It's not a good sign when you see code like this in the project you were hired to maintain:
// Initialize the user history collection in case the // user changes his or her password during this session. user.getUserHistories( ).size( );
This is wrong on so many levels I don't even know where to start...
