diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsAdmin.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsAdmin.java
new file mode 100644
index 0000000000000000000000000000000000000000..8641807428d2afa20165fe2a2a0cec55fb6988d6
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsAdmin.java
@@ -0,0 +1,16 @@
+package cz.muni.ics.kypo.training.adaptive.annotations.security;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * The custom annotation <i>@IsAdmin<i/>. All methods annotated with this annotation expect the user has a role <strong>ROLE_TRAINING_ADMINISTRATOR<strong/>.
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasAuthority(T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_ADMINISTRATOR)")
+public @interface IsAdmin {}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsDesignerOrAdmin.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsDesignerOrAdmin.java
new file mode 100644
index 0000000000000000000000000000000000000000..1977ac8877e86e1ad2d7abff21f1d88c4d69981b
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsDesignerOrAdmin.java
@@ -0,0 +1,18 @@
+package cz.muni.ics.kypo.training.adaptive.annotations.security;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * The custom annotation <i>@IsDesignerOrAdmin<i/>. All methods annotated with this annotation expect the user has a role <strong>ROLE_TRAINING_ADMINISTRATOR<strong/>
+ * or <strong>ROLE_TRAINING_DESIGNER<strong/>.
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasAnyAuthority(T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_ADMINISTRATOR, " +
+ "T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_DESIGNER)")
+public @interface IsDesignerOrAdmin {}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsDesignerOrOrganizerOrAdmin.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsDesignerOrOrganizerOrAdmin.java
new file mode 100644
index 0000000000000000000000000000000000000000..03509ebb2c0f57a0c4e5b272aec341082fb8de61
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsDesignerOrOrganizerOrAdmin.java
@@ -0,0 +1,20 @@
+package cz.muni.ics.kypo.training.adaptive.annotations.security;
+
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * The custom annotation <i>@IsDesignerOrOrganizerOrAdmin<i/>. All methods annotated with this annotation expect the user has a role <strong>ROLE_TRAINING_ADMINISTRATOR<strong/>
+ * or <strong>ROLE_TRAINING_ORGANIZER<strong/> or <strong>ROLE_TRAINING_DESIGNER<strong/>.
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasAnyAuthority(T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_ADMINISTRATOR, " +
+ "T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_DESIGNER, " +
+ "T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_ORGANIZER)")
+public @interface IsDesignerOrOrganizerOrAdmin {}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsOrganizerOrAdmin.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsOrganizerOrAdmin.java
new file mode 100644
index 0000000000000000000000000000000000000000..ef89254f64d1fb6e0fc7190960499b9cbe144bce
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsOrganizerOrAdmin.java
@@ -0,0 +1,19 @@
+package cz.muni.ics.kypo.training.adaptive.annotations.security;
+
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * The custom annotation <i>@IsOrganizerOrAdmin<i/>. All methods annotated with this annotation expect the user has a role <strong>ROLE_TRAINING_ADMINISTRATOR<strong/>
+ * or <strong>ROLE_TRAINING_ORGANIZER<strong/>.
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasAnyAuthority(T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_ADMINISTRATOR, " +
+ "T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_ORGANIZER)")
+public @interface IsOrganizerOrAdmin {}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsTrainee.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsTrainee.java
new file mode 100644
index 0000000000000000000000000000000000000000..5a66026a80f5ef7f38491104d6c31569742f3263
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsTrainee.java
@@ -0,0 +1,16 @@
+package cz.muni.ics.kypo.training.adaptive.annotations.security;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * The custom annotation <i>@IsTrainee<i/>. All methods annotated with this annotation expect the user has a role <strong>ROLE_TRAINING_TRAINEE<strong/>.
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasAuthority(T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_TRAINEE)")
+public @interface IsTrainee {}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsTraineeOrAdmin.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsTraineeOrAdmin.java
new file mode 100644
index 0000000000000000000000000000000000000000..84d3604f1726bf1f7f8ec213f09b89e8635b7faa
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/security/IsTraineeOrAdmin.java
@@ -0,0 +1,18 @@
+package cz.muni.ics.kypo.training.adaptive.annotations.security;
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * The custom annotation <i>@IsTraineeOrAdmin<i/>. All methods annotated with this annotation expect the user has a role <strong>ROLE_TRAINING_ADMINISTRATOR<strong/>
+ * or <strong>ROLE_TRAINING_TRAINEE<strong/>.
+ */
+@Target(ElementType.METHOD)
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("hasAnyAuthority(T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_TRAINEE, " +
+ "T(cz.muni.ics.kypo.training.adaptive.enums.RoleTypeSecurity).ROLE_TRAINING_ADMINISTRATOR)")
+public @interface IsTraineeOrAdmin {}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/transactions/TransactionalRO.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/transactions/TransactionalRO.java
new file mode 100644
index 0000000000000000000000000000000000000000..acae74f7c607102dd8fc1a153f838c4956931284
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/transactions/TransactionalRO.java
@@ -0,0 +1,57 @@
+package cz.muni.ics.kypo.training.adaptive.annotations.transactions;
+
+import org.springframework.core.annotation.AliasFor;
+import org.springframework.transaction.annotation.Isolation;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.lang.annotation.*;
+
+/**
+ * Extending of the class {@link Transactional} which has <i>read-only</i> set to true.
+ *
+ */
+@Transactional(rollbackFor = Exception.class, readOnly = true)
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@Documented
+public @interface TransactionalRO {
+
+ /**
+ * Value string.
+ *
+ * @return the string
+ */
+ @AliasFor("transactionManager")
+ String value() default "";
+
+ /**
+ * Transaction manager string.
+ *
+ * @return the string
+ */
+ @AliasFor("value")
+ String transactionManager() default "";
+
+ /**
+ * Propagation propagation.
+ *
+ * @return the propagation
+ */
+ Propagation propagation() default Propagation.REQUIRED;
+
+ /**
+ * Isolation isolation.
+ *
+ * @return the isolation
+ */
+ Isolation isolation() default Isolation.DEFAULT;
+
+ /**
+ * Timeout int.
+ *
+ * @return the int
+ */
+ int timeout() default -1;
+}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/transactions/TransactionalWO.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/transactions/TransactionalWO.java
new file mode 100644
index 0000000000000000000000000000000000000000..12995ce98e6c4a8a6f59aa0b3bd25fa7ecee88f6
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/annotations/transactions/TransactionalWO.java
@@ -0,0 +1,57 @@
+package cz.muni.ics.kypo.training.adaptive.annotations.transactions;
+
+import org.springframework.core.annotation.AliasFor;
+import org.springframework.transaction.annotation.Isolation;
+import org.springframework.transaction.annotation.Propagation;
+import org.springframework.transaction.annotation.Transactional;
+
+import java.lang.annotation.*;
+
+/**
+ * Extending of the class {@link Transactional} which has <i>read-only</i> set to false.
+ *
+ */
+@Transactional(rollbackFor = Exception.class)
+@Target({ElementType.METHOD, ElementType.TYPE})
+@Retention(RetentionPolicy.RUNTIME)
+@Inherited
+@Documented
+public @interface TransactionalWO {
+
+ /**
+ * Value string.
+ *
+ * @return the string
+ */
+ @AliasFor("transactionManager")
+ String value() default "";
+
+ /**
+ * Transaction manager string.
+ *
+ * @return the string
+ */
+ @AliasFor("value")
+ String transactionManager() default "";
+
+ /**
+ * Propagation propagation.
+ *
+ * @return the propagation
+ */
+ Propagation propagation() default Propagation.REQUIRED;
+
+ /**
+ * Isolation isolation.
+ *
+ * @return the isolation
+ */
+ Isolation isolation() default Isolation.DEFAULT;
+
+ /**
+ * Timeout int.
+ *
+ * @return the int
+ */
+ int timeout() default -1;
+}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/config/ValidationMessagesConfig.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/config/ValidationMessagesConfig.java
new file mode 100644
index 0000000000000000000000000000000000000000..fa9d1f0f5f0e358709e51ab4224010fc92a4bde1
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/config/ValidationMessagesConfig.java
@@ -0,0 +1,66 @@
+package cz.muni.ics.kypo.training.adaptive.config;
+
+import org.springframework.context.MessageSource;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.context.support.ReloadableResourceBundleMessageSource;
+import org.springframework.validation.beanvalidation.LocalValidatorFactoryBean;
+
+import java.util.Arrays;
+import java.util.Comparator;
+import java.util.Locale;
+
+/**
+ * The type Validation messages config.
+ */
+@Configuration
+public class ValidationMessagesConfig {
+
+ /**
+ * Message source validation message source.
+ *
+ * @return the message source
+ */
+ @Bean
+ public MessageSource messageSourceValidation() {
+ final ReloadableResourceBundleMessageSource source = new ReloadableResourceBundleMessageSource();
+ source.setBasename("classpath:locale/ValidationMessages");
+ source.setUseCodeAsDefaultMessage(true);
+ source.setDefaultEncoding("UTF-8");
+ source.setCacheSeconds(0);
+ return source;
+ }
+
+ /**
+ * Gets validator.
+ *
+ * @return the validator
+ */
+ @Bean
+ @Primary
+ public LocalValidatorFactoryBean getValidator() {
+ LocalValidatorFactoryBean bean = new LocalValidatorFactoryBean();
+ bean.setValidationMessageSource(messageSourceValidation());
+ return bean;
+ }
+
+ /**
+ * Prints available locales. It is useful to set up appropriate ValidationMessages.properties file name,
+ * e.g. messages_en_US.properties
+ * <p>
+ * en_US
+ * <p>
+ * en -> language; US -> country
+ *
+ * @param args the input arguments
+ */
+ public static void main(String[] args) {
+ Locale[] locales = Locale.getAvailableLocales();
+ Arrays.sort(locales, Comparator.comparing(Locale::toString));
+ for (Locale l : locales) {
+ System.out.println(l.toString());
+ }
+ }
+
+}
diff --git a/src/main/java/cz/muni/ics/kypo/training/adaptive/enums/RoleTypeSecurity.java b/src/main/java/cz/muni/ics/kypo/training/adaptive/enums/RoleTypeSecurity.java
new file mode 100644
index 0000000000000000000000000000000000000000..c7718a8cf54f70535469d6a655dbe808aa50f34d
--- /dev/null
+++ b/src/main/java/cz/muni/ics/kypo/training/adaptive/enums/RoleTypeSecurity.java
@@ -0,0 +1,24 @@
+package cz.muni.ics.kypo.training.adaptive.enums;
+
+/**
+ * The enumeration of Role types used for security.
+ *
+ */
+public enum RoleTypeSecurity {
+ /**
+ * Role of training administrator.
+ */
+ ROLE_TRAINING_ADMINISTRATOR,
+ /**
+ * Role of training designer permits user to work with training definitions.
+ */
+ ROLE_TRAINING_DESIGNER,
+ /**
+ * Role of training organizer permits user to work with training instances.
+ */
+ ROLE_TRAINING_ORGANIZER,
+ /**
+ * Role of training trainee permits user to work with training runs.
+ */
+ ROLE_TRAINING_TRAINEE
+}