diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
index f1befd7ec2..211ed20369 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/app.js
@@ -59,6 +59,9 @@ module.config([ '$routeProvider', function($routeProvider) {
                 user : function(UserLoader) {
                     return UserLoader();
                 },
+                applications : function(ApplicationListLoader) {
+                    return ApplicationListLoader();
+                },
                 roles : function(RoleListLoader) {
                     return RoleListLoader();
                 }
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
index 5f76681c67..3dedcb065c 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/controllers.js
@@ -198,13 +198,20 @@ Array.prototype.remove = function(from, to) {
     return this.push.apply(this, rest);
 };
 
-module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, roles, RealmRoleMapping) {
+module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, roles, applications, RealmRoleMapping, ApplicationRoleMapping, ApplicationRole) {
     $scope.realm = realm;
     $scope.user = user;
     $scope.realmRoles = angular.copy(roles);
     $scope.selectedRealmRoles = [];
     $scope.selectedRealmMappings = [];
     $scope.realmMappings = [];
+    $scope.applications = applications;
+    $scope.applicationRoles = [];
+    $scope.selectedApplicationRoles = [];
+    $scope.selectedApplicationMappings = [];
+    $scope.applicationMappings = [];
+
+
 
     $scope.realmMappings = RealmRoleMapping.query({realm : realm.id, userId : user.username}, function(){
        for (var i = 0; i < $scope.realmMappings.length; i++) {
@@ -238,7 +245,6 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, ro
     };
 
     $scope.deleteRealmRole = function() {
-        console.log('deleteRealmRole');
         $http.delete('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/realm',
                 {data : $scope.selectedRealmMappings, headers : {"content-type" : "application/json"}}).success(function() {
                 for (var i = 0; i < $scope.selectedRealmMappings.length; i++) {
@@ -253,6 +259,59 @@ module.controller('UserRoleMappingCtrl', function($scope, $http, realm, user, ro
             });
     };
 
+    $scope.addApplicationRole = function() {
+        $http.post('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/applications/' + $scope.application.id,
+                $scope.selectedApplicationRoles).success(function() {
+                for (var i = 0; i < $scope.selectedApplicationRoles.length; i++) {
+                    var role = $scope.selectedApplicationRoles[i];
+                    var idx = $scope.applicationRoles.indexOf($scope.selectedApplicationRoles[i]);
+                    if (idx != -1) {
+                        $scope.applicationRoles.splice(idx, 1);
+                        $scope.applicationMappings.push(role);
+                    }
+                }
+                $scope.selectedApplicationRoles = [];
+            });
+    };
+
+    $scope.deleteApplicationRole = function() {
+        $http.delete('/auth-server/rest/saas/admin/realms/' + realm.id + '/users/' + user.username + '/role-mappings/applications/' + $scope.application.id,
+            {data : $scope.selectedApplicationMappings, headers : {"content-type" : "application/json"}}).success(function() {
+                for (var i = 0; i < $scope.selectedApplicationMappings.length; i++) {
+                    var role = $scope.selectedApplicationMappings[i];
+                    var idx = $scope.applicationMappings.indexOf($scope.selectedApplicationMappings[i]);
+                    if (idx != -1) {
+                        $scope.applicationMappings.splice(idx, 1);
+                        $scope.applicationRoles.push(role);
+                    }
+                }
+                $scope.selectedApplicationMappings = [];
+            });
+    };
+
+
+    $scope.changeApplication = function() {
+        $scope.applicationRoles = ApplicationRole.query({realm : realm.id, userId : user.username, application : $scope.application.id}, function() {
+                $scope.applicationMappings = ApplicationRoleMapping.query({realm : realm.id, userId : user.username, application : $scope.application.id}, function(){
+                    for (var i = 0; i < $scope.applicationMappings.length; i++) {
+                        var role = $scope.applicationMappings[i];
+                        for (var j = 0; j < $scope.applicationRoles.length; j++) {
+                            var realmRole = $scope.applicationRoles[j];
+                            if (realmRole.id == role.id) {
+                                var idx = $scope.applicationRoles.indexOf(realmRole);
+                                if (idx != -1) {
+                                    $scope.applicationRoles.splice(idx, 1);
+                                    break;
+                                }
+                            }
+                        }
+                    }
+                });
+
+            }
+        );
+    };
+
 
 
 });
@@ -372,7 +431,7 @@ module.controller('ApplicationRoleDetailCtrl', function($scope, realm, applicati
 
                 var l = headers().location;
                 var id = l.substring(l.lastIndexOf("/") + 1);
-                $location.url("/realms/" + realm.id + "/roles/" + id);
+                $location.url("/realms/" + realm.id + "/applications/" + application.id + "/roles/" + id);
                 Notifications.success("Created role");
 
             });
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
index e8c352662a..9636d46f11 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/js/services.js
@@ -111,6 +111,16 @@ module.factory('RealmRoleMapping', function($resource) {
     });
 });
 
+module.factory('ApplicationRoleMapping', function($resource) {
+    return $resource('/auth-server/rest/saas/admin/realms/:realm/users/:userId/role-mappings/applications/:application', {
+        realm : '@realm',
+        userId : '@userId',
+        application : "@application"
+    });
+});
+
+
+
 module.factory('RealmRoles', function($resource) {
     return $resource('/auth-server/rest/saas/admin/realms/:realm/roles', {
         realm : '@realm'
diff --git a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html
index d0cb06ae55..d4ffcceb35 100755
--- a/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html
+++ b/examples/as7-eap-demo/server/src/main/webapp/saas/admin/partials/role-mappings.html
@@ -6,13 +6,13 @@
                 <ul class="rcue-tabs" >
                     <li><a href="#/create/user/{{realm.id}}">New User</a></li>
                     <li><a href="#/realms/{{realm.id}}/users">Query Users</a></li>
-                    <li><a href="#/realms/{{realm.id}}/users/{{user.username}}">Attributes</a></li>
-                    <li><a href="#">Credentials</a></li>
-                    <li class="active"><a href="#">Role Mappings</a></li>
+                    <li><a href="#/realms/{{realm.id}}/users/{{user.username}}">{{user.username}} Attributes</a></li>
+                    <li><a href="#">{{user.username}} Credentials</a></li>
+                    <li class="active"><a href="#">{{user.username}} Role Mappings</a></li>
                 </ul>
             </div>
             <div id="content">
-                <h2 class="pull-left">Role Mappings: <span>{{realm.realm}}</span></h2>
+                <h2 class="pull-left">User Role Mappings for <span>{{user.username}}</span></h2>
                 <p class="subtitle"></p>
                 <form name="realmForm" novalidate>
                     <fieldset>
@@ -34,23 +34,30 @@
                             </div>
                         </div>
                     </fieldset>
-                    <fieldset>
+                    <fieldset ng-show="applications.length > 0">
                         <legend collapsed><span class="text">Application Roles</span> </legend>
-                        <div class="form-group">
+                        <div class="form-group input-select">
+                            <label for="applications">Application: </label>
+                            <div class="input-group">
+                                <div class="select-rcue">
+                                    <select id="applications" name="applications" ng-change="changeApplication()" ng-model="application" ng-options="a.name for a in applications">
+                                    </select>
+                                </div>
+                            </div>
+                        </div>
+                        <div class="form-group" ng-show="application">
                             <div class="controls">
-                                <select multiple size=5>
-                                    <option value="role1">role1</option>
-                                    <option value="role2">role2</option>
-                                    <option value="role3">role3</option>
-                                    <option value="role4">role4</option>
+                                <select multiple size="5"
+                                        ng-multiple="true"
+                                        ng-model="selectedApplicationRoles"
+                                        ng-options="r.name for r in applicationRoles">
                                 </select>
-                                <button type="submit">---&gt;</button>
-                                <button type="submit">&lt;---</button>
-                                <select multiple size=5>
-                                    <option value="role1">role1</option>
-                                    <option disabled="disabled" value="role2">role2</option>
-                                    <option value="role3">role3</option>
-                                    <option value="role4">role4</option>
+                                <button type="submit" ng-click="addApplicationRole()">---&gt;</button>
+                                <button type="submit" ng-click="deleteApplicationRole()">&lt;---</button>
+                                <select multiple size=5
+                                        ng-multiple="true"
+                                        ng-model="selectedApplicationMappings"
+                                        ng-options="r.name for r in applicationMappings">
                                 </select>
                             </div>
                         </div>
diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
index 709c638cb1..dd55e20f0e 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UsersResource.java
@@ -244,6 +244,8 @@ public class UsersResource {
     @Produces("application/json")
     @NoCache
     public List<RoleRepresentation> getApplicationRoleMappings(@PathParam("username") String username, @PathParam("appId") String appId) {
+        logger.info("getApplicationRoleMappings");
+
         UserModel user = realm.getUser(username);
         if (user == null) {
             throw new NotFoundException();
@@ -258,10 +260,10 @@ public class UsersResource {
         ApplicationRoleMappings rep = new ApplicationRoleMappings();
         List<RoleModel> mappings = application.getRoleMappings(user);
         List<RoleRepresentation> mapRep = new ArrayList<RoleRepresentation>();
-        RealmManager manager = new RealmManager(session);
         for (RoleModel roleModel : mappings) {
-            mapRep.add(manager.toRepresentation(roleModel));
+            mapRep.add(RealmManager.toRepresentation(roleModel));
         }
+        logger.info("getApplicationRoleMappings.size() = " + mapRep.size());
         return mapRep;
     }
 
@@ -269,6 +271,7 @@ public class UsersResource {
     @POST
     @Consumes("application/json")
     public void addApplicationRoleMapping(@PathParam("username") String username, @PathParam("appId") String appId, List<RoleRepresentation> roles) {
+        logger.info("addApplicationRoleMapping");
         UserModel user = realm.getUser(username);
         if (user == null) {
             throw new NotFoundException();
@@ -280,6 +283,13 @@ public class UsersResource {
             throw new NotFoundException();
         }
 
+        for (RoleRepresentation role : roles) {
+            RoleModel roleModel = application.getRoleById(role.getId());
+            if (roleModel == null) {
+                throw new NotFoundException();
+            }
+            application.grantRole(user, roleModel);
+        }
 
     }