = HttpStatus.OK;
+                            deferredResult.setResult(new ResponseEntity<>(result, status));
+                        } else {
+                            status = HttpStatus.BAD_REQUEST;
+                            deferredResult.setResult(new ResponseEntity<>(result.getResponse(), status));
+                        }
                    } else {
-                        status = HttpStatus.BAD_REQUEST;
+                        deferredResult.setResult(new ResponseEntity<>(HttpStatus.BAD_REQUEST));
                    }
-                    deferredResult.setResult(new ResponseEntity<>(result, status));
                }
-
                @Override
                public void onFailure(Throwable t) {
                    deferredResult.setErrorResult(t);
--- a/application/src/main/java/org/thingsboard/server/controller/UserController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/UserController.java
@ -126,7 +126,7 @@ public class UserController extends BaseController {

    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN', 'CUSTOMER_USER')")
    @RequestMapping(value = "/user", method = RequestMethod.POST)
-    @ResponseBody 
+    @ResponseBody
    public User saveUser(@RequestBody User user,
                         @RequestParam(required = false, defaultValue = "true") boolean sendActivationMail,
            HttpServletRequest request) throws ThingsboardException {
@ -285,5 +285,20 @@ public class UserController extends BaseController {
            throw handleException(e);
        }
    }
-    
+
+    @PreAuthorize("hasAnyAuthority('SYS_ADMIN', 'TENANT_ADMIN')")
+    @RequestMapping(value = "/user/{userId}/userCredentialsEnabled", method = RequestMethod.POST)
+    @ResponseBody
+    public void setUserCredentialsEnabled(@PathVariable(USER_ID) String strUserId,
+                                          @RequestParam(required = false, defaultValue = "true") boolean userCredentialsEnabled) throws ThingsboardException {
+        checkParameter(USER_ID, strUserId);
+        try {
+            UserId userId = new UserId(toUUID(strUserId));
+            User user = checkUserId(userId, Operation.WRITE);
+            TenantId tenantId = getCurrentUser().getTenantId();
+            userService.setUserCredentialsEnabled(tenantId, userId, userCredentialsEnabled);
+        } catch (Exception e) {
+            throw handleException(e);
+        }
+    }
 }
--- a/application/src/main/java/org/thingsboard/server/exception/ThingsboardCredentialsExpiredResponse.java
+++ b/application/src/main/java/org/thingsboard/server/exception/ThingsboardCredentialsExpiredResponse.java
@ -0,0 +1,37 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.exception;
+
+import org.springframework.http.HttpStatus;
+import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
+
+public class ThingsboardCredentialsExpiredResponse extends ThingsboardErrorResponse {
+
+    private final String resetToken;
+
+    protected ThingsboardCredentialsExpiredResponse(String message, String resetToken) {
+        super(message, ThingsboardErrorCode.CREDENTIALS_EXPIRED, HttpStatus.UNAUTHORIZED);
+        this.resetToken = resetToken;
+    }
+
+    public static ThingsboardCredentialsExpiredResponse of(final String message, final String resetToken) {
+        return new ThingsboardCredentialsExpiredResponse(message, resetToken);
+    }
+
+    public String getResetToken() {
+        return resetToken;
+    }
+}
--- a/application/src/main/java/org/thingsboard/server/exception/ThingsboardErrorResponseHandler.java
+++ b/application/src/main/java/org/thingsboard/server/exception/ThingsboardErrorResponseHandler.java
@ -22,15 +22,17 @@ import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.DisabledException;
+import org.springframework.security.authentication.LockedException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.access.AccessDeniedHandler;
 import org.springframework.stereotype.Component;
-import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.exception.ThingsboardErrorCode;
 import org.thingsboard.server.common.data.exception.ThingsboardException;
 import org.thingsboard.server.common.msg.tools.TbRateLimitsException;
 import org.thingsboard.server.service.security.exception.AuthMethodNotSupportedException;
 import org.thingsboard.server.service.security.exception.JwtExpiredTokenException;
+import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;

 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@ -137,12 +139,21 @@ public class ThingsboardErrorResponseHandler implements AccessDeniedHandler {
        response.setStatus(HttpStatus.UNAUTHORIZED.value());
        if (authenticationException instanceof BadCredentialsException) {
            mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("Invalid username or password", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
+        } else if (authenticationException instanceof DisabledException) {
+            mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("User account is not active", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
+        } else if (authenticationException instanceof LockedException) {
+            mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("User account is locked due to security policy", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
        } else if (authenticationException instanceof JwtExpiredTokenException) {
            mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("Token has expired", ThingsboardErrorCode.JWT_TOKEN_EXPIRED, HttpStatus.UNAUTHORIZED));
        } else if (authenticationException instanceof AuthMethodNotSupportedException) {
            mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of(authenticationException.getMessage(), ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
+        } else if (authenticationException instanceof UserPasswordExpiredException) {
+            UserPasswordExpiredException expiredException = (UserPasswordExpiredException)authenticationException;
+            String resetToken = expiredException.getResetToken();
+            mapper.writeValue(response.getWriter(), ThingsboardCredentialsExpiredResponse.of(expiredException.getMessage(), resetToken));
+        } else {
+            mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("Authentication failed", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
        }
-        mapper.writeValue(response.getWriter(), ThingsboardErrorResponse.of("Authentication failed", ThingsboardErrorCode.AUTHENTICATION, HttpStatus.UNAUTHORIZED));
    }

 }
--- a/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java
+++ b/application/src/main/java/org/thingsboard/server/install/ThingsboardInstallService.java
@ -23,11 +23,11 @@ import org.springframework.context.ApplicationContext;
 import org.springframework.context.annotation.Profile;
 import org.springframework.stereotype.Service;
 import org.thingsboard.server.service.component.ComponentDiscoveryService;
-import org.thingsboard.server.service.install.update.DataUpdateService;
 import org.thingsboard.server.service.install.DatabaseUpgradeService;
 import org.thingsboard.server.service.install.EntityDatabaseSchemaService;
 import org.thingsboard.server.service.install.SystemDataLoaderService;
 import org.thingsboard.server.service.install.TsDatabaseSchemaService;
+import org.thingsboard.server.service.install.update.DataUpdateService;

@Service
@Profile("install")
@ -116,6 +116,9 @@ public class ThingsboardInstallService {

                        databaseUpgradeService.upgradeDatabase("2.3.1");

+                    case "2.4.0":
+                        log.info("Upgrading ThingsBoard from version 2.4.0 to 2.4.1 ...");
+
                        log.info("Updating system data...");

                        systemDataLoaderService.deleteSystemWidgetBundle("charts");
@ -132,7 +135,6 @@ public class ThingsboardInstallService {
                        systemDataLoaderService.deleteSystemWidgetBundle("date");

                        systemDataLoaderService.loadSystemWidgets();
-
                        break;
                    default:
                        throw new RuntimeException("Unable to upgrade ThingsBoard, unsupported fromVersion: " + upgradeFromVersion);
--- a/application/src/main/java/org/thingsboard/server/service/install/SqlTimescaleDatabaseSchemaService.java
+++ b/application/src/main/java/org/thingsboard/server/service/install/SqlTimescaleDatabaseSchemaService.java
@ -0,0 +1,31 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.install;
+
+import org.springframework.context.annotation.Profile;
+import org.springframework.stereotype.Service;
+import org.thingsboard.server.dao.util.SqlDao;
+import org.thingsboard.server.dao.util.TimescaleDBTsDao;
+
+@Service
+@TimescaleDBTsDao
+@Profile("install")
+public class SqlTimescaleDatabaseSchemaService extends SqlAbstractDatabaseSchemaService
+        implements TsDatabaseSchemaService {
+    public SqlTimescaleDatabaseSchemaService() {
+        super("schema-timescale.sql", "schema-timescale-idx.sql");
+    }
+}
--- a/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
+++ b/application/src/main/java/org/thingsboard/server/service/mail/DefaultMailService.java
@ -212,6 +212,21 @@ public class DefaultMailService implements MailService {
        mailSender.send(helper.getMimeMessage());
    }

+    @Override
+    public void sendAccountLockoutEmail( String lockoutEmail, String email, Integer maxFailedLoginAttempts) throws ThingsboardException {
+        String subject = messages.getMessage("account.lockout.subject", null, Locale.US);
+
+        Map<String, Object> model = new HashMap<String, Object>();
+        model.put("lockoutAccount", lockoutEmail);
+        model.put("maxFailedLoginAttempts", maxFailedLoginAttempts);
+        model.put(TARGET_EMAIL, email);
+
+        String message = mergeTemplateIntoString(this.engine,
+                "account.lockout.vm", UTF_8, model);
+
+        sendMail(mailSender, mailFrom, email, subject, message);
+    }
+
    private void sendMail(JavaMailSenderImpl mailSender,
                          String mailFrom, String email,
                          String subject, String message) throws ThingsboardException {
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationDetails.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationDetails.java
@ -0,0 +1,54 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.thingsboard.server.service.security.auth.rest;
+
+import lombok.Data;
+import ua_parser.Client;
+import ua_parser.Parser;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
+import java.io.Serializable;
+
+@Data
+public class RestAuthenticationDetails implements Serializable {
+
+    private final String clientAddress;
+    private final Client userAgent;
+
+    public RestAuthenticationDetails(HttpServletRequest request) {
+        this.clientAddress = getClientIP(request);
+        this.userAgent = getUserAgent(request);
+    }
+
+    private static String getClientIP(HttpServletRequest request) {
+        String xfHeader = request.getHeader("X-Forwarded-For");
+        if (xfHeader == null) {
+            return request.getRemoteAddr();
+        }
+        return xfHeader.split(",")[0];
+    }
+
+    private static Client getUserAgent(HttpServletRequest request) {
+        try {
+            Parser uaParser = new Parser();
+            return uaParser.parse(request.getHeader("User-Agent"));
+        } catch (IOException e) {
+            return new Client(null, null, null);
+        }
+    }
+}
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationDetailsSource.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationDetailsSource.java
@ -0,0 +1,29 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.thingsboard.server.service.security.auth.rest;
+
+import org.springframework.security.authentication.AuthenticationDetailsSource;
+
+import javax.servlet.http.HttpServletRequest;
+
+public class RestAuthenticationDetailsSource implements
+        AuthenticationDetailsSource<HttpServletRequest, RestAuthenticationDetails> {
+
+    public RestAuthenticationDetails buildDetails(HttpServletRequest context) {
+        return new RestAuthenticationDetails(context);
+    }
+}
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestAuthenticationProvider.java
@ -15,45 +15,55 @@
 */
 package org.thingsboard.server.service.security.auth.rest;

+import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.authentication.BadCredentialsException;
-import org.springframework.security.authentication.DisabledException;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.authentication.LockedException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
 import org.thingsboard.server.common.data.Customer;
 import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EntityId;
 import org.thingsboard.server.common.data.id.TenantId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.security.Authority;
 import org.thingsboard.server.common.data.security.UserCredentials;
+import org.thingsboard.server.dao.audit.AuditLogService;
 import org.thingsboard.server.dao.customer.CustomerService;
 import org.thingsboard.server.dao.user.UserService;
 import org.thingsboard.server.service.security.model.SecurityUser;
 import org.thingsboard.server.service.security.model.UserPrincipal;
+import org.thingsboard.server.service.security.system.SystemSecurityService;
+import ua_parser.Client;

 import java.util.UUID;

@Component
+@Slf4j
 public class RestAuthenticationProvider implements AuthenticationProvider {

-    private final BCryptPasswordEncoder encoder;
+    private final SystemSecurityService systemSecurityService;
    private final UserService userService;
    private final CustomerService customerService;
+    private final AuditLogService auditLogService;

    @Autowired
-    public RestAuthenticationProvider(final UserService userService, final CustomerService customerService, final BCryptPasswordEncoder encoder) {
+    public RestAuthenticationProvider(final UserService userService,
+                                      final CustomerService customerService,
+                                      final SystemSecurityService systemSecurityService,
+                                      final AuditLogService auditLogService) {
        this.userService = userService;
        this.customerService = customerService;
-        this.encoder = encoder;
+        this.systemSecurityService = systemSecurityService;
+        this.auditLogService = auditLogService;
    }

    @Override
@ -69,37 +79,43 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
        if (userPrincipal.getType() == UserPrincipal.Type.USER_NAME) {
            String username = userPrincipal.getValue();
            String password = (String) authentication.getCredentials();
-            return authenticateByUsernameAndPassword(userPrincipal, username, password);
+            return authenticateByUsernameAndPassword(authentication, userPrincipal, username, password);
        } else {
            String publicId = userPrincipal.getValue();
            return authenticateByPublicId(userPrincipal, publicId);
        }
    }

-    private Authentication authenticateByUsernameAndPassword(UserPrincipal userPrincipal, String username, String password) {
+    private Authentication authenticateByUsernameAndPassword(Authentication authentication, UserPrincipal userPrincipal, String username, String password) {
        User user = userService.findUserByEmail(TenantId.SYS_TENANT_ID, username);
        if (user == null) {
            throw new UsernameNotFoundException("User not found: " + username);
        }

-        UserCredentials userCredentials = userService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, user.getId());
-        if (userCredentials == null) {
-            throw new UsernameNotFoundException("User credentials not found");
-        }
-
-        if (!userCredentials.isEnabled()) {
-            throw new DisabledException("User is not active");
-        }
+        try {

-        if (!encoder.matches(password, userCredentials.getPassword())) {
-            throw new BadCredentialsException("Authentication Failed. Username or Password not valid.");
-        }
+            UserCredentials userCredentials = userService.findUserCredentialsByUserId(TenantId.SYS_TENANT_ID, user.getId());
+            if (userCredentials == null) {
+                throw new UsernameNotFoundException("User credentials not found");
+            }

-        if (user.getAuthority() == null) throw new InsufficientAuthenticationException("User has no authority assigned");
+            try {
+                systemSecurityService.validateUserCredentials(user.getTenantId(), userCredentials, username, password);
+            } catch (LockedException e) {
+                logLoginAction(user, authentication, ActionType.LOCKOUT, null);
+                throw e;
+            }

-        SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
+            if (user.getAuthority() == null)
+                throw new InsufficientAuthenticationException("User has no authority assigned");

-        return new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities());
+            SecurityUser securityUser = new SecurityUser(user, userCredentials.isEnabled(), userPrincipal);
+            logLoginAction(user, authentication, ActionType.LOGIN, null);
+            return new UsernamePasswordAuthenticationToken(securityUser, null, securityUser.getAuthorities());
+        } catch (Exception e) {
+            logLoginAction(user, authentication, ActionType.LOGIN, e);
+            throw e;
+        }
    }

    private Authentication authenticateByPublicId(UserPrincipal userPrincipal, String publicId) {
@ -133,4 +149,53 @@ public class RestAuthenticationProvider implements AuthenticationProvider {
    public boolean supports(Class<?> authentication) {
        return (UsernamePasswordAuthenticationToken.class.isAssignableFrom(authentication));
    }
+
+    private void logLoginAction(User user, Authentication authentication, ActionType actionType, Exception e) {
+        String clientAddress = "Unknown";
+        String browser = "Unknown";
+        String os = "Unknown";
+        String device = "Unknown";
+        if (authentication != null && authentication.getDetails() != null) {
+            if (authentication.getDetails() instanceof RestAuthenticationDetails) {
+                RestAuthenticationDetails details = (RestAuthenticationDetails)authentication.getDetails();
+                clientAddress = details.getClientAddress();
+                if (details.getUserAgent() != null) {
+                    Client userAgent = details.getUserAgent();
+                    if (userAgent.userAgent != null) {
+                        browser = userAgent.userAgent.family;
+                        if (userAgent.userAgent.major != null) {
+                            browser += " " + userAgent.userAgent.major;
+                            if (userAgent.userAgent.minor != null) {
+                                browser += "." + userAgent.userAgent.minor;
+                                if (userAgent.userAgent.patch != null) {
+                                    browser += "." + userAgent.userAgent.patch;
+                                }
+                            }
+                        }
+                    }
+                    if (userAgent.os != null) {
+                        os = userAgent.os.family;
+                        if (userAgent.os.major != null) {
+                            os += " " + userAgent.os.major;
+                            if (userAgent.os.minor != null) {
+                                os += "." + userAgent.os.minor;
+                                if (userAgent.os.patch != null) {
+                                    os += "." + userAgent.os.patch;
+                                    if (userAgent.os.patchMinor != null) {
+                                        os += "." + userAgent.os.patchMinor;
+                                    }
+                                }
+                            }
+                        }
+                    }
+                    if (userAgent.device != null) {
+                        device = userAgent.device.family;
+                    }
+                }
+            }
+        }
+        auditLogService.logEntityAction(
+                user.getTenantId(), user.getCustomerId(), user.getId(),
+                user.getName(), user.getId(), null, actionType, e, clientAddress, browser, os, device);
+    }
 }
--- a/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestLoginProcessingFilter.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/auth/rest/RestLoginProcessingFilter.java
@ -19,6 +19,7 @@ import com.fasterxml.jackson.databind.ObjectMapper;
 import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationDetailsSource;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@ -27,6 +28,7 @@ import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.authentication.AuthenticationFailureHandler;
 import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
+import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
 import org.thingsboard.server.service.security.exception.AuthMethodNotSupportedException;
 import org.thingsboard.server.service.security.model.UserPrincipal;

@ -39,6 +41,8 @@ import java.io.IOException;
@Slf4j
 public class RestLoginProcessingFilter extends AbstractAuthenticationProcessingFilter {

+    private final AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new RestAuthenticationDetailsSource();
+
    private final AuthenticationSuccessHandler successHandler;
    private final AuthenticationFailureHandler failureHandler;

@ -76,7 +80,7 @@ public class RestLoginProcessingFilter extends AbstractAuthenticationProcessingF
        UserPrincipal principal = new UserPrincipal(UserPrincipal.Type.USER_NAME, loginRequest.getUsername());

        UsernamePasswordAuthenticationToken token = new UsernamePasswordAuthenticationToken(principal, loginRequest.getPassword());
-
+        token.setDetails(authenticationDetailsSource.buildDetails(request));
        return this.getAuthenticationManager().authenticate(token);
    }

--- a/application/src/main/java/org/thingsboard/server/service/security/exception/UserPasswordExpiredException.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/exception/UserPasswordExpiredException.java
@ -0,0 +1,33 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.exception;
+
+import org.springframework.security.authentication.CredentialsExpiredException;
+
+public class UserPasswordExpiredException extends CredentialsExpiredException {
+
+    private final String resetToken;
+
+    public UserPasswordExpiredException(String msg, String resetToken) {
+        super(msg);
+        this.resetToken = resetToken;
+    }
+
+    public String getResetToken() {
+        return resetToken;
+    }
+
+}
--- a/application/src/main/java/org/thingsboard/server/service/security/model/SecuritySettings.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/SecuritySettings.java
@ -0,0 +1,29 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.model;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+@Data
+public class SecuritySettings implements Serializable {
+
+    private UserPasswordPolicy passwordPolicy;
+
+    private Integer maxFailedLoginAttempts;
+    private String userLockoutNotificationEmail;
+}
--- a/application/src/main/java/org/thingsboard/server/service/security/model/UserPasswordPolicy.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/model/UserPasswordPolicy.java
@ -0,0 +1,34 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.model;
+
+import lombok.Data;
+
+import java.io.Serializable;
+
+@Data
+public class UserPasswordPolicy implements Serializable {
+
+    private Integer minimumLength;
+    private Integer minimumUppercaseLetters;
+    private Integer minimumLowercaseLetters;
+    private Integer minimumDigits;
+    private Integer minimumSpecialCharacters;
+
+    private Integer passwordExpirationPeriodDays;
+    private Integer passwordReuseFrequencyDays;
+
+}
--- a/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/DefaultSystemSecurityService.java
@ -0,0 +1,204 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.system;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.node.ObjectNode;
+import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
+import org.passay.CharacterRule;
+import org.passay.EnglishCharacterData;
+import org.passay.LengthRule;
+import org.passay.PasswordData;
+import org.passay.PasswordValidator;
+import org.passay.Rule;
+import org.passay.RuleResult;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.cache.annotation.CacheEvict;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.DisabledException;
+import org.springframework.security.authentication.LockedException;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+import org.springframework.stereotype.Service;
+import org.thingsboard.rule.engine.api.MailService;
+import org.thingsboard.server.common.data.AdminSettings;
+import org.thingsboard.server.common.data.User;
+import org.thingsboard.server.common.data.exception.ThingsboardException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.security.UserCredentials;
+import org.thingsboard.server.dao.audit.AuditLogService;
+import org.thingsboard.server.dao.exception.DataValidationException;
+import org.thingsboard.server.dao.settings.AdminSettingsService;
+import org.thingsboard.server.dao.user.UserService;
+import org.thingsboard.server.dao.user.UserServiceImpl;
+import org.thingsboard.server.service.security.exception.UserPasswordExpiredException;
+import org.thingsboard.server.service.security.model.SecuritySettings;
+import org.thingsboard.server.service.security.model.UserPasswordPolicy;
+
+import javax.annotation.Resource;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+import static org.thingsboard.server.common.data.CacheConstants.SECURITY_SETTINGS_CACHE;
+
+@Service
+@Slf4j
+public class DefaultSystemSecurityService implements SystemSecurityService {
+
+    private static final ObjectMapper objectMapper = new ObjectMapper();
+
+    @Autowired
+    private AdminSettingsService adminSettingsService;
+
+    @Autowired
+    private BCryptPasswordEncoder encoder;
+
+    @Autowired
+    private UserService userService;
+
+    @Autowired
+    private MailService mailService;
+
+    @Resource
+    private SystemSecurityService self;
+
+    @Cacheable(cacheNames = SECURITY_SETTINGS_CACHE, key = "'securitySettings'")
+    @Override
+    public SecuritySettings getSecuritySettings(TenantId tenantId) {
+        SecuritySettings securitySettings = null;
+        AdminSettings adminSettings = adminSettingsService.findAdminSettingsByKey(tenantId, "securitySettings");
+        if (adminSettings != null) {
+            try {
+                securitySettings = objectMapper.treeToValue(adminSettings.getJsonValue(), SecuritySettings.class);
+            } catch (Exception e) {
+                throw new RuntimeException("Failed to load security settings!", e);
+            }
+        } else {
+            securitySettings = new SecuritySettings();
+            securitySettings.setPasswordPolicy(new UserPasswordPolicy());
+            securitySettings.getPasswordPolicy().setMinimumLength(6);
+        }
+        return securitySettings;
+    }
+
+    @CacheEvict(cacheNames = SECURITY_SETTINGS_CACHE, key = "'securitySettings'")
+    @Override
+    public SecuritySettings saveSecuritySettings(TenantId tenantId, SecuritySettings securitySettings) {
+        AdminSettings adminSettings = adminSettingsService.findAdminSettingsByKey(tenantId, "securitySettings");
+        if (adminSettings == null) {
+            adminSettings = new AdminSettings();
+            adminSettings.setKey("securitySettings");
+        }
+        adminSettings.setJsonValue(objectMapper.valueToTree(securitySettings));
+        AdminSettings savedAdminSettings = adminSettingsService.saveAdminSettings(tenantId, adminSettings);
+        try {
+            return objectMapper.treeToValue(savedAdminSettings.getJsonValue(), SecuritySettings.class);
+        } catch (Exception e) {
+            throw new RuntimeException("Failed to load security settings!", e);
+        }
+    }
+
+    @Override
+    public void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String username, String password) throws AuthenticationException {
+        if (!encoder.matches(password, userCredentials.getPassword())) {
+            int failedLoginAttempts = userService.onUserLoginIncorrectCredentials(tenantId, userCredentials.getUserId());
+            SecuritySettings securitySettings = getSecuritySettings(tenantId);
+            if (securitySettings.getMaxFailedLoginAttempts() != null && securitySettings.getMaxFailedLoginAttempts() > 0) {
+                if (failedLoginAttempts > securitySettings.getMaxFailedLoginAttempts() && userCredentials.isEnabled()) {
+                    userService.setUserCredentialsEnabled(TenantId.SYS_TENANT_ID, userCredentials.getUserId(), false);
+                    if (StringUtils.isNoneBlank(securitySettings.getUserLockoutNotificationEmail())) {
+                        try {
+                            mailService.sendAccountLockoutEmail(username, securitySettings.getUserLockoutNotificationEmail(), securitySettings.getMaxFailedLoginAttempts());
+                        } catch (ThingsboardException e) {
+                            log.warn("Can't send email regarding user account [{}] lockout to provided email [{}]", username, securitySettings.getUserLockoutNotificationEmail(), e);
+                        }
+                    }
+                    throw new LockedException("Authentication Failed. Username was locked due to security policy.");
+                }
+            }
+            throw new BadCredentialsException("Authentication Failed. Username or Password not valid.");
+        }
+
+        if (!userCredentials.isEnabled()) {
+            throw new DisabledException("User is not active");
+        }
+
+        userService.onUserLoginSuccessful(tenantId, userCredentials.getUserId());
+
+        SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
+        if (isPositiveInteger(securitySettings.getPasswordPolicy().getPasswordExpirationPeriodDays())) {
+            if ((userCredentials.getCreatedTime()
+                    + TimeUnit.DAYS.toMillis(securitySettings.getPasswordPolicy().getPasswordExpirationPeriodDays()))
+                < System.currentTimeMillis()) {
+                userCredentials = userService.requestExpiredPasswordReset(tenantId, userCredentials.getId());
+                throw new UserPasswordExpiredException("User password expired!", userCredentials.getResetToken());
+            }
+        }
+    }
+
+    @Override
+    public void validatePassword(TenantId tenantId, String password, UserCredentials userCredentials) throws DataValidationException {
+        SecuritySettings securitySettings = self.getSecuritySettings(tenantId);
+        UserPasswordPolicy passwordPolicy = securitySettings.getPasswordPolicy();
+
+        List<Rule> passwordRules = new ArrayList<>();
+        passwordRules.add(new LengthRule(passwordPolicy.getMinimumLength(), Integer.MAX_VALUE));
+        if (isPositiveInteger(passwordPolicy.getMinimumUppercaseLetters())) {
+            passwordRules.add(new CharacterRule(EnglishCharacterData.UpperCase, passwordPolicy.getMinimumUppercaseLetters()));
+        }
+        if (isPositiveInteger(passwordPolicy.getMinimumLowercaseLetters())) {
+            passwordRules.add(new CharacterRule(EnglishCharacterData.LowerCase, passwordPolicy.getMinimumLowercaseLetters()));
+        }
+        if (isPositiveInteger(passwordPolicy.getMinimumDigits())) {
+            passwordRules.add(new CharacterRule(EnglishCharacterData.Digit, passwordPolicy.getMinimumDigits()));
+        }
+        if (isPositiveInteger(passwordPolicy.getMinimumSpecialCharacters())) {
+            passwordRules.add(new CharacterRule(EnglishCharacterData.Special, passwordPolicy.getMinimumSpecialCharacters()));
+        }
+        PasswordValidator validator = new PasswordValidator(passwordRules);
+        PasswordData passwordData = new PasswordData(password);
+        RuleResult result = validator.validate(passwordData);
+        if (!result.isValid()) {
+            String message = String.join("\n", validator.getMessages(result));
+            throw new DataValidationException(message);
+        }
+
+        if (userCredentials != null && isPositiveInteger(passwordPolicy.getPasswordReuseFrequencyDays())) {
+            long passwordReuseFrequencyTs = System.currentTimeMillis() - TimeUnit.DAYS.toMillis(passwordPolicy.getPasswordReuseFrequencyDays());
+            User user = userService.findUserById(tenantId, userCredentials.getUserId());
+            JsonNode additionalInfo = user.getAdditionalInfo();
+            if (additionalInfo instanceof ObjectNode && additionalInfo.has(UserServiceImpl.USER_PASSWORD_HISTORY)) {
+                JsonNode userPasswordHistoryJson = additionalInfo.get(UserServiceImpl.USER_PASSWORD_HISTORY);
+                Map<String, String> userPasswordHistoryMap = objectMapper.convertValue(userPasswordHistoryJson, Map.class);
+                for (Map.Entry<String, String> entry : userPasswordHistoryMap.entrySet()) {
+                    if (encoder.matches(password, entry.getValue()) && Long.parseLong(entry.getKey()) > passwordReuseFrequencyTs) {
+                        throw new DataValidationException("Password was already used for the last " + passwordPolicy.getPasswordReuseFrequencyDays() + " days");
+                    }
+                }
+
+            }
+        }
+    }
+
+    private static boolean isPositiveInteger(Integer val) {
+        return val != null && val.intValue() > 0;
+    }
+}
--- a/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
+++ b/application/src/main/java/org/thingsboard/server/service/security/system/SystemSecurityService.java
@ -0,0 +1,34 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.service.security.system;
+
+import org.springframework.security.core.AuthenticationException;
+import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.security.UserCredentials;
+import org.thingsboard.server.dao.exception.DataValidationException;
+import org.thingsboard.server.service.security.model.SecuritySettings;
+
+public interface SystemSecurityService {
+
+    SecuritySettings getSecuritySettings(TenantId tenantId);
+
+    SecuritySettings saveSecuritySettings(TenantId tenantId, SecuritySettings securitySettings);
+
+    void validateUserCredentials(TenantId tenantId, UserCredentials userCredentials, String username, String password) throws AuthenticationException;
+
+    void validatePassword(TenantId tenantId, String password, UserCredentials userCredentials) throws DataValidationException;
+
+}
--- a/application/src/main/java/org/thingsboard/server/service/telemetry/DefaultTelemetrySubscriptionService.java
+++ b/application/src/main/java/org/thingsboard/server/service/telemetry/DefaultTelemetrySubscriptionService.java
@ -25,7 +25,7 @@ import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 import org.thingsboard.rule.engine.api.msg.DeviceAttributesEventNotificationMsg;
-import org.thingsboard.rule.engine.api.util.DonAsynchron;
+import org.thingsboard.common.util.DonAsynchron;
 import org.thingsboard.server.actors.service.ActorService;
 import org.thingsboard.server.common.data.DataConstants;
 import org.thingsboard.server.common.data.EntityType;
--- a/application/src/main/java/org/thingsboard/server/service/transport/LocalTransportService.java
+++ b/application/src/main/java/org/thingsboard/server/service/transport/LocalTransportService.java
@ -20,7 +20,7 @@ import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.stereotype.Service;
-import org.thingsboard.rule.engine.api.util.DonAsynchron;
+import org.thingsboard.common.util.DonAsynchron;
 import org.thingsboard.server.actors.ActorSystemContext;
 import org.thingsboard.server.common.data.id.DeviceId;
 import org.thingsboard.server.common.data.id.TenantId;
--- a/application/src/main/resources/i18n/messages.properties
+++ b/application/src/main/resources/i18n/messages.properties
@ -3,3 +3,4 @@ activation.subject=Your account activation on Thingsboard
 account.activated.subject=Thingsboard - your account has been activated
 reset.password.subject=Thingsboard - Password reset has been requested
 password.was.reset.subject=Thingsboard - your account password has been reset
+account.lockout.subject=Thingsboard - User account has been lockout
--- a/application/src/main/resources/templates/account.lockout.vm
+++ b/application/src/main/resources/templates/account.lockout.vm
@ -0,0 +1,112 @@
+#*
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *#
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+<head>
+<meta name="viewport" content="width=device-width" />
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<title>Thingsboard - Account Lockout</title>
+
+
+<style type="text/css">
+img {
+max-width: 100%;
+}
+body {
+-webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em;
+}
+body {
+background-color: #f6f6f6;
+}
+@media only screen and (max-width: 640px) {
+  body {
+    padding: 0 !important;
+  }
+  h1 {
+    font-weight: 800 !important; margin: 20px 0 5px !important;
+  }
+  h2 {
+    font-weight: 800 !important; margin: 20px 0 5px !important;
+  }
+  h3 {
+    font-weight: 800 !important; margin: 20px 0 5px !important;
+  }
+  h4 {
+    font-weight: 800 !important; margin: 20px 0 5px !important;
+  }
+  h1 {
+    font-size: 22px !important;
+  }
+  h2 {
+    font-size: 18px !important;
+  }
+  h3 {
+    font-size: 16px !important;
+  }
+  .container {
+    padding: 0 !important; width: 100% !important;
+  }
+  .content {
+    padding: 0 !important;
+  }
+  .content-wrap {
+    padding: 10px !important;
+  }
+  .invoice {
+    width: 100% !important;
+  }
+}
+</style>
+</head>
+
+<body itemscope itemtype="http://schema.org/EmailMessage" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; -webkit-font-smoothing: antialiased; -webkit-text-size-adjust: none; width: 100% !important; height: 100%; line-height: 1.6em; background-color: #f6f6f6; margin: 0;" bgcolor="#f6f6f6">
+
+<table class="body-wrap" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; background-color: #f6f6f6; margin: 0;" bgcolor="#f6f6f6"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;" valign="top"></td>
+		<td class="container" width="600" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; display: block !important; max-width: 600px !important; clear: both !important; margin: 0 auto;" valign="top">
+			<div class="content" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; max-width: 600px; display: block; margin: 0 auto; padding: 20px;">
+				<table class="main" width="100%" cellpadding="0" cellspacing="0" itemprop="action" itemscope itemtype="http://schema.org/ConfirmAction" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; border-radius: 3px; background-color: #fff; margin: 0; border: 1px solid #e9e9e9;" bgcolor="#fff"><tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;"><td class="content-wrap" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 20px;" valign="top">
+							<meta itemprop="name" content="Confirm Email" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;" /><table width="100%" cellpadding="0" cellspacing="0" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">								
+								<tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+									<td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; color: #348eda; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
+										<h2>Thingsboard user account has been locked out</h2>
+									</td>
+								</tr>
+								<tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+									<td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
+										Thingsboard user account $lockoutAccount has been lockout due to failed credentials were provided more than $maxFailedLoginAttempts times.
+									</td>
+								</tr>
+								<tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+									<td class="content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0; padding: 0 0 20px;" valign="top">
+										&mdash; The Thingsboard
+									</td>
+								</tr></table></td>
+							</tr>
+				</table>
+				<div class="footer" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; width: 100%; clear: both; color: #999; margin: 0; padding: 20px;">
+					<table width="100%" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+						<tr style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; margin: 0;">
+							<td class="aligncenter content-block" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 12px; vertical-align: top; color: #999; text-align: center; margin: 0; padding: 0 0 20px;" align="center" valign="top">This email was sent to <a href="mailto:$targetEmail" style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 12px; color: #999; text-decoration: underline; margin: 0;">$targetEmail</a> by Thingsboard.</td>
+						</tr>
+					</table>
+				</div>
+			</div>
+		</td>
+		<td style="font-family: 'Helvetica Neue',Helvetica,Arial,sans-serif; box-sizing: border-box; font-size: 14px; vertical-align: top; margin: 0;" valign="top"></td>
+	</tr>
+</table>
+</body>
+</html>
--- a/application/src/main/resources/thingsboard.yml
+++ b/application/src/main/resources/thingsboard.yml
@ -119,8 +119,9 @@ database:
  entities:
    type: "${DATABASE_ENTITIES_TYPE:sql}" # cassandra OR sql
  ts:
-    type: "${DATABASE_TS_TYPE:sql}" # cassandra OR sql (for hybrid mode, only this value should be cassandra)
+    type: "${DATABASE_TS_TYPE:sql}" # cassandra, sql, or timescale (for hybrid mode, DATABASE_TS_TYPE value should be cassandra, or timescale)

+# note: timescale works only with postgreSQL database for DATABASE_ENTITIES_TYPE.

 # Cassandra driver configuration parameters
 cassandra:
@ -189,10 +190,10 @@ cassandra:

 # SQL configuration parameters
 sql:
-    # Specify executor service type used to perform timeseries insert tasks: SINGLE FIXED CACHED
+    # Specify executor service type used to perform timeseries insert tasks: SINGLE or FIXED
    ts_inserts_executor_type: "${SQL_TS_INSERTS_EXECUTOR_TYPE:fixed}"
    # Specify thread pool size for FIXED executor service type
-    ts_inserts_fixed_thread_pool_size: "${SQL_TS_INSERTS_FIXED_THREAD_POOL_SIZE:10}"
+    ts_inserts_fixed_thread_pool_size: "${SQL_TS_INSERTS_FIXED_THREAD_POOL_SIZE:200}"

 # Actor system parameters
 actors:
@ -221,7 +222,7 @@ actors:
      error_persist_frequency: "${ACTORS_RULE_CHAIN_ERROR_FREQUENCY:3000}"
      debug_mode_rate_limits_per_tenant:
        enabled: "${ACTORS_RULE_CHAIN_DEBUG_MODE_RATE_LIMITS_PER_TENANT_ENABLED:true}"
-        configuration: "${ACTORS_RULE_CHAIN_DEBUG_MODE_RATE_LIMITS_PER_TENANT_CONFIGURATION:500:3600}"
+        configuration: "${ACTORS_RULE_CHAIN_DEBUG_MODE_RATE_LIMITS_PER_TENANT_CONFIGURATION:50000:3600}"
    node:
      # Errors for particular actor are persisted once per specified amount of milliseconds
      error_persist_frequency: "${ACTORS_RULE_NODE_ERROR_FREQUENCY:3000}"
@ -269,6 +270,9 @@ caffeine:
    claimDevices:
      timeToLiveInMinutes: 1
      maxSize: 100000
+    securitySettings:
+      timeToLiveInMinutes: 1440
+      maxSize: 1

 redis:
  # standalone or cluster
@ -324,6 +328,8 @@ spring:
    url: "${SPRING_DATASOURCE_URL:jdbc:postgresql://localhost:5432/thingsboard}"
    username: "${SPRING_DATASOURCE_USERNAME:postgres}"
    password: "${SPRING_DATASOURCE_PASSWORD:postgres}"
+    hikari:
+      maximumPoolSize: "${SPRING_DATASOURCE_MAXIMUM_POOL_SIZE:50}"

 # Audit log parameters
 audit-log:
@ -485,3 +491,18 @@ transport:
    bind_address: "${COAP_BIND_ADDRESS:0.0.0.0}"
    bind_port: "${COAP_BIND_PORT:5683}"
    timeout: "${COAP_TIMEOUT:10000}"
+
+swagger:
+  api_path_regex: "${SWAGGER_API_PATH_REGEX:/api.*}"
+  security_path_regex: "${SWAGGER_SECURITY_PATH_REGEX:/api.*}"
+  non_security_path_regex: "${SWAGGER_NON_SECURITY_PATH_REGEX:/api/noauth.*}"
+  title: "${SWAGGER_TITLE:Thingsboard REST API}"
+  description: "${SWAGGER_DESCRIPTION:For instructions how to authorize requests please visit <a href='http://thingsboard.io/docs/reference/rest-api/'>REST API documentation page</a>.}"
+  contact:
+    name: "${SWAGGER_CONTACT_NAME:Thingsboard team}"
+    url: "${SWAGGER_CONTACT_URL:http://thingsboard.io}"
+    email: "${SWAGGER_CONTACT_EMAIL:info@thingsboard.io}"
+  license:
+    title: "${SWAGGER_LICENSE_TITLE:Apache License Version 2.0}"
+    url: "${SWAGGER_LICENSE_URL:https://github.com/thingsboard/thingsboard/blob/master/LICENSE}"
+  version: "${SWAGGER_VERSION:2.0}"
--- a/application/src/test/java/org/thingsboard/server/controller/BaseAdminControllerTest.java
+++ b/application/src/test/java/org/thingsboard/server/controller/BaseAdminControllerTest.java
@ -105,18 +105,6 @@ public abstract class BaseAdminControllerTest extends AbstractControllerTest {
        .andExpect(statusReason(containsString("Provided json structure is different")));
    }
    
-    @Test
-    public void testSaveAdminSettingsWithNonTextValue() throws Exception {
-        loginSysAdmin();
-        AdminSettings adminSettings = doGet("/api/admin/settings/mail", AdminSettings.class); 
-        JsonNode json = adminSettings.getJsonValue();
-        ((ObjectNode) json).put("timeout", 10000L);
-        adminSettings.setJsonValue(json);
-        doPost("/api/admin/settings", adminSettings)
-        .andExpect(status().isBadRequest())
-        .andExpect(statusReason(containsString("Provided json structure can't contain non-text values")));
-    }
-    
    @Test
    public void testSendTestMail() throws Exception {
        loginSysAdmin();
--- a/common/dao-api/pom.xml
+++ b/common/dao-api/pom.xml
@ -0,0 +1,117 @@
+<!--
+
+    Copyright © 2016-2019 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.thingsboard</groupId>
+        <version>2.4.1</version>
+        <artifactId>common</artifactId>
+    </parent>
+    <groupId>org.thingsboard.common</groupId>
+    <artifactId>dao-api</artifactId>
+    <packaging>jar</packaging>
+
+    <name>Thingsboard Server Common DAO API</name>
+    <url>https://thingsboard.io</url>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <main.dir>${basedir}/../..</main.dir>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>org.thingsboard.common</groupId>
+            <artifactId>data</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.thingsboard.common</groupId>
+            <artifactId>message</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>com.github.fge</groupId>
+            <artifactId>json-schema-validator</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>log4j-over-slf4j</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+        </dependency>
+		<dependency>
+			<groupId>com.fasterxml.jackson.core</groupId>
+			<artifactId>jackson-databind</artifactId>
+		</dependency>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-autoconfigure</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.datastax.cassandra</groupId>
+            <artifactId>cassandra-driver-core</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.datastax.cassandra</groupId>
+            <artifactId>cassandra-driver-mapping</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>com.datastax.cassandra</groupId>
+            <artifactId>cassandra-driver-extras</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.apache.commons</groupId>
+            <artifactId>commons-lang3</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-all</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+        </plugins>
+    </build>
+
+</project>
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/alarm/AlarmService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/alarm/AlarmService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/asset/AssetService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/asset/AssetService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/attributes/AttributesService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/attributes/AttributesService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/audit/AuditLogService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/audit/AuditLogService.java
@ -32,13 +32,13 @@ import java.util.List;

 public interface AuditLogService {

-    TimePageData<AuditLog> findAuditLogsByTenantIdAndCustomerId(TenantId tenantId, CustomerId customerId, TimePageLink pageLink);
+    TimePageData<AuditLog> findAuditLogsByTenantIdAndCustomerId(TenantId tenantId, CustomerId customerId, List<ActionType> actionTypes, TimePageLink pageLink);

-    TimePageData<AuditLog> findAuditLogsByTenantIdAndUserId(TenantId tenantId, UserId userId, TimePageLink pageLink);
+    TimePageData<AuditLog> findAuditLogsByTenantIdAndUserId(TenantId tenantId, UserId userId, List<ActionType> actionTypes, TimePageLink pageLink);

-    TimePageData<AuditLog> findAuditLogsByTenantIdAndEntityId(TenantId tenantId, EntityId entityId, TimePageLink pageLink);
+    TimePageData<AuditLog> findAuditLogsByTenantIdAndEntityId(TenantId tenantId, EntityId entityId, List<ActionType> actionTypes, TimePageLink pageLink);

-    TimePageData<AuditLog> findAuditLogsByTenantId(TenantId tenantId, TimePageLink pageLink);
+    TimePageData<AuditLog> findAuditLogsByTenantId(TenantId tenantId, List<ActionType> actionTypes, TimePageLink pageLink);

    <E extends HasName, I extends EntityId> ListenableFuture<List<Void>> logEntityAction(
            TenantId tenantId,
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/AbstractCassandraCluster.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/AbstractCassandraCluster.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/CassandraCluster.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/CassandraCluster.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/CassandraInstallCluster.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/CassandraInstallCluster.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/CassandraQueryOptions.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/CassandraQueryOptions.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/CassandraSocketOptions.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/cassandra/CassandraSocketOptions.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/component/ComponentDescriptorService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/component/ComponentDescriptorService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/customer/CustomerService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/customer/CustomerService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/dashboard/DashboardService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/dashboard/DashboardService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/device/DeviceCredentialsService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/device/DeviceService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/device/DeviceService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/entity/EntityService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/entity/EntityService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/entityview/EntityViewService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/entityview/EntityViewService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/event/EventService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/event/EventService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/nosql/CassandraStatementTask.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/nosql/CassandraStatementTask.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/relation/RelationService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/relation/RelationService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/rule/RuleChainService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/rule/RuleChainService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/settings/AdminSettingsService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/settings/AdminSettingsService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/tenant/TenantService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/tenant/TenantService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/timeseries/TimeseriesService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/timeseries/TimeseriesService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/user/UserService.java
@ -19,6 +19,7 @@ import com.google.common.util.concurrent.ListenableFuture;
 import org.thingsboard.server.common.data.User;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.TenantId;
+import org.thingsboard.server.common.data.id.UserCredentialsId;
 import org.thingsboard.server.common.data.id.UserId;
 import org.thingsboard.server.common.data.page.TextPageData;
 import org.thingsboard.server.common.data.page.TextPageLink;
@ -46,6 +47,10 @@ public interface UserService {
 	
 	UserCredentials requestPasswordReset(TenantId tenantId, String email);

+    UserCredentials requestExpiredPasswordReset(TenantId tenantId, UserCredentialsId userCredentialsId);
+
+    UserCredentials replaceUserCredentials(TenantId tenantId, UserCredentials userCredentials);
+
 	void deleteUser(TenantId tenantId, UserId userId);
 	
 	TextPageData<User> findTenantAdmins(TenantId tenantId, TextPageLink pageLink);
@ -55,5 +60,10 @@ public interface UserService {
 	TextPageData<User> findCustomerUsers(TenantId tenantId, CustomerId customerId, TextPageLink pageLink);
 	    
 	void deleteCustomerUsers(TenantId tenantId, CustomerId customerId);
-	
+
+	void setUserCredentialsEnabled(TenantId tenantId, UserId userId, boolean enabled);
+
+	void onUserLoginSuccessful(TenantId tenantId, UserId userId);
+
+	int onUserLoginIncorrectCredentials(TenantId tenantId, UserId userId);
 }
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/util/AsyncTask.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/util/AsyncTask.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/util/HsqlDao.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/util/HsqlDao.java
@ -0,0 +1,22 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao.util;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+
+@ConditionalOnProperty(prefix = "spring.jpa", value = "database-platform", havingValue = "org.hibernate.dialect.HSQLDialect")
+public @interface HsqlDao {
+}
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/util/NoSqlAnyDao.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/util/NoSqlAnyDao.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/util/NoSqlDao.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/util/NoSqlDao.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/util/NoSqlTsDao.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/util/NoSqlTsDao.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/util/PsqlDao.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/util/PsqlDao.java
@ -0,0 +1,22 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao.util;
+
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+
+@ConditionalOnProperty(prefix = "spring.jpa", value = "database-platform", havingValue = "org.hibernate.dialect.PostgreSQLDialect")
+public @interface PsqlDao {
+}
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/util/SqlDao.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/util/SqlDao.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/util/SqlTsDao.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/util/SqlTsDao.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/widget/WidgetTypeService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/widget/WidgetTypeService.java
--- a/common/dao-api/src/main/java/org/thingsboard/server/dao/widget/WidgetsBundleService.java
+++ b/common/dao-api/src/main/java/org/thingsboard/server/dao/widget/WidgetsBundleService.java
--- a/common/data/pom.xml
+++ b/common/data/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>common</artifactId>
    </parent>
    <groupId>org.thingsboard.common</groupId>
--- a/common/data/src/main/java/org/thingsboard/server/common/data/CacheConstants.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/CacheConstants.java
@ -23,4 +23,5 @@ public class CacheConstants {
    public static final String ASSET_CACHE = "assets";
    public static final String ENTITY_VIEW_CACHE = "entityViews";
    public static final String CLAIM_DEVICES_CACHE = "claimDevices";
+    public static final String SECURITY_SETTINGS_CACHE = "securitySettings";
 }
--- a/common/data/src/main/java/org/thingsboard/server/common/data/ContactBased.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/ContactBased.java
@ -19,7 +19,7 @@ import lombok.EqualsAndHashCode;
 import org.thingsboard.server.common.data.id.UUIDBased;

@EqualsAndHashCode(callSuper = true)
-public abstract class ContactBased<I extends UUIDBased> extends SearchTextBasedWithAdditionalInfo<I> {
+public abstract class ContactBased<I extends UUIDBased> extends SearchTextBasedWithAdditionalInfo<I> implements HasName {
    
    private static final long serialVersionUID = 5047448057830660988L;
    
--- a/common/data/src/main/java/org/thingsboard/server/common/data/Customer.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/Customer.java
@ -23,7 +23,7 @@ import org.thingsboard.server.common.data.id.TenantId;

 import com.fasterxml.jackson.databind.JsonNode;

-public class Customer extends ContactBased<CustomerId> implements HasName, HasTenantId {
+public class Customer extends ContactBased<CustomerId> implements HasTenantId {
    
    private static final long serialVersionUID = -1599722990298929275L;
    
--- a/common/data/src/main/java/org/thingsboard/server/common/data/Tenant.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/Tenant.java
@ -23,7 +23,7 @@ import org.thingsboard.server.common.data.id.TenantId;
 import com.fasterxml.jackson.databind.JsonNode;

@EqualsAndHashCode(callSuper = true)
-public class Tenant extends ContactBased<TenantId> implements HasName, HasTenantId {
+public class Tenant extends ContactBased<TenantId> implements HasTenantId {

    private static final long serialVersionUID = 8057243243859922101L;
    
--- a/common/data/src/main/java/org/thingsboard/server/common/data/audit/ActionType.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/audit/ActionType.java
@ -37,7 +37,10 @@ public enum ActionType {
    RELATION_DELETED(false),
    RELATIONS_DELETED(false),
    ALARM_ACK(false),
-    ALARM_CLEAR(false);
+    ALARM_CLEAR(false),
+    LOGIN(false),
+    LOGOUT(false),
+    LOCKOUT(false);

    private final boolean isRead;

--- a/common/data/src/main/java/org/thingsboard/server/common/data/exception/ThingsboardErrorCode.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/exception/ThingsboardErrorCode.java
@ -22,6 +22,7 @@ public enum ThingsboardErrorCode {
    GENERAL(2),
    AUTHENTICATION(10),
    JWT_TOKEN_EXPIRED(11),
+    CREDENTIALS_EXPIRED(15),
    PERMISSION_DENIED(20),
    INVALID_ARGUMENTS(30),
    BAD_REQUEST_PARAMS(31),
--- a/common/data/src/main/java/org/thingsboard/server/common/data/relation/RelationsSearchParameters.java
+++ b/common/data/src/main/java/org/thingsboard/server/common/data/relation/RelationsSearchParameters.java
@ -35,17 +35,19 @@ public class RelationsSearchParameters {
    private EntitySearchDirection direction;
    private RelationTypeGroup relationTypeGroup;
    private int maxLevel = 1;
+    private boolean fetchLastLevelOnly;

-    public RelationsSearchParameters(EntityId entityId, EntitySearchDirection direction, int maxLevel) {
-        this(entityId, direction, maxLevel, RelationTypeGroup.COMMON);
+    public RelationsSearchParameters(EntityId entityId, EntitySearchDirection direction, int maxLevel, boolean fetchLastLevelOnly) {
+        this(entityId, direction, maxLevel, RelationTypeGroup.COMMON, fetchLastLevelOnly);
    }

-    public RelationsSearchParameters(EntityId entityId, EntitySearchDirection direction, int maxLevel, RelationTypeGroup relationTypeGroup) {
+    public RelationsSearchParameters(EntityId entityId, EntitySearchDirection direction, int maxLevel, RelationTypeGroup relationTypeGroup, boolean fetchLastLevelOnly) {
        this.rootId = entityId.getId();
        this.rootType = entityId.getEntityType();
        this.direction = direction;
        this.maxLevel = maxLevel;
        this.relationTypeGroup = relationTypeGroup;
+        this.fetchLastLevelOnly = fetchLastLevelOnly;
    }

    public EntityId getEntityId() {
--- a/common/message/pom.xml
+++ b/common/message/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>common</artifactId>
    </parent>
    <groupId>org.thingsboard.common</groupId>
--- a/common/pom.xml
+++ b/common/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>thingsboard</artifactId>
    </parent>
    <artifactId>common</artifactId>
@ -35,9 +35,11 @@
    </properties>
    <modules>
        <module>data</module>
+        <module>util</module>
        <module>message</module>
        <module>queue</module>
        <module>transport</module>
+        <module>dao-api</module>
    </modules>

 </project>
--- a/common/queue/pom.xml
+++ b/common/queue/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>common</artifactId>
    </parent>
    <groupId>org.thingsboard.common</groupId>
--- a/common/transport/coap/pom.xml
+++ b/common/transport/coap/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard.common</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>transport</artifactId>
    </parent>
    <groupId>org.thingsboard.common.transport</groupId>
--- a/common/transport/http/pom.xml
+++ b/common/transport/http/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard.common</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>transport</artifactId>
    </parent>
    <groupId>org.thingsboard.common.transport</groupId>
--- a/common/transport/mqtt/pom.xml
+++ b/common/transport/mqtt/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard.common</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>transport</artifactId>
    </parent>
    <groupId>org.thingsboard.common.transport</groupId>
--- a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportHandler.java
+++ b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/MqttTransportHandler.java
@ -34,6 +34,7 @@ import io.netty.handler.codec.mqtt.MqttSubscribeMessage;
 import io.netty.handler.codec.mqtt.MqttTopicSubscription;
 import io.netty.handler.codec.mqtt.MqttUnsubscribeMessage;
 import io.netty.handler.ssl.SslHandler;
+import io.netty.util.ReferenceCountUtil;
 import io.netty.util.concurrent.Future;
 import io.netty.util.concurrent.GenericFutureListener;
 import lombok.extern.slf4j.Slf4j;
@ -112,10 +113,14 @@ public class MqttTransportHandler extends ChannelInboundHandlerAdapter implement
    @Override
    public void channelRead(ChannelHandlerContext ctx, Object msg) {
        log.trace("[{}] Processing msg: {}", sessionId, msg);
-        if (msg instanceof MqttMessage) {
-            processMqttMsg(ctx, (MqttMessage) msg);
-        } else {
-            ctx.close();
+        try {
+            if (msg instanceof MqttMessage) {
+                processMqttMsg(ctx, (MqttMessage) msg);
+            } else {
+                ctx.close();
+            }
+        } finally {
+            ReferenceCountUtil.safeRelease(msg);
        }
    }

--- a/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/adaptors/JsonMqttAdaptor.java
+++ b/common/transport/mqtt/src/main/java/org/thingsboard/server/transport/mqtt/adaptors/JsonMqttAdaptor.java
@ -212,18 +212,14 @@ public class JsonMqttAdaptor implements MqttTransportAdaptor {
    }

    private static String validatePayload(UUID sessionId, ByteBuf payloadData, boolean isEmptyPayloadAllowed) throws AdaptorException {
-        try {
-            String payload = payloadData.toString(UTF8);
-            if (payload == null) {
-                log.warn("[{}] Payload is empty!", sessionId);
-                if (!isEmptyPayloadAllowed) {
-                    throw new AdaptorException(new IllegalArgumentException("Payload is empty!"));
-                }
+        String payload = payloadData.toString(UTF8);
+        if (payload == null) {
+            log.warn("[{}] Payload is empty!", sessionId);
+            if (!isEmptyPayloadAllowed) {
+                throw new AdaptorException(new IllegalArgumentException("Payload is empty!"));
            }
-            return payload;
-        } finally {
-            payloadData.release();
        }
+        return payload;
    }

 }
--- a/common/transport/pom.xml
+++ b/common/transport/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>common</artifactId>
    </parent>
    <groupId>org.thingsboard.common</groupId>
--- a/common/transport/transport-api/pom.xml
+++ b/common/transport/transport-api/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard.common</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>transport</artifactId>
    </parent>
    <groupId>org.thingsboard.common.transport</groupId>
--- a/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/service/AbstractTransportService.java
+++ b/common/transport/transport-api/src/main/java/org/thingsboard/server/common/transport/service/AbstractTransportService.java
@ -200,7 +200,7 @@ public abstract class AbstractTransportService implements TransportService {
    @Override
    public void deregisterSession(TransportProtos.SessionInfoProto sessionInfo) {
        SessionMetaData currentSession = sessions.get(toId(sessionInfo));
-        if (currentSession.hasScheduledFuture()) {
+        if (currentSession != null && currentSession.hasScheduledFuture()) {
            log.debug("Stopping scheduler to avoid resending response if request has been ack.");
            currentSession.getScheduledFuture().cancel(false);
        }
--- a/common/util/pom.xml
+++ b/common/util/pom.xml
@ -0,0 +1,77 @@
+<!--
+
+    Copyright © 2016-2019 The Thingsboard Authors
+
+    Licensed under the Apache License, Version 2.0 (the "License");
+    you may not use this file except in compliance with the License.
+    You may obtain a copy of the License at
+
+        http://www.apache.org/licenses/LICENSE-2.0
+
+    Unless required by applicable law or agreed to in writing, software
+    distributed under the License is distributed on an "AS IS" BASIS,
+    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+    See the License for the specific language governing permissions and
+    limitations under the License.
+
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+    <parent>
+        <groupId>org.thingsboard</groupId>
+        <version>2.4.1</version>
+        <artifactId>common</artifactId>
+    </parent>
+    <groupId>org.thingsboard.common</groupId>
+    <artifactId>util</artifactId>
+    <packaging>jar</packaging>
+
+    <name>Thingsboard Server Common Utils</name>
+    <url>https://thingsboard.io</url>
+
+    <properties>
+        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+        <main.dir>${basedir}/../..</main.dir>
+    </properties>
+
+    <dependencies>
+        <dependency>
+            <groupId>com.google.guava</groupId>
+            <artifactId>guava</artifactId>
+            <scope>provided</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>slf4j-api</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.slf4j</groupId>
+            <artifactId>log4j-over-slf4j</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>ch.qos.logback</groupId>
+            <artifactId>logback-classic</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>junit</groupId>
+            <artifactId>junit</artifactId>
+            <scope>test</scope>
+        </dependency>
+        <dependency>
+            <groupId>org.mockito</groupId>
+            <artifactId>mockito-all</artifactId>
+            <scope>test</scope>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+        </plugins>
+    </build>
+
+</project>
--- a/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/DonAsynchron.java
+++ b/rule-engine/rule-engine-api/src/main/java/org/thingsboard/rule/engine/api/util/DonAsynchron.java
@ -13,13 +13,12 @@
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
-package org.thingsboard.rule.engine.api.util;
+package org.thingsboard.common.util;

 import com.google.common.util.concurrent.FutureCallback;
 import com.google.common.util.concurrent.Futures;
 import com.google.common.util.concurrent.ListenableFuture;

-import javax.annotation.Nullable;
 import java.util.concurrent.Executor;
 import java.util.function.Consumer;

@ -34,7 +33,7 @@ public class DonAsynchron {
                                         Consumer<Throwable> onFailure, Executor executor) {
        FutureCallback<T> callback = new FutureCallback<T>() {
            @Override
-            public void onSuccess(@Nullable T result) {
+            public void onSuccess(T result) {
                try {
                    onSuccess.accept(result);
                } catch (Throwable th) {
--- a/dao/pom.xml
+++ b/dao/pom.xml
@ -20,7 +20,7 @@
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.thingsboard</groupId>
-        <version>2.4.0</version>
+        <version>2.4.1</version>
        <artifactId>thingsboard</artifactId>
    </parent>
    <artifactId>dao</artifactId>
@ -43,6 +43,10 @@
            <groupId>org.thingsboard.common</groupId>
            <artifactId>message</artifactId>
        </dependency>
+        <dependency>
+            <groupId>org.thingsboard.common</groupId>
+            <artifactId>dao-api</artifactId>
+        </dependency>
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-api</artifactId>
@ -95,10 +99,6 @@
 			<groupId>com.fasterxml.jackson.core</groupId>
 			<artifactId>jackson-databind</artifactId>
 		</dependency>
-        <dependency>
-            <groupId>com.github.fge</groupId>
-            <artifactId>json-schema-validator</artifactId>
-        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-context</artifactId>
--- a/dao/src/main/java/org/thingsboard/server/dao/JpaDaoConfig.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/JpaDaoConfig.java
@ -22,6 +22,7 @@ import org.springframework.context.annotation.Configuration;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
 import org.springframework.transaction.annotation.EnableTransactionManagement;
 import org.thingsboard.server.dao.util.SqlDao;
+import org.thingsboard.server.dao.util.TimescaleDBTsDao;

 /**
 * @author Valerii Sosliuk
--- a/dao/src/main/java/org/thingsboard/server/dao/SqlTsDaoConfig.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/SqlTsDaoConfig.java
@ -0,0 +1,35 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.domain.EntityScan;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
+import org.springframework.transaction.annotation.EnableTransactionManagement;
+import org.thingsboard.server.dao.util.SqlTsDao;
+
+@Configuration
+@EnableAutoConfiguration
+@ComponentScan("org.thingsboard.server.dao.sqlts.ts")
+@EnableJpaRepositories("org.thingsboard.server.dao.sqlts.ts")
+@EntityScan("org.thingsboard.server.dao.model.sqlts.ts")
+@EnableTransactionManagement
+@SqlTsDao
+public class SqlTsDaoConfig {
+
+}
--- a/dao/src/main/java/org/thingsboard/server/dao/TimescaleDaoConfig.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/TimescaleDaoConfig.java
@ -0,0 +1,35 @@
+/**
+ * Copyright © 2016-2019 The Thingsboard Authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.thingsboard.server.dao;
+
+import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
+import org.springframework.boot.autoconfigure.domain.EntityScan;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
+import org.springframework.transaction.annotation.EnableTransactionManagement;
+import org.thingsboard.server.dao.util.TimescaleDBTsDao;
+
+@Configuration
+@EnableAutoConfiguration
+@ComponentScan("org.thingsboard.server.dao.sqlts.timescale")
+@EnableJpaRepositories("org.thingsboard.server.dao.sqlts.timescale")
+@EntityScan("org.thingsboard.server.dao.model.sqlts.timescale")
+@EnableTransactionManagement
+@TimescaleDBTsDao
+public class TimescaleDaoConfig {
+
+}
--- a/dao/src/main/java/org/thingsboard/server/dao/alarm/BaseAlarmService.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/alarm/BaseAlarmService.java
@ -153,7 +153,7 @@ public class BaseAlarmService extends AbstractEntityService implements AlarmServ

    private List<EntityId> getParentEntities(Alarm alarm) throws InterruptedException, ExecutionException {
        EntityRelationsQuery query = new EntityRelationsQuery();
-        query.setParameters(new RelationsSearchParameters(alarm.getOriginator(), EntitySearchDirection.TO, Integer.MAX_VALUE));
+        query.setParameters(new RelationsSearchParameters(alarm.getOriginator(), EntitySearchDirection.TO, Integer.MAX_VALUE, false));
        return relationService.findByQuery(alarm.getTenantId(), query).get().stream().map(EntityRelation::getFrom).collect(Collectors.toList());
    }

--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogDao.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogDao.java
@ -16,6 +16,7 @@
 package org.thingsboard.server.dao.audit;

 import com.google.common.util.concurrent.ListenableFuture;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.audit.AuditLog;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EntityId;
@ -37,11 +38,11 @@ public interface AuditLogDao {

    ListenableFuture<Void> savePartitionsByTenantId(AuditLog auditLog);

-    List<AuditLog> findAuditLogsByTenantIdAndEntityId(UUID tenantId, EntityId entityId, TimePageLink pageLink);
+    List<AuditLog> findAuditLogsByTenantIdAndEntityId(UUID tenantId, EntityId entityId, List<ActionType> actionTypes, TimePageLink pageLink);

-    List<AuditLog> findAuditLogsByTenantIdAndCustomerId(UUID tenantId, CustomerId customerId, TimePageLink pageLink);
+    List<AuditLog> findAuditLogsByTenantIdAndCustomerId(UUID tenantId, CustomerId customerId, List<ActionType> actionTypes, TimePageLink pageLink);

-    List<AuditLog> findAuditLogsByTenantIdAndUserId(UUID tenantId, UserId userId, TimePageLink pageLink);
+    List<AuditLog> findAuditLogsByTenantIdAndUserId(UUID tenantId, UserId userId, List<ActionType> actionTypes, TimePageLink pageLink);

-    List<AuditLog> findAuditLogsByTenantId(UUID tenantId, TimePageLink pageLink);
+    List<AuditLog> findAuditLogsByTenantId(UUID tenantId, List<ActionType> actionTypes, TimePageLink pageLink);
 }
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/AuditLogServiceImpl.java
@ -81,37 +81,37 @@ public class AuditLogServiceImpl implements AuditLogService {
    private AuditLogSink auditLogSink;

    @Override
-    public TimePageData<AuditLog> findAuditLogsByTenantIdAndCustomerId(TenantId tenantId, CustomerId customerId, TimePageLink pageLink) {
+    public TimePageData<AuditLog> findAuditLogsByTenantIdAndCustomerId(TenantId tenantId, CustomerId customerId, List<ActionType> actionTypes, TimePageLink pageLink) {
        log.trace("Executing findAuditLogsByTenantIdAndCustomerId [{}], [{}], [{}]", tenantId, customerId, pageLink);
        validateId(tenantId, INCORRECT_TENANT_ID + tenantId);
        validateId(customerId, "Incorrect customerId " + customerId);
-        List<AuditLog> auditLogs = auditLogDao.findAuditLogsByTenantIdAndCustomerId(tenantId.getId(), customerId, pageLink);
+        List<AuditLog> auditLogs = auditLogDao.findAuditLogsByTenantIdAndCustomerId(tenantId.getId(), customerId, actionTypes, pageLink);
        return new TimePageData<>(auditLogs, pageLink);
    }

    @Override
-    public TimePageData<AuditLog> findAuditLogsByTenantIdAndUserId(TenantId tenantId, UserId userId, TimePageLink pageLink) {
+    public TimePageData<AuditLog> findAuditLogsByTenantIdAndUserId(TenantId tenantId, UserId userId, List<ActionType> actionTypes, TimePageLink pageLink) {
        log.trace("Executing findAuditLogsByTenantIdAndUserId [{}], [{}], [{}]", tenantId, userId, pageLink);
        validateId(tenantId, INCORRECT_TENANT_ID + tenantId);
        validateId(userId, "Incorrect userId" + userId);
-        List<AuditLog> auditLogs = auditLogDao.findAuditLogsByTenantIdAndUserId(tenantId.getId(), userId, pageLink);
+        List<AuditLog> auditLogs = auditLogDao.findAuditLogsByTenantIdAndUserId(tenantId.getId(), userId, actionTypes, pageLink);
        return new TimePageData<>(auditLogs, pageLink);
    }

    @Override
-    public TimePageData<AuditLog> findAuditLogsByTenantIdAndEntityId(TenantId tenantId, EntityId entityId, TimePageLink pageLink) {
+    public TimePageData<AuditLog> findAuditLogsByTenantIdAndEntityId(TenantId tenantId, EntityId entityId, List<ActionType> actionTypes, TimePageLink pageLink) {
        log.trace("Executing findAuditLogsByTenantIdAndEntityId [{}], [{}], [{}]", tenantId, entityId, pageLink);
        validateId(tenantId, INCORRECT_TENANT_ID + tenantId);
        validateEntityId(entityId, INCORRECT_TENANT_ID + entityId);
-        List<AuditLog> auditLogs = auditLogDao.findAuditLogsByTenantIdAndEntityId(tenantId.getId(), entityId, pageLink);
+        List<AuditLog> auditLogs = auditLogDao.findAuditLogsByTenantIdAndEntityId(tenantId.getId(), entityId, actionTypes, pageLink);
        return new TimePageData<>(auditLogs, pageLink);
    }

    @Override
-    public TimePageData<AuditLog> findAuditLogsByTenantId(TenantId tenantId, TimePageLink pageLink) {
+    public TimePageData<AuditLog> findAuditLogsByTenantId(TenantId tenantId, List<ActionType> actionTypes, TimePageLink pageLink) {
        log.trace("Executing findAuditLogs [{}]", pageLink);
        validateId(tenantId, INCORRECT_TENANT_ID + tenantId);
-        List<AuditLog> auditLogs = auditLogDao.findAuditLogsByTenantId(tenantId.getId(), pageLink);
+        List<AuditLog> auditLogs = auditLogDao.findAuditLogsByTenantId(tenantId.getId(), actionTypes, pageLink);
        return new TimePageData<>(auditLogs, pageLink);
    }

@ -248,6 +248,18 @@ public class AuditLogServiceImpl implements AuditLogService {
                EntityRelation relation = extractParameter(EntityRelation.class, 0, additionalInfo);
                actionData.set("relation", objectMapper.valueToTree(relation));
                break;
+            case LOGIN:
+            case LOGOUT:
+            case LOCKOUT:
+                String clientAddress = extractParameter(String.class, 0, additionalInfo);
+                String browser = extractParameter(String.class, 1, additionalInfo);
+                String os = extractParameter(String.class, 2, additionalInfo);
+                String device = extractParameter(String.class, 3, additionalInfo);
+                actionData.put("clientAddress", clientAddress);
+                actionData.put("browser", browser);
+                actionData.put("os", os);
+                actionData.put("device", device);
+                break;
        }
        return actionData;
    }
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/CassandraAuditLogDao.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/CassandraAuditLogDao.java
@ -29,6 +29,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
+import org.thingsboard.server.common.data.audit.ActionType;
 import org.thingsboard.server.common.data.audit.AuditLog;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.EntityId;
@ -273,7 +274,7 @@ public class CassandraAuditLogDao extends CassandraAbstractSearchTimeDao<AuditLo
    }

    @Override
-    public List<AuditLog> findAuditLogsByTenantIdAndEntityId(UUID tenantId, EntityId entityId, TimePageLink pageLink) {
+    public List<AuditLog> findAuditLogsByTenantIdAndEntityId(UUID tenantId, EntityId entityId, List<ActionType> actionTypes, TimePageLink pageLink) {
        log.trace("Try to find audit logs by tenant [{}], entity [{}] and pageLink [{}]", tenantId, entityId, pageLink);
        List<AuditLogEntity> entities = findPageWithTimeSearch(new TenantId(tenantId), AUDIT_LOG_BY_ENTITY_ID_CF,
                Arrays.asList(eq(ModelConstants.AUDIT_LOG_TENANT_ID_PROPERTY, tenantId),
@ -285,7 +286,7 @@ public class CassandraAuditLogDao extends CassandraAbstractSearchTimeDao<AuditLo
    }

    @Override
-    public List<AuditLog> findAuditLogsByTenantIdAndCustomerId(UUID tenantId, CustomerId customerId, TimePageLink pageLink) {
+    public List<AuditLog> findAuditLogsByTenantIdAndCustomerId(UUID tenantId, CustomerId customerId, List<ActionType> actionTypes, TimePageLink pageLink) {
        log.trace("Try to find audit logs by tenant [{}], customer [{}] and pageLink [{}]", tenantId, customerId, pageLink);
        List<AuditLogEntity> entities = findPageWithTimeSearch(new TenantId(tenantId), AUDIT_LOG_BY_CUSTOMER_ID_CF,
                Arrays.asList(eq(ModelConstants.AUDIT_LOG_TENANT_ID_PROPERTY, tenantId),
@ -296,7 +297,7 @@ public class CassandraAuditLogDao extends CassandraAbstractSearchTimeDao<AuditLo
    }

    @Override
-    public List<AuditLog> findAuditLogsByTenantIdAndUserId(UUID tenantId, UserId userId, TimePageLink pageLink) {
+    public List<AuditLog> findAuditLogsByTenantIdAndUserId(UUID tenantId, UserId userId, List<ActionType> actionTypes, TimePageLink pageLink) {
        log.trace("Try to find audit logs by tenant [{}], user [{}] and pageLink [{}]", tenantId, userId, pageLink);
        List<AuditLogEntity> entities = findPageWithTimeSearch(new TenantId(tenantId), AUDIT_LOG_BY_USER_ID_CF,
                Arrays.asList(eq(ModelConstants.AUDIT_LOG_TENANT_ID_PROPERTY, tenantId),
@ -307,7 +308,7 @@ public class CassandraAuditLogDao extends CassandraAbstractSearchTimeDao<AuditLo
    }

    @Override
-    public List<AuditLog> findAuditLogsByTenantId(UUID tenantId, TimePageLink pageLink) {
+    public List<AuditLog> findAuditLogsByTenantId(UUID tenantId, List<ActionType> actionTypes, TimePageLink pageLink) {
        log.trace("Try to find audit logs by tenant [{}] and pageLink [{}]", tenantId, pageLink);

        long minPartition;
--- a/dao/src/main/java/org/thingsboard/server/dao/audit/DummyAuditLogServiceImpl.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/audit/DummyAuditLogServiceImpl.java
@ -37,22 +37,22 @@ import java.util.List;
 public class DummyAuditLogServiceImpl implements AuditLogService {

    @Override
-    public TimePageData<AuditLog> findAuditLogsByTenantIdAndCustomerId(TenantId tenantId, CustomerId customerId, TimePageLink pageLink) {
+    public TimePageData<AuditLog> findAuditLogsByTenantIdAndCustomerId(TenantId tenantId, CustomerId customerId, List<ActionType> actionTypes, TimePageLink pageLink) {
        return new TimePageData<>(null, pageLink);
    }

    @Override
-    public TimePageData<AuditLog> findAuditLogsByTenantIdAndUserId(TenantId tenantId, UserId userId, TimePageLink pageLink) {
+    public TimePageData<AuditLog> findAuditLogsByTenantIdAndUserId(TenantId tenantId, UserId userId, List<ActionType> actionTypes, TimePageLink pageLink) {
        return new TimePageData<>(null, pageLink);
    }

    @Override
-    public TimePageData<AuditLog> findAuditLogsByTenantIdAndEntityId(TenantId tenantId, EntityId entityId, TimePageLink pageLink) {
+    public TimePageData<AuditLog> findAuditLogsByTenantIdAndEntityId(TenantId tenantId, EntityId entityId, List<ActionType> actionTypes, TimePageLink pageLink) {
        return new TimePageData<>(null, pageLink);
    }

    @Override
-    public TimePageData<AuditLog> findAuditLogsByTenantId(TenantId tenantId, TimePageLink pageLink) {
+    public TimePageData<AuditLog> findAuditLogsByTenantId(TenantId tenantId, List<ActionType> actionTypes, TimePageLink pageLink) {
        return new TimePageData<>(null, pageLink);
    }

--- a/dao/src/main/java/org/thingsboard/server/dao/cache/TBRedisCacheConfiguration.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/cache/TBRedisCacheConfiguration.java
@ -19,37 +19,18 @@ import lombok.Data;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.cache.CacheManager;
-import org.springframework.cache.interceptor.SimpleKey;
-import org.springframework.core.convert.ConversionService;
-import org.springframework.core.convert.TypeDescriptor;
-import org.springframework.core.convert.converter.ConditionalGenericConverter;
-import org.springframework.core.convert.converter.Converter;
 import org.springframework.cache.annotation.EnableCaching;
 import org.springframework.cache.interceptor.KeyGenerator;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.convert.converter.ConverterRegistry;
-import org.springframework.data.convert.ReadingConverter;
-import org.springframework.data.convert.WritingConverter;
 import org.springframework.data.redis.cache.RedisCacheConfiguration;
 import org.springframework.data.redis.cache.RedisCacheManager;
 import org.springframework.data.redis.connection.RedisConnectionFactory;
 import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
-import org.springframework.data.redis.core.RedisTemplate;
-import org.springframework.data.redis.core.convert.RedisCustomConversions;
 import org.springframework.format.support.DefaultFormattingConversionService;
-import org.springframework.lang.Nullable;
 import org.springframework.util.Assert;
-import org.springframework.util.StringUtils;
-import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.id.EntityId;
-import org.thingsboard.server.common.data.id.EntityIdFactory;
-
-import java.nio.charset.StandardCharsets;
-import java.util.Arrays;
-import java.util.Collections;
-import java.util.Set;
-import java.util.UUID;

@Configuration
@ConditionalOnProperty(prefix = "cache", value = "type", havingValue = "redis", matchIfMissing = false)
--- a/dao/src/main/java/org/thingsboard/server/dao/device/ClaimDevicesService.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/device/ClaimDevicesService.java
@ -20,7 +20,7 @@ import org.thingsboard.server.common.data.Device;
 import org.thingsboard.server.common.data.id.CustomerId;
 import org.thingsboard.server.common.data.id.DeviceId;
 import org.thingsboard.server.common.data.id.TenantId;
-import org.thingsboard.server.dao.device.claim.ClaimResponse;
+import org.thingsboard.server.dao.device.claim.ClaimResult;

 import java.util.List;

@ -28,7 +28,7 @@ public interface ClaimDevicesService {

    ListenableFuture<Void> registerClaimingInfo(TenantId tenantId, DeviceId deviceId, String secretKey, long durationMs);

-    ListenableFuture<ClaimResponse> claimDevice(Device device, CustomerId customerId, String secretKey);
+    ListenableFuture<ClaimResult> claimDevice(Device device, CustomerId customerId, String secretKey);

    ListenableFuture<List<Void>> reClaimDevice(TenantId tenantId, Device device);