diff --git a/scm-core/src/main/java/sonia/scm/util/HttpUtil.java b/scm-core/src/main/java/sonia/scm/util/HttpUtil.java
index 58213e1d4b..819efb509c 100644
--- a/scm-core/src/main/java/sonia/scm/util/HttpUtil.java
+++ b/scm-core/src/main/java/sonia/scm/util/HttpUtil.java
@@ -43,6 +43,10 @@ import sonia.scm.config.ScmConfiguration;
 //~--- JDK imports ------------------------------------------------------------
 
 import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+
+import java.net.URLDecoder;
+import java.net.URLEncoder;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
@@ -58,6 +62,9 @@ public class HttpUtil
   /** authentication realm for basic authentication */
   public static final String AUTHENTICATION_REALM = "SONIA :: SCM Manager";
 
+  /** Field description */
+  public static final String ENCODING = "UTF-8";
+
   /** authentication header */
   public static final String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
 
@@ -112,6 +119,52 @@ public class HttpUtil
 
   //~--- methods --------------------------------------------------------------
 
+  /**
+   * Method description
+   *
+   *
+   * @param value
+   *
+   * @return
+   * @since 1.9
+   */
+  public static String decode(String value)
+  {
+    try
+    {
+      value = URLDecoder.decode(value, ENCODING);
+    }
+    catch (UnsupportedEncodingException ex)
+    {
+      throw new RuntimeException("could not decode", ex);
+    }
+
+    return value;
+  }
+
+  /**
+   * Method description
+   *
+   *
+   * @param value
+   *
+   * @return
+   * @since 1.9
+   */
+  public static String encode(String value)
+  {
+    try
+    {
+      value = URLEncoder.encode(value, ENCODING);
+    }
+    catch (UnsupportedEncodingException ex)
+    {
+      throw new RuntimeException("could not encode", ex);
+    }
+
+    return value;
+  }
+
   /**
    * Send an unauthorized header back to the client
    *
diff --git a/scm-core/src/main/java/sonia/scm/util/ValidationUtil.java b/scm-core/src/main/java/sonia/scm/util/ValidationUtil.java
index 7ad5ebfebf..65b079e0af 100644
--- a/scm-core/src/main/java/sonia/scm/util/ValidationUtil.java
+++ b/scm-core/src/main/java/sonia/scm/util/ValidationUtil.java
@@ -52,7 +52,7 @@ public class ValidationUtil
   private static final String REGEX_NAME = "^[A-z0-9\\.\\-_]+$";
 
   /** Field description */
-  private static final String REGEX_USERNAME = "^[A-z0-9\\.\\-_@]+$";
+  private static final String REGEX_USERNAME = "^[^ ][A-z0-9\\.\\-_@ ]+[^ ]$";
 
   //~--- get methods ----------------------------------------------------------
 
diff --git a/scm-core/src/test/java/sonia/scm/util/ValidationUtilTest.java b/scm-core/src/test/java/sonia/scm/util/ValidationUtilTest.java
index e18871af24..6eff3f872f 100644
--- a/scm-core/src/test/java/sonia/scm/util/ValidationUtilTest.java
+++ b/scm-core/src/test/java/sonia/scm/util/ValidationUtilTest.java
@@ -145,9 +145,12 @@ public class ValidationUtilTest
     assertTrue(ValidationUtil.isUsernameValid("Test123-git"));
     assertTrue(ValidationUtil.isUsernameValid("Test_user-123.git"));
     assertTrue(ValidationUtil.isUsernameValid("test@scm-manager.de"));
+    assertTrue(ValidationUtil.isUsernameValid("test 123"));
 
     // false
-    assertFalse(ValidationUtil.isUsernameValid("test 123"));
+    assertFalse(ValidationUtil.isUsernameValid(" test 123"));
+    assertFalse(ValidationUtil.isUsernameValid(" test 123 "));
+    assertFalse(ValidationUtil.isUsernameValid("test 123 "));
     assertFalse(ValidationUtil.isUsernameValid("test/123"));
     assertFalse(ValidationUtil.isUsernameValid("test%123"));
     assertFalse(ValidationUtil.isUsernameValid("test:123"));
diff --git a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AbstractManagerResource.java b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AbstractManagerResource.java
index 7c82bddc87..19854b5192 100644
--- a/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AbstractManagerResource.java
+++ b/scm-webapp/src/main/java/sonia/scm/api/rest/resources/AbstractManagerResource.java
@@ -45,6 +45,7 @@ import sonia.scm.Manager;
 import sonia.scm.ModelObject;
 import sonia.scm.security.ScmSecurityException;
 import sonia.scm.util.AssertUtil;
+import sonia.scm.util.HttpUtil;
 import sonia.scm.util.Util;
 
 //~--- JDK imports ------------------------------------------------------------
@@ -142,9 +143,13 @@ public abstract class AbstractManagerResource<T extends ModelObject,
     try
     {
       manager.create(item);
+
+      String id = getId(item);
+
+      id = HttpUtil.encode(id);
       response = Response.created(
         uriInfo.getAbsolutePath().resolve(
-          getPathPart().concat("/").concat(getId(item)))).build();
+          getPathPart().concat("/").concat(id))).build();
     }
     catch (ScmSecurityException ex)
     {
diff --git a/scm-webapp/src/main/webapp/resources/js/override/ext.form.vtypes.js b/scm-webapp/src/main/webapp/resources/js/override/ext.form.vtypes.js
index 1a73cbef5d..4ae1790a7f 100644
--- a/scm-webapp/src/main/webapp/resources/js/override/ext.form.vtypes.js
+++ b/scm-webapp/src/main/webapp/resources/js/override/ext.form.vtypes.js
@@ -54,7 +54,7 @@ Ext.apply(Ext.form.VTypes, {
   // username validator
   
   username: function(val){
-    return val.match(/^[A-z0-9\.\-_@]+$/);
+    return val.match(/^[^ ][A-z0-9\.\-_@ ]*[^ ]$/);
   },
   
   usernameText: 'The username is invalid.'