diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.desc.xml b/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.desc.xml
index f6802c1009..c64308cb47 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.desc.xml
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.desc.xml
@@ -1,8 +1,8 @@
 <webscript kind="org.alfresco.repository.content.stream">
   <shortname>Thumbnails</shortname>
   <description>Get a named thumbnail for a content resource</description>
-  <url>/api/node/{store_type}/{store_id}/{id}/content{property}/thumbnails/{thumbnailname}?qc={queuecreate?}&amp;ph={placeholder?}</url>  
-  <url>/api/path/{store_type}/{store_id}/{id}/content{property}/thumbnails/{thumbnailname}?qc={queuecreate?}&amp;ph={placeholder?}</url>
+  <url>/api/node/{store_type}/{store_id}/{id}/content{property}/thumbnails/{thumbnailname}?qc={queuecreate?}&amp;fc={forcecreate?}&amp;ph={placeholder?}</url>  
+  <url>/api/path/{store_type}/{store_id}/{id}/content{property}/thumbnails/{thumbnailname}?qc={queuecreate?}&amp;fc={forcecreate?}&amp;ph={placeholder?}</url>
   <format default="">argument</format>
   <authentication>user</authentication>
   <transaction>required</transaction>
diff --git a/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.js b/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.js
index d757af3072..940b4c5f35 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.js
+++ b/config/alfresco/templates/webscripts/org/alfresco/repository/thumbnail/thumbnail.get.js
@@ -4,12 +4,12 @@ function main()
    var pathSegments = url.match.split("/");
    var reference = [ url.templateArgs.store_type, url.templateArgs.store_id ].concat(url.templateArgs.id.split("/"));
    var node = search.findNode(pathSegments[2], reference);
- 
+   
    // 404 if the node to thumbnail is not found
    if (node == null)
    {
       status.setCode(status.STATUS_NOT_FOUND, "The thumbnail source node could not be found");
-	  return;
+      return;
    }
    
    // Get the thumbnail name from the JSON content 
@@ -20,7 +20,7 @@ function main()
    {
       status.setCode(status.STATUS_NOT_FOUND, "Thumbnail name was not provided");
       return;
-   }  
+   }
    
    // Get the queue create flag
    var qc = false;
@@ -30,6 +30,14 @@ function main()
       qc = utils.toBoolean(qcString);
    }
    
+   // Get the force create flag
+   var fc = false;
+   var fcString = args.fc;
+   if (fcString != null)
+   {
+      fc = utils.toBoolean(fcString);
+   }
+   
    // Get the place holder flag
    var ph = false;
    var phString = args.ph;
@@ -43,32 +51,39 @@ function main()
    if (thumbnail == null)
    {
       // Queue the creation of the thumbnail if appropriate
-      if (qc == true)
+      if (fc)
       {
-         node.createThumbnail(thumbnailName, true);
-      }		
-      
-      if (ph == true)
-      {
-         // Try and get the place holder resource
-         var phPath = thumbnailService.getPlaceHolderResourcePath(thumbnailName);
-         if (phPath == null)
-         {
-            // 404 since no thumbnail was found
-            status.setCode(status.STATUS_NOT_FOUND, "Thumbnail was not found and no place holde resource set for '" + thumbnailName + "'");
-            return;
-         }
-         else
-         {
-            // Set the resouce path in the model ready for the content stream to send back to the client
-            model.contentPath = phPath;
-         }
+      	model.contentNode = node.createThumbnail(thumbnailName, false);
       }
       else
-      {         
-         // 404 since no thumbnail was found
-         status.setCode(status.STATUS_NOT_FOUND, "Thumbnail was not found");
-         return;
+      {
+	      if (qc)
+	      {
+	         node.createThumbnail(thumbnailName, true);
+	      }
+	      
+	      if (ph == true)
+	      {
+	         // Try and get the place holder resource
+	         var phPath = thumbnailService.getPlaceHolderResourcePath(thumbnailName);
+	         if (phPath == null)
+	         {
+	            // 404 since no thumbnail was found
+	            status.setCode(status.STATUS_NOT_FOUND, "Thumbnail was not found and no place holde resource set for '" + thumbnailName + "'");
+	            return;
+	         }
+	         else
+	         {
+	            // Set the resouce path in the model ready for the content stream to send back to the client
+	            model.contentPath = phPath;
+	         }
+	      }
+	      else
+	      {         
+	         // 404 since no thumbnail was found
+	         status.setCode(status.STATUS_NOT_FOUND, "Thumbnail was not found");
+	         return;
+	      }
       }
    }
    else
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.desc.xml b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.desc.xml
new file mode 100644
index 0000000000..746e52b4e6
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.desc.xml
@@ -0,0 +1,8 @@
+<webscript>
+  <shortname>Avatar Upload</shortname>
+  <description>Upload avatar file content and apply to person preferences</description>
+  <format default="json" />
+  <authentication>user</authentication>
+  <transaction>required</transaction>
+  <url>/slingshot/profile/uploadavatar</url>
+</webscript>
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.js b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.js
new file mode 100644
index 0000000000..7680f65b43
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.js
@@ -0,0 +1,88 @@
+/**
+ * User Profile Avatar Upload method
+ * 
+ * @method POST
+ * @param username {string}
+ *        filedata {file}
+ */
+
+function main()
+{
+   var filename = null;
+   var content = null;
+   var username = null;
+   
+   // locate file attributes
+   for each (field in formdata.fields)
+   {
+      if (field.name == "filedata" && field.isFile)
+      {
+         filename = field.filename;
+         content = field.content;
+      }
+      else if (field.name == "username")
+      {
+         username = field.value;
+      }
+   }
+   
+   // ensure all mandatory attributes have been located
+   if (filename == undefined || content == undefined)
+   {
+      status.code = 400;
+      status.message = "Uploaded file cannot be located in request";
+      status.redirect = true;
+      return;
+   }
+   if (username == null || username.length == 0)
+   {
+      status.code = 500;
+      status.message = "Username parameter not supplied.";
+      status.redirect = true;
+      return;
+   }
+   
+   var user = people.getPerson(username);
+   // ensure we found a valid user and that it is the current user or we are an admin
+   if (user == null || (people.isAdmin(person) == false && username != user.properties.userName))
+   {
+      status.code = 500;
+      status.message = "Failed to locate valid user to modify.";
+      status.redirect = true;
+      return;
+   }
+   
+   // ensure cm:person has 'cm:preferences' aspect applied - as we want to add the avatar as
+   // the child node of the 'cm:preferenceImage' association
+   if (!user.hasAspect("cm:preferences"))
+   {
+      user.addAspect("cm:preferences");
+   }
+   
+   // remove old image child node if we already have one
+   var assocs = user.childAssocs["cm:preferenceImage"];
+   if (assocs != null && assocs.length == 1)
+   {
+      assocs[0].remove();
+   }
+   
+   // create the new image node
+   var image = user.createNode(filename, "cm:content", "cm:preferenceImage");
+   image.properties.content.write(content);
+   image.properties.content.guessMimetype(filename);
+   image.properties.content.encoding = "UTF-8";
+   image.save();
+   
+   // wire up 'cm:avatar' target association - backward compatible with JSF web-client avatar
+   assocs = user.associations["cm:avatar"];
+   if (assocs != null && assocs.length == 1)
+   {
+      user.removeAssociation(assocs[0], "cm:avatar");
+   }
+   user.createAssociation(image, "cm:avatar");
+   
+   // save ref to be returned
+   model.image = image;
+}
+
+main();
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.json.ftl b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.json.ftl
new file mode 100644
index 0000000000..326c18cbc6
--- /dev/null
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/uploadavatar.post.json.ftl
@@ -0,0 +1,9 @@
+{
+   "nodeRef": "${image.nodeRef}",
+   "status":
+   {
+      "code": 200,
+      "name": "OK",
+      "description" : "File uploaded successfully"
+   }
+}
\ No newline at end of file
diff --git a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/userprofile.post.js b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/userprofile.post.js
index ad61a8c25b..b6ba0a3fab 100644
--- a/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/userprofile.post.js
+++ b/config/alfresco/templates/webscripts/org/alfresco/slingshot/profile/userprofile.post.js
@@ -1,5 +1,5 @@
 /**
- * User Profile Update method
+ * User Profile REST Update method
  * 
  * @method POST
  * @param json {string}
@@ -16,51 +16,66 @@
  *    }
  */
 
-model.success = false;
-var username = json.get("username");
-if (username != null)
+function main()
 {
-   var person = people.getPerson(username);
-   // ensure we found a valid person and that it is the current user or an admin
-   if (person != null && (username == person.properties.userName || people.isAdmin(person)))
+   model.success = false;
+   var username = json.get("username");
+   if (username == null)
    {
-      if (json.has("properties"))
+      status.code = 400;
+      status.message = "Failed to locate valid user to modify.";
+      status.redirect = true;
+      return;
+   }
+   
+   var user = people.getPerson(username);
+   // ensure we found a valid user and that it is the current user or we are an admin
+   if (user == null || (people.isAdmin(person) == false && username != user.properties.userName))
+   {
+      status.code = 500;
+      status.message = "Failed to locate valid user to modify.";
+      status.redirect = true;
+      return;
+   }
+   
+   if (json.has("properties"))
+   {
+      var props = json.get("properties");
+      if (props != null)
       {
-         var props = json.get("properties");
-         if (props != null)
+         var names = props.names();
+         for (var i=0; i<props.length(); i++)
          {
-            var names = props.names();
-            for (var i=0; i<props.length(); i++)
-            {
-               var propname = names.get(i);
-               var propval = props.get(propname);
-               
-               // set simple text properties
-               person.properties[propname] = propval;
-            }
+            var propname = names.get(i);
+            var propval = props.get(propname);
+            
+            // set simple text properties
+            user.properties[propname] = propval;
          }
       }
-      
-      if (json.has("content"))
+   }
+   
+   if (json.has("content"))
+   {
+      var props = json.get("content");
+      if (props != null)
       {
-         var props = json.get("content");
-         if (props != null)
+         var names = props.names();
+         for (var i=0; i<props.length(); i++)
          {
-            var names = props.names();
-            for (var i=0; i<props.length(); i++)
-            {
-               var propname = names.get(i);
-               var propval = props.get(propname);
-               
-               // set content property
-               person.properties[propname].content = propval;
-            }
+            var propname = names.get(i);
+            var propval = props.get(propname);
+            
+            // set content property
+            user.properties[propname].content = propval;
          }
       }
       
       // TODO: AVATAR?
       
-      person.save();
+      user.save();
       model.success = true;
    }
-}
\ No newline at end of file
+}
+
+main();
\ No newline at end of file
diff --git a/source/java/org/alfresco/repo/web/scripts/person/PersonPut.java b/source/java/org/alfresco/repo/web/scripts/person/PersonPut.java
index 70c5828374..a7ede2a01d 100644
--- a/source/java/org/alfresco/repo/web/scripts/person/PersonPut.java
+++ b/source/java/org/alfresco/repo/web/scripts/person/PersonPut.java
@@ -33,12 +33,12 @@ import org.alfresco.repo.jscript.ScriptNode;
 import org.alfresco.repo.security.authentication.AuthenticationComponent;
 import org.alfresco.repo.security.authentication.AuthenticationUtil;
 import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
+import org.alfresco.repo.security.permissions.AccessDeniedException;
 import org.alfresco.service.ServiceRegistry;
 import org.alfresco.service.cmr.repository.NodeRef;
 import org.alfresco.service.cmr.repository.NodeService;
-import org.alfresco.service.cmr.security.AccessStatus;
-import org.alfresco.service.cmr.security.PermissionService;
 import org.alfresco.service.cmr.security.PersonService;
+import org.alfresco.service.namespace.QName;
 import org.alfresco.util.Content;
 import org.alfresco.web.scripts.DeclarativeWebScript;
 import org.alfresco.web.scripts.Status;
@@ -46,6 +46,7 @@ import org.alfresco.web.scripts.WebScriptException;
 import org.alfresco.web.scripts.WebScriptRequest;
 import org.json.JSONObject;
 
+
 /**
  * Web Script to update a person's details
  * 
@@ -75,35 +76,25 @@ public class PersonPut extends DeclarativeWebScript
         {
             // get references to services
             NodeService nodeService = PersonPut.this.serviceRegistry.getNodeService();
-            PermissionService permissionService = PersonPut.this.serviceRegistry.getPermissionService();
             
-            // Can only update the given person node's properties if the
-            // currently logged in user is the system user or,
-            // already has write permissions on the person node or,
-            // matches the user name property of that person node
-            String currentUserName = AuthenticationUtil.getCurrentUserName();
-            String personUserName = (String) nodeService.getProperty(person,
-                    ContentModel.PROP_USERNAME);
-            if (PersonPut.this.authenticationComponent.isSystemUserName(currentUserName) == true
-                    || (permissionService.hasPermission(
-                            this.person, PermissionService.WRITE) == AccessStatus.ALLOWED)
-                    || personUserName.equals(currentUserName) == true)
+            // Update the given person node's properties
+            Map<QName, Serializable> props = new HashMap<QName, Serializable>(16);
+            props.put(ContentModel.PROP_USERNAME, (Serializable) personProps.get("userName"));
+            props.put(ContentModel.PROP_TITLE, (Serializable) personProps.get("title"));
+            props.put(ContentModel.PROP_FIRSTNAME, (Serializable) personProps.get("firstName"));
+            props.put(ContentModel.PROP_LASTNAME, (Serializable) personProps.get("lastName"));
+            props.put(ContentModel.PROP_ORGANIZATION, (Serializable) personProps.get("organisation"));
+            props.put(ContentModel.PROP_JOBTITLE, (Serializable) personProps.get("jobtitle"));
+            props.put(ContentModel.PROP_EMAIL, (Serializable) personProps.get("email"));
+            try
             {
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_TITLE, (Serializable) personProps.get("title"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_FIRSTNAME, (Serializable) personProps.get("firstName"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_LASTNAME, (Serializable) personProps.get("lastName"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_ORGANIZATION, (Serializable) personProps.get("organisation"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_JOBTITLE, (Serializable) personProps.get("jobtitle"));
-                nodeService.setProperty(
-                        this.person, ContentModel.PROP_EMAIL, (Serializable) personProps.get("email"));
+                nodeService.setProperties(this.person, props);
             }
-            else
+            catch (AccessDeniedException err)
             {
+                // catch security exception if the user does not have permissions
+                String currentUserName = AuthenticationUtil.getCurrentUserName();
+                String personUserName = (String)nodeService.getProperty(person, ContentModel.PROP_USERNAME);
                 throw new WebScriptException(Status.STATUS_INTERNAL_SERVER_ERROR, "Current user: "
                         + currentUserName + " does not have the appropriate permissons to update "
                         + " person node with userName: " + personUserName);