diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java
new file mode 100644
index 0000000..e307618
--- /dev/null
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/model/v2/MeUser.java
@@ -0,0 +1,75 @@
+package org.apache.archiva.redback.rest.api.model.v2;
+
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import javax.xml.bind.annotation.XmlRootElement;
+
+/**
+ * JSON object for updating own user data.
+ * Contains only the attributes, that a user is allowed to update. The user id is used from the logged in user principal.
+ */
+@XmlRootElement( name = "user" )
+public class MeUser
+{
+    private String email;
+    private String fullName;
+    private String password;
+    private String currentPassword;
+
+    public String getEmail( )
+    {
+        return email;
+    }
+
+    public void setEmail( String email )
+    {
+        this.email = email;
+    }
+
+    public String getFullName( )
+    {
+        return fullName;
+    }
+
+    public void setFullName( String fullName )
+    {
+        this.fullName = fullName;
+    }
+
+    public String getPassword( )
+    {
+        return password;
+    }
+
+    public void setPassword( String password )
+    {
+        this.password = password;
+    }
+
+    public String getCurrentPassword( )
+    {
+        return currentPassword;
+    }
+
+    public void setCurrentPassword( String currentPassword )
+    {
+        this.currentPassword = currentPassword;
+    }
+}
diff --git a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
index ba739e0..0ea3091 100644
--- a/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
+++ b/redback-integrations/redback-rest/redback-rest-api/src/main/java/org/apache/archiva/redback/rest/api/services/v2/UserService.java
@@ -28,6 +28,7 @@
 import org.apache.archiva.redback.rest.api.model.ActionStatus;
 import org.apache.archiva.redback.rest.api.model.v2.AvailabilityStatus;
 import org.apache.archiva.redback.rest.api.model.Operation;
+import org.apache.archiva.redback.rest.api.model.v2.MeUser;
 import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
 import org.apache.archiva.redback.rest.api.model.Permission;
 import org.apache.archiva.redback.rest.api.model.v2.PingResult;
@@ -168,7 +169,7 @@
 
     /**
      */
-    @Path( "{userId}/lock" )
+    @Path( "{userId}/lock/set" )
     @POST
     @Produces( { MediaType.APPLICATION_JSON } )
     @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
@@ -185,11 +186,11 @@
 
     /**
      */
-    @Path( "{userId}/unlock" )
+    @Path( "{userId}/lock/clear" )
     @POST
     @Produces( { MediaType.APPLICATION_JSON } )
     @RedbackAuthorization( permissions = RedbackRoleConstants.USER_MANAGEMENT_USER_EDIT_OPERATION )
-    @io.swagger.v3.oas.annotations.Operation( summary = "Creates a user",
+    @io.swagger.v3.oas.annotations.Operation( summary = "Unlocks a user",
         responses = {
             @ApiResponse( responseCode = "200",
                 description = "If unlocking was successful"
@@ -255,7 +256,7 @@
             @ApiResponse( responseCode = "400", description = "Provided data is not valid" )
         }
     )
-    User updateMe( User user )
+    User updateMe( MeUser user )
         throws RedbackServiceException;
 
     @Path( "me" )
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
index 2273d00..5cde4ca 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/main/java/org/apache/archiva/redback/rest/services/v2/DefaultUserService.java
@@ -48,6 +48,7 @@
 import org.apache.archiva.redback.rest.api.model.ErrorMessage;
 import org.apache.archiva.redback.rest.api.model.Operation;
 import org.apache.archiva.redback.rest.api.model.Permission;
+import org.apache.archiva.redback.rest.api.model.v2.MeUser;
 import org.apache.archiva.redback.rest.api.model.v2.RegistrationKey;
 import org.apache.archiva.redback.rest.api.model.ResetPasswordRequest;
 import org.apache.archiva.redback.rest.api.model.Resource;
@@ -362,28 +363,25 @@
     }
 
     @Override
-    public User updateMe( User user )
+    public User updateMe( MeUser user )
         throws RedbackServiceException
     {
         RedbackPrincipal principal = getPrincipal( );
         if (principal==null) {
             throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), 401 );
         }
-        if (StringUtils.isEmpty( user.getUserId() ) || !principal.getUser().getUsername().equals(user.getUserId())) {
-            throw new RedbackServiceException( ErrorMessage.of( ERR_AUTH_UNAUTHORIZED_REQUEST ), Response.Status.FORBIDDEN.getStatusCode() );
-        }
 
         // check oldPassword with the current one
         // only 3 fields to update
         // ui can limit to not update password
-        org.apache.archiva.redback.users.User foundUser = updateUser( user.getUserId( ), realUser -> {
+        org.apache.archiva.redback.users.User foundUser = updateUser( principal.getName(), realUser -> {
             try
             {
                 // current password is only needed, if password change is requested
                 if ( StringUtils.isNotBlank( user.getPassword( ) ) )
                 {
                     String previousEncodedPassword =
-                        securitySystem.getUserManager( ).findUser( user.getUserId( ), false ).getEncodedPassword( );
+                        securitySystem.getUserManager( ).findUser( principal.getName(), false ).getEncodedPassword( );
 
                     // check oldPassword with the current one
 
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
index e8fd540..c05fa36 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/NativeUserServiceTest.java
@@ -454,7 +454,7 @@
         try
         {
             given( ).spec( getRequestSpec( token ) ).contentType( JSON )
-                .post( "aragorn/lock" )
+                .post( "aragorn/lock/set" )
                 .then( ).statusCode( 200 );
             Response response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
                 .get( "aragorn" )
@@ -474,7 +474,7 @@
     {
         String token = getAdminToken( );
         given( ).spec( getRequestSpec( token ) ).contentType( JSON )
-            .post( "aragorn/lock" )
+            .post( "aragorn/lock/set" )
             .then( ).statusCode( 404 );
     }
 
@@ -500,7 +500,7 @@
         try
         {
             given( ).spec( getRequestSpec( token ) ).contentType( JSON )
-                .post( "aragorn/unlock" )
+                .post( "aragorn/lock/clear" )
                 .then( ).statusCode( 200 );
             response = given( ).spec( getRequestSpec( token ) ).contentType( JSON )
                 .get( "aragorn" )
@@ -617,7 +617,6 @@
 
             String userToken = getUserToken( "aragorn", "pAssw0rD" );
             Map<String, Object> updateMap = new HashMap<>( );
-            updateMap.put( "user_id", "aragorn" );
             updateMap.put( "email", "aragorn-swiss@lordoftherings.org" );
             updateMap.put( "fullName", "Aragorn King of Switzerland" );
             Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
@@ -637,54 +636,6 @@
     }
 
     @Test
-    void updateMeInvalidUser( )
-    {
-        String token = getAdminToken( );
-        Map<String, Object> jsonAsMap = new HashMap<>( );
-        jsonAsMap.put( "user_id", "aragorn" );
-        jsonAsMap.put( "email", "aragorn@lordoftherings.org" );
-        jsonAsMap.put( "fullName", "Aragorn King of Gondor" );
-        jsonAsMap.put( "validated", true );
-        jsonAsMap.put( "password", "pAssw0rDA" );
-        given( ).spec( getRequestSpec( token ) ).contentType( JSON )
-            .body( jsonAsMap )
-            .when( )
-            .post( )
-            .then( ).statusCode( 201 );
-
-        jsonAsMap.put( "user_id", "elrond" );
-        jsonAsMap.put( "email", "elrond@lordoftherings.org" );
-        jsonAsMap.put( "fullName", "Elrond King of Elves" );
-        jsonAsMap.put( "validated", true );
-        jsonAsMap.put( "password", "pAssw0rDE" );
-        given( ).spec( getRequestSpec( token ) ).contentType( JSON )
-            .body( jsonAsMap )
-            .when( )
-            .post( )
-            .then( ).statusCode( 201 );
-        try
-        {
-
-            String userToken = getUserToken( "aragorn", "pAssw0rDA" );
-            Map<String, Object> updateMap = new HashMap<>( );
-            updateMap.put( "user_id", "elrond" );
-            updateMap.put( "email", "elrond-swiss@lordoftherings.org" );
-            updateMap.put( "fullName", "Elrond King of Switzerland" );
-            Response response = given( ).spec( getRequestSpec( userToken ) ).contentType( JSON )
-                .body( updateMap )
-                .when( )
-                .put( "me" )
-                .then( ).statusCode( 403 ).extract( ).response( );
-        }
-        finally
-        {
-            given( ).spec( getRequestSpec( token ) ).contentType( JSON )
-                .delete( "aragorn" )
-                .then( ).statusCode( 200 );
-        }
-    }
-
-    @Test
     void updateMeWithPassword( )
     {
         String token = getAdminToken( );
diff --git a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
index 0268452..2fc8431 100644
--- a/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
+++ b/redback-integrations/redback-rest/redback-rest-services/src/test/java/org/apache/archiva/redback/rest/services/v2/UserServiceTest.java
@@ -21,6 +21,7 @@
 
 import org.apache.archiva.redback.rest.api.model.GrantType;
 import org.apache.archiva.redback.rest.api.model.Operation;
+import org.apache.archiva.redback.rest.api.model.v2.MeUser;
 import org.apache.archiva.redback.rest.api.model.v2.PagedResult;
 import org.apache.archiva.redback.rest.api.model.Permission;
 import org.apache.archiva.redback.rest.api.model.v2.PingResult;
@@ -504,21 +505,22 @@
         u.setValidated( true );
         getUserService( getAdminAuthzHeader( ) ).createUser( u );
 
-        u.setFullName( "the toto123" );
-        u.setEmail( "toto@titi.fr" );
-        u.setPassword( "toto1234" );
-        u.setCurrentPassword( "toto123" );
-        getUserService( getUserAuthzHeader( "toto" ) ).updateMe( u );
+        MeUser meUser = new MeUser( );
+        meUser.setFullName( "the toto123" );
+        meUser.setEmail( "toto@titi.fr" );
+        meUser.setPassword( "toto1234" );
+        meUser.setCurrentPassword( "toto123" );
+        getUserService( getUserAuthzHeader( "toto" ) ).updateMe( meUser );
 
         u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
         assertEquals( "the toto123", u.getFullName( ) );
         assertEquals( "toto@titi.fr", u.getEmail( ) );
 
-        u.setFullName( "the toto1234" );
-        u.setEmail( "toto@tititi.fr" );
-        u.setPassword( "toto12345" );
-        u.setCurrentPassword( "toto1234" );
-        getUserService( getUserAuthzHeader( "toto" )) .updateMe(  u );
+        meUser.setFullName( "the toto1234" );
+        meUser.setEmail( "toto@tititi.fr" );
+        meUser.setPassword( "toto12345" );
+        meUser.setCurrentPassword( "toto1234" );
+        getUserService( getUserAuthzHeader( "toto" )) .updateMe( meUser );
 
         u = getUserService( getAdminAuthzHeader( ) ).getUser( "toto" );
         assertEquals( "the toto1234", u.getFullName( ) );