diff --git a/src/main/java/hbp/mip/configurations/PersistenceConfiguration.java b/src/main/java/hbp/mip/configurations/PersistenceConfiguration.java
index ee370f4dda659775e09c92d04684ee859ca812b6..b915afdd8724010177fe5faf73886160cfa74888 100644
--- a/src/main/java/hbp/mip/configurations/PersistenceConfiguration.java
+++ b/src/main/java/hbp/mip/configurations/PersistenceConfiguration.java
@@ -16,7 +16,7 @@ import javax.sql.DataSource;
 
 
 @Configuration
-@EnableJpaRepositories("hbp.mip.repositories")
+@EnableJpaRepositories(basePackages = {"hbp.mip.experiment", "hbp.mip.user"})
 public class PersistenceConfiguration {
 
     @Primary
@@ -33,7 +33,8 @@ public class PersistenceConfiguration {
         emfb.setDataSource(portalDataSource());
         JpaVendorAdapter vendorAdapter = new HibernateJpaVendorAdapter();
         emfb.setJpaVendorAdapter(vendorAdapter);
-        emfb.setPackagesToScan("hbp.mip.models.DAOs");
+        emfb.setPackagesToScan("hbp.mip.experiment", "hbp.mip.user");
+
         return emfb;
     }
 
diff --git a/src/main/java/hbp/mip/configurations/SecurityConfiguration.java b/src/main/java/hbp/mip/configurations/SecurityConfiguration.java
index 29a5790b6648bf788f9aaa2e44d562a2eca919a9..879168b7e9e3f30071ddbbf6063b6aa10704afb2 100644
--- a/src/main/java/hbp/mip/configurations/SecurityConfiguration.java
+++ b/src/main/java/hbp/mip/configurations/SecurityConfiguration.java
@@ -22,10 +22,7 @@ import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
 import org.springframework.security.web.csrf.XorCsrfTokenRequestAttributeHandler;
 import org.springframework.stereotype.Component;
 
-import java.util.Collection;
-import java.util.HashSet;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 import java.util.stream.Collectors;
 
 @Configuration
@@ -115,11 +112,16 @@ public class SecurityConfiguration {
     @RequiredArgsConstructor
     static class GrantedAuthoritiesMapperImpl implements GrantedAuthoritiesMapper {
         private static Collection<GrantedAuthority> extractAuthorities(Map<String, Object> claims) {
-            return ((Collection<String>) claims.get("authorities")).stream()
+            Collection<String> authorities = (Collection<String>) claims.get("authorities");
+            if (authorities == null) {
+                return Collections.emptyList(); // or throw a more informative exception if appropriate
+            }
+            return authorities.stream()
                     .map(SimpleGrantedAuthority::new)
                     .collect(Collectors.toList());
         }
 
+
         @Override
         public Collection<? extends GrantedAuthority> mapAuthorities(Collection<? extends GrantedAuthority> authorities) {
             Set<GrantedAuthority> mappedAuthorities = new HashSet<>();