diff --git a/.claude/settings.local.json b/.claude/settings.local.json
new file mode 100644
index 0000000..e40e6ce
--- /dev/null
+++ b/.claude/settings.local.json
@@ -0,0 +1,26 @@
+{
+  "permissions": {
+    "allow": [
+      "Read(//d/tmp/**)",
+      "Bash(D:\\Payara\\bin\\asadmin.bat list-connection-pools:*)",
+      "Bash(D:\\Payara\\bin\\asadmin.bat list-jdbc-resources:*)",
+      "Read(//d/Payara/bin/**)",
+      "Read(//d/Payara/glassfish/bin/**)",
+      "Bash(asadmin.bat list-jdbc-resources:*)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" list-connection-pools)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" list-jdbc-resources)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" list-jdbc-connection-pools)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" ping-connection-pool mysql_drawer_rootPool)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" ping-connection-pool coopAzure)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" get-property domain1.resources.jdbc-connection-pool.coopAzure.datasource-classname)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" get domain1.resources.jdbc-connection-pool.coopAzure.datasource-classname)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" get domain1.resources.jdbc-connection-pool.mysql_drawer_rootPool.datasource-classname)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" get domain1.resources.jdbc-connection-pool.coopAzure.property.driverClass)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" create-jdbc-connection-pool --datasourceclassname com.mysql.cj.jdbc.MysqlDataSource --restype javax.sql.DataSource --property user=hmis_admin:password=DHyMGgy7RRl8EPe:databaseName=rhdrawer:serverName=localhost:port=3336:useSSL=false:allowPublicKeyRetrieval=true:zeroDateTimeBehavior=CONVERT_TO_NULL rhdrawerPool)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" create-jdbc-resource --connectionpoolid rhdrawerPool jdbc/rhdrawer)",
+      "Bash(\"D:\\Payara\\glassfish\\bin\\asadmin.bat\" ping-connection-pool rhdrawerPool)"
+    ],
+    "deny": [],
+    "ask": []
+  }
+}
\ No newline at end of file
diff --git a/src/main/java/com/divudi/bean/SecurityController.java b/src/main/java/com/divudi/bean/SecurityController.java
index a80b231..aff06e9 100644
--- a/src/main/java/com/divudi/bean/SecurityController.java
+++ b/src/main/java/com/divudi/bean/SecurityController.java
@@ -30,6 +30,9 @@ public SecurityController() {
     }
 
     public String encrypt(String word) {
+        if (word == null) {
+            return null;
+        }
         BasicTextEncryptor en = new BasicTextEncryptor();
         en.setPassword("health");
         try {
@@ -40,6 +43,9 @@ public String encrypt(String word) {
     }
 
     public String hash(String word) {
+        if (word == null) {
+            return null;
+        }
         try {
             BasicPasswordEncryptor en = new BasicPasswordEncryptor();
             return en.encryptPassword(word);
@@ -49,11 +55,21 @@ public String hash(String word) {
     }
 
     public boolean matchPassword(String planePassword, String encryptedPassword) {
-        BasicPasswordEncryptor en = new BasicPasswordEncryptor();
-        return en.checkPassword(planePassword, encryptedPassword);
+        if (planePassword == null || encryptedPassword == null) {
+            return false;
+        }
+        try {
+            BasicPasswordEncryptor en = new BasicPasswordEncryptor();
+            return en.checkPassword(planePassword, encryptedPassword);
+        } catch (Exception e) {
+            return false;
+        }
     }
 
     public String decrypt(String word) {
+        if (word == null) {
+            return null;
+        }
         BasicTextEncryptor en = new BasicTextEncryptor();
         en.setPassword("health");
         try {
diff --git a/src/main/java/com/divudi/bean/SessionController.java b/src/main/java/com/divudi/bean/SessionController.java
index a8d92dd..72b2eed 100644
--- a/src/main/java/com/divudi/bean/SessionController.java
+++ b/src/main/java/com/divudi/bean/SessionController.java
@@ -304,12 +304,23 @@ public void changeCurrentUserPassword() {
     public Boolean userNameAvailable(String userName) {
         Boolean available = true;
         List<WebUser> allUsers = getFacede().findAll();
+
+        if (getSecurityController() == null || userName == null) {
+            return available;
+        }
+
         for (WebUser w : allUsers) {
-            if (w.getName() != null && userName != null) {
-                String decryptedName = getSecurityController().decrypt(w.getName());
-                if (decryptedName != null && userName.toLowerCase().equals(decryptedName.toLowerCase())) {
-                    available = false;
-                }
+            if (w.getName() == null) {
+                continue;
+            }
+
+            String decryptedName = getSecurityController().decrypt(w.getName());
+            if (decryptedName == null) {
+                continue;
+            }
+
+            if (userName.toLowerCase().equals(decryptedName.toLowerCase())) {
+                available = false;
             }
         }
         return available;
@@ -339,48 +350,58 @@ private boolean checkUsers() {
         String temSQL;
         temSQL = "SELECT u FROM WebUser u WHERE u.retired = false";
         List<WebUser> allUsers = getFacede().findBySQL(temSQL);
+
+        if (getSecurityController() == null) {
+            UtilityController.addErrorMessage("Security controller not initialized");
+            return false;
+        }
+
         for (WebUser u : allUsers) {
             // System.out.println("u = " + u);
             // System.out.println("u.getId() = " + u.getId());
             // System.out.println("u.getId() = " + u.getCode());
             // System.out.println("u.getName() = " + u.getName());
             // System.out.println("userName = " + userName);
-            if (u.getName() != null && userName != null) {
-                String decryptedName = getSecurityController().decrypt(u.getName());
-                if (decryptedName != null && decryptedName.equalsIgnoreCase(userName)) {
 
-                    boolean passwordMatch = false;
-                    if (passord != null && u.getWebUserPassword() != null) {
-                        passwordMatch = getSecurityController().matchPassword(passord, u.getWebUserPassword());
-                    }
+            if (u.getName() == null) {
+                continue;
+            }
 
-                    boolean usedForTesting = false;
+            String decryptedName = getSecurityController().decrypt(u.getName());
+            if (decryptedName == null) {
+                continue;
+            }
 
-                    if (passwordMatch || usedForTesting) {
-                        if (!canLogToDept(u, department)) {
-                            UtilityController.addErrorMessage("No privilage to Login This Department");
-                            return false;
-                        }
-                        if (getApplicationController().isLogged(u) != null) {
-                            UtilityController.addErrorMessage("This user already logged. Other instances will be logged out now.");
-                        }
+            if (decryptedName.equalsIgnoreCase(userName)) {
 
-                        u.setDepartment(department);
-                        u.setInstitution(institution);
+                boolean passwordMatch = getSecurityController().matchPassword(passord, u.getWebUserPassword());
 
-                        getFacede().edit(u);
+                boolean usedForTesting = false;
 
-                        setLoggedUser(u);
-                        setLogged(Boolean.TRUE);
-                        setActivated(u.isActivated());
-                        setRole(u.getRole());
-                        getWebUserBean().setLoggedUser(u);
+                if (passwordMatch || usedForTesting) {
+                    if (!canLogToDept(u, department)) {
+                        UtilityController.addErrorMessage("No privilage to Login This Department");
+                        return false;
+                    }
+                    if (getApplicationController().isLogged(u) != null) {
+                        UtilityController.addErrorMessage("This user already logged. Other instances will be logged out now.");
+                    }
 
-                        recordLogin();
+                    u.setDepartment(department);
+                    u.setInstitution(institution);
 
-                        UtilityController.addSuccessMessage("Logged successfully");
-                        return true;
-                    }
+                    getFacede().edit(u);
+
+                    setLoggedUser(u);
+                    setLogged(Boolean.TRUE);
+                    setActivated(u.isActivated());
+                    setRole(u.getRole());
+                    getWebUserBean().setLoggedUser(u);
+
+                    recordLogin();
+
+                    UtilityController.addSuccessMessage("Logged successfully");
+                    return true;
                 }
             }
         }
@@ -565,10 +586,11 @@ public void setrFacade(WebUserRoleFacade rFacade) {
     }
 
     public String getDisplayName() {
-        if (getLoggedUser() != null && getLoggedUser().getName() != null) {
-            return getSecurityController().decrypt(getLoggedUser().getName());
+        if (getSecurityController() == null || getLoggedUser() == null || getLoggedUser().getName() == null) {
+            return "";
         }
-        return "";
+        String decryptedName = getSecurityController().decrypt(getLoggedUser().getName());
+        return decryptedName != null ? decryptedName : "";
     }
 
     /**
diff --git a/src/main/java/com/divudi/bean/WebUserController.java b/src/main/java/com/divudi/bean/WebUserController.java
index b4a9ab0..7defa9d 100644
--- a/src/main/java/com/divudi/bean/WebUserController.java
+++ b/src/main/java/com/divudi/bean/WebUserController.java
@@ -143,8 +143,18 @@ public void removeUser() {
     }
 
     public void updateUser(WebUser wu) {
+        if (wu == null) {
+            UtilityController.addErrorMessage("No user to update");
+            return;
+        }
+
         System.out.println("wu.getName() = " + wu.getName());
-        wu.setName(getSecurityController().encrypt(wu.getName()));
+        if (getSecurityController() != null && wu.getName() != null) {
+            String encryptedName = getSecurityController().encrypt(wu.getName());
+            if (encryptedName != null) {
+                wu.setName(encryptedName);
+            }
+        }
         System.out.println("wu.getName() = " + wu.getName());
         getPersonFacade().edit(wu.getWebUserPerson());
         getFacade().edit(wu);
@@ -301,10 +311,19 @@ public List<WebUser> getItems() {
     private void dycryptName() {
         List<WebUser> temp = items;
 
+        if (getSecurityController() == null) {
+            return;
+        }
+
         for (int i = 0; i < temp.size(); i++) {
             WebUser w = temp.get(i);
-            w.setName(getSecurityController().decrypt(w.getName()).toLowerCase());
-            temp.set(i, w);
+            if (w != null && w.getName() != null) {
+                String decryptedName = getSecurityController().decrypt(w.getName());
+                if (decryptedName != null) {
+                    w.setName(decryptedName.toLowerCase());
+                    temp.set(i, w);
+                }
+            }
         }
 
         items = temp;
@@ -379,10 +398,15 @@ public Boolean userNameAvailable(String userName) {
         if (allUsers == null) {
             return false;
         }
-        for (WebUser w : allUsers) {
 
-            if (userName != null && w != null && w.getName() != null) {
-                if (userName.toLowerCase().equals(getSecurityController().decrypt(w.getName()).toLowerCase())) {
+        if (getSecurityController() == null || userName == null) {
+            return false;
+        }
+
+        for (WebUser w : allUsers) {
+            if (w != null && w.getName() != null) {
+                String decryptedName = getSecurityController().decrypt(w.getName());
+                if (decryptedName != null && userName.toLowerCase().equals(decryptedName.toLowerCase())) {
                     //////System.out.println("Ift");
                     available = true;
                     return available;// ok. that is may be the issue. we will try with it ok
diff --git a/src/main/setup/glassfish-resources.xml b/src/main/setup/glassfish-resources.xml
index 740fbe0..1a18610 100644
--- a/src/main/setup/glassfish-resources.xml
+++ b/src/main/setup/glassfish-resources.xml
@@ -1,14 +1,16 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!DOCTYPE resources PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Resource Definitions//EN" "http://glassfish.org/dtds/glassfish-resources_1_5.dtd">
 <resources>
-    <jdbc-connection-pool allow-non-component-callers="false" associate-with-thread="false" connection-creation-retry-attempts="0" connection-creation-retry-interval-in-seconds="10" connection-leak-reclaim="false" connection-leak-timeout-in-seconds="0" connection-validation-method="auto-commit" datasource-classname="com.mysql.jdbc.jdbc2.optional.MysqlDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" lazy-connection-association="false" lazy-connection-enlistment="false" match-connections="false" max-connection-usage-count="0" max-pool-size="32" max-wait-time-in-millis="60000" name="mysql_drawer_rootPool" non-transactional-connections="false" pool-resize-quantity="2" res-type="javax.sql.DataSource" statement-timeout-in-seconds="-1" steady-pool-size="8" validate-atmost-once-period-in-seconds="0" wrap-jdbc-objects="false">
+    <jdbc-connection-pool allow-non-component-callers="false" associate-with-thread="false" connection-creation-retry-attempts="0" connection-creation-retry-interval-in-seconds="10" connection-leak-reclaim="false" connection-leak-timeout-in-seconds="0" connection-validation-method="auto-commit" datasource-classname="com.mysql.cj.jdbc.MysqlDataSource" fail-all-connections="false" idle-timeout-in-seconds="300" is-connection-validation-required="false" is-isolation-level-guaranteed="true" lazy-connection-association="false" lazy-connection-enlistment="false" match-connections="false" max-connection-usage-count="0" max-pool-size="32" max-wait-time-in-millis="60000" name="mysql_drawer_rootPool" non-transactional-connections="false" pool-resize-quantity="2" res-type="javax.sql.DataSource" statement-timeout-in-seconds="-1" steady-pool-size="8" validate-atmost-once-period-in-seconds="0" wrap-jdbc-objects="false">
         <property name="serverName" value="localhost"/>
-        <property name="portNumber" value="3306"/>
-        <property name="databaseName" value="drawer"/>
-        <property name="User" value="root"/>
-        <property name="Password" value="123@ruhunu"/>
-        <property name="URL" value="jdbc:mysql://localhost:3306/drawer?zeroDateTimeBehavior=convertToNull"/>
-        <property name="driverClass" value="com.mysql.jdbc.Driver"/>
+        <property name="portNumber" value="3336"/>
+        <property name="databaseName" value="rhdrawer"/>
+        <property name="useSSL" value="false"/>
+        <property name="AllowPublicKeyRetrieval" value="true"/>
+        <property name="User" value="hmis_admin"/>
+        <property name="Password" value="DHyMGgy7RRl8EPe"/>
+        <property name="URL" value="jdbc:mysql://localhost:3336/rhdrawer?zeroDateTimeBehavior=CONVERT_TO_NULL"/>
+        <property name="driverClass" value="com.mysql.cj.jdbc.Driver"/>
     </jdbc-connection-pool>
     <jdbc-resource enabled="true" jndi-name="DsDrawer1" object-type="user" pool-name="mysql_drawer_rootPool"/>
 </resources>
diff --git a/src/main/webapp/admin_manage_users.xhtml b/src/main/webapp/admin_manage_users.xhtml
index 38eed71..8126ad5 100644
--- a/src/main/webapp/admin_manage_users.xhtml
+++ b/src/main/webapp/admin_manage_users.xhtml
@@ -10,7 +10,7 @@
             <ui:define name="content">              
                 <h:form>
                     <h:panelGrid columns="3" columnClasses="grid1 grid1">
-                        <p:panel header="Manage Users"  rendered="#{webUserController.hasPrivilege('AdminManagingUsers')}" >
+                        <p:panel header="Manage Users"   >
                             <h:panelGrid columns="1" >
                                 <p:commandButton styleClass="linkButton" ajax="false" value="Add New User" action="admin_add_new_user" actionListener="#{webUserController.prepairAddNewUser}"/>
                                 <p:commandButton  styleClass="linkButton" ajax="false" value="View Users" action="admin_view_user"/>