Implemented OAuth2 exception handler.
Change-Id: I5363e42ee78fa74de982cda3215247c7e73137bb
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java
index 8d678b8..b8546ae 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/OAuth2ClientDao.java
@@ -49,10 +49,10 @@
     }
 
     public OAuth2Client retrieveClientById (String clientId)
-            throws Exception {
+            throws KustvaktException {
 
         ParameterChecker.checkStringValue(clientId, "client_id");
-        
+
         CriteriaBuilder builder = entityManager.getCriteriaBuilder();
         CriteriaQuery<OAuth2Client> query =
                 builder.createQuery(OAuth2Client.class);
@@ -62,13 +62,13 @@
         query.where(builder.equal(root.get(OAuth2Client_.id), clientId));
 
         Query q = entityManager.createQuery(query);
-//        try {
+        try {
             return (OAuth2Client) q.getSingleResult();
-//        }
-//        catch (NoResultException e) {
-//            throw new KustvaktException(StatusCodes.CLIENT_NOT_FOUND,
-//                    "Client with id " + clientId + " is not found");
-//        }
+        }
+        catch (Exception e) {
+            throw new KustvaktException(StatusCodes.CLIENT_NOT_FOUND,
+                    e.getMessage(), "invalid_client");
+        }
     }
 
     public void deregisterClient (OAuth2Client client) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/AnnotationService.java b/full/src/main/java/de/ids_mannheim/korap/service/AnnotationService.java
index 83e4d9e..a2acc05 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/AnnotationService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/AnnotationService.java
@@ -15,7 +15,6 @@
 import de.ids_mannheim.korap.entity.AnnotationPair;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.web.CoreResponseHandler;
 import de.ids_mannheim.korap.web.controller.AnnotationController;
 
 /** AnnotationService defines the logic behind {@link AnnotationController}.
@@ -30,9 +29,6 @@
             LoggerFactory.getLogger(AnnotationService.class);
 
     @Autowired
-    CoreResponseHandler kustvaktResponseHandler;
-
-    @Autowired
     private AnnotationDao annotationDao;
 
     @Autowired
@@ -68,9 +64,8 @@
                 }
                 else {
                     jlog.error("Annotation code is wrong: " + annotationCode);
-                    kustvaktResponseHandler.throwit(
-                            new KustvaktException(StatusCodes.INVALID_ATTRIBUTE,
-                                    "Bad attribute:", code));
+                    throw new KustvaktException(StatusCodes.INVALID_ATTRIBUTE,
+                            "Bad attribute:", code);
                 }
 
                 annotationPairs.addAll(annotationDao
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java b/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java
index 3a44e51..0109ea8 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/OAuth2ClientService.java
@@ -2,8 +2,6 @@
 
 import java.sql.SQLException;
 
-import javax.servlet.http.HttpServletResponse;
-
 import org.apache.commons.validator.routines.UrlValidator;
 import org.apache.oltu.oauth2.common.error.OAuthError;
 import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
@@ -62,13 +60,14 @@
             String registeredBy) throws KustvaktException {
         if (!urlValidator.isValid(clientJson.getUrl())) {
             throw new KustvaktException(StatusCodes.INVALID_ARGUMENT,
-                    clientJson.getUrl() + " is invalid.", clientJson.getUrl());
+                    clientJson.getUrl() + " is invalid.",
+                    OAuthError.TokenResponse.INVALID_REQUEST);
         }
         if (!httpsValidator.isValid(clientJson.getRedirectURI())) {
             throw new KustvaktException(StatusCodes.HTTPS_REQUIRED,
                     clientJson.getRedirectURI()
                             + " is invalid. RedirectURI requires https.",
-                    clientJson.getRedirectURI());
+                    OAuthError.TokenResponse.INVALID_REQUEST);
         }
 
         String secret = null;
@@ -104,7 +103,8 @@
                 if (cause instanceof SQLException) {
                     throw new KustvaktException(
                             StatusCodes.CLIENT_REGISTRATION_FAILED,
-                            cause.getMessage(), cause);
+                            cause.getMessage(),
+                            OAuthError.TokenResponse.INVALID_REQUEST);
                 }
                 lastCause = cause;
             }
@@ -115,7 +115,7 @@
 
 
     public void deregisterPublicClient (String clientId, String username)
-            throws KustvaktException, OAuthProblemException {
+            throws KustvaktException {
 
         OAuth2Client client = retrieveClientById(clientId);
         if (adminDao.isAdmin(username)) {
@@ -126,7 +126,8 @@
                     StatusCodes.CLIENT_DEREGISTRATION_FAILED,
                     "Service is limited to public clients. To deregister "
                             + "confidential clients, use service at path: "
-                            + "oauth2/client/deregister/confidential.");
+                            + "oauth2/client/deregister/confidential.",
+                    OAuthError.TokenResponse.INVALID_REQUEST);
         }
         else if (client.getRegisteredBy().equals(username)) {
             clientDao.deregisterClient(client);
@@ -139,19 +140,19 @@
 
 
     public void deregisterConfidentialClient (String authorization,
-            String clientId) throws KustvaktException, OAuthProblemException {
+            String clientId) throws KustvaktException {
         OAuth2Client client =
                 authenticateClientByBasicAuthorization(authorization, clientId);
         clientDao.deregisterClient(client);
     }
 
     public OAuth2Client authenticateClientById (String clientId)
-            throws OAuthProblemException {
+            throws KustvaktException {
         if (clientId == null || clientId.isEmpty()) {
-            throw OAuthProblemException
-                    .error(OAuthError.TokenResponse.INVALID_REQUEST)
-                    .description("client_id is missing.")
-                    .responseStatus(HttpServletResponse.SC_BAD_REQUEST);
+            throw new KustvaktException(
+                    StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+                    "client_id is missing.",
+                    OAuthError.TokenResponse.INVALID_CLIENT);
         }
         else {
             return retrieveClientById(clientId);
@@ -159,14 +160,13 @@
     }
 
     public OAuth2Client authenticateClientByBasicAuthorization (
-            String authorization, String clientId)
-            throws KustvaktException, OAuthProblemException {
+            String authorization, String clientId) throws KustvaktException {
 
         if (authorization == null || authorization.isEmpty()) {
-            throw OAuthProblemException
-                    .error(OAuthError.TokenResponse.INVALID_REQUEST)
-                    .description("Authorization header is not found.")
-                    .responseStatus(HttpServletResponse.SC_BAD_REQUEST);
+            throw new KustvaktException(
+                    StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+                    "Authorization header is not found.",
+                    OAuthError.TokenResponse.INVALID_CLIENT);
         }
         else {
             AuthorizationData authData = authorizationHandler
@@ -177,61 +177,41 @@
                 return verifyClientCredentials(clientId, authData);
             }
             else {
-                throw OAuthProblemException
-                        .error(OAuthError.TokenResponse.INVALID_CLIENT)
-                        .description(
-                                "Client authentication with "
-                                        + authData.getAuthenticationScheme()
-                                                .displayName()
-                                        + "is not supported")
-                        .responseStatus(HttpServletResponse.SC_BAD_REQUEST);
+                throw new KustvaktException(
+                        StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+                        "Client authentication with " + authData
+                                .getAuthenticationScheme().displayName()
+                                + "is not supported",
+                        "invalid_client");
             }
         }
     }
 
     private OAuth2Client verifyClientCredentials (String clientId,
-            AuthorizationData authData) throws OAuthProblemException {
+            AuthorizationData authData) throws KustvaktException {
 
-        try {
-            OAuth2Client client = retrieveClientById(authData.getUsername());
-            // EM: not sure if this is necessary
-            if (clientId != null && !clientId.isEmpty()) {
-                if (!client.getId().equals(clientId)) {
-                    throw new KustvaktException(
-                            StatusCodes.CLIENT_AUTHENTICATION_FAILED);
-                }
-            }
-            if (!encryption.checkHash(authData.getPassword(),
-                    client.getSecret(), config.getPasscodeSaltField())) {
+        OAuth2Client client = retrieveClientById(authData.getUsername());
+        // EM: not sure if this is necessary
+        if (clientId != null && !clientId.isEmpty()) {
+            if (!client.getId().equals(clientId)) {
                 throw new KustvaktException(
-                        StatusCodes.CLIENT_AUTHENTICATION_FAILED);
+                        StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+                        "Invalid client credentials.",
+                        OAuthError.TokenResponse.INVALID_CLIENT);
             }
-            return client;
         }
-        catch (Exception e) {
-            throw OAuthProblemException
-                    .error(OAuthError.TokenResponse.INVALID_CLIENT)
-                    .description("Invalid client credentials.")
-                    .responseStatus(HttpServletResponse.SC_UNAUTHORIZED);
+        if (!encryption.checkHash(authData.getPassword(), client.getSecret(),
+                config.getPasscodeSaltField())) {
+            throw new KustvaktException(
+                    StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+                    "Invalid client credentials.",
+                    OAuthError.TokenResponse.INVALID_CLIENT);
         }
+        return client;
     }
 
     public OAuth2Client retrieveClientById (String clientId)
-            throws OAuthProblemException {
-        try {
-            return clientDao.retrieveClientById(clientId);
-        }
-        catch (KustvaktException e) {
-            throw OAuthProblemException
-                    .error(OAuthError.TokenResponse.INVALID_REQUEST)
-                    .description(e.getMessage() + "is missing.")
-                    .responseStatus(HttpServletResponse.SC_BAD_REQUEST);
-        }
-        catch (Exception e) {
-            throw OAuthProblemException
-                    .error(OAuthError.TokenResponse.INVALID_CLIENT)
-                    .description("Invalid client credentials.")
-                    .responseStatus(HttpServletResponse.SC_UNAUTHORIZED);
-        }
+            throws KustvaktException {
+        return clientDao.retrieveClientById(clientId);
     }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/OAuth2Service.java b/full/src/main/java/de/ids_mannheim/korap/service/OAuth2Service.java
index b69b248..9338bfe 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/OAuth2Service.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/OAuth2Service.java
@@ -21,6 +21,7 @@
 import de.ids_mannheim.korap.constant.OAuth2ClientType;
 import de.ids_mannheim.korap.entity.OAuth2Client;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
 
 @Service
 public class OAuth2Service {
@@ -52,29 +53,26 @@
      * @throws OAuthSystemException 
      */
     public OAuthResponse requestAccessToken (HttpServletRequest request,
-            String authorization, GrantType grantType, String authorizationCode,
+            String authorization, String grantType, String authorizationCode,
             String redirectURI, String clientId, String username,
-            String password, String scope)
-            throws KustvaktException, OAuthProblemException {
+            String password, String scope) throws KustvaktException {
 
-        if (grantType.equals(GrantType.AUTHORIZATION_CODE)) {
+        if (grantType.equals(GrantType.AUTHORIZATION_CODE.toString())) {
             return requestAccessTokenWithAuthorizationCode(authorization,
                     authorizationCode, redirectURI, clientId);
         }
-        else if (grantType.equals(GrantType.PASSWORD)) {
+        else if (grantType.equals(GrantType.PASSWORD.toString())) {
             return requestAccessTokenWithPassword(authorization, username,
                     password, scope);
         }
-        else if (grantType.equals(GrantType.CLIENT_CREDENTIALS)) {
+        else if (grantType.equals(GrantType.CLIENT_CREDENTIALS.toString())) {
             return requestAccessTokenWithClientCredentials(authorization,
                     scope);
         }
         else {
-            throw OAuthProblemException
-                    .error(OAuthError.TokenResponse.UNSUPPORTED_GRANT_TYPE)
-                    .description(grantType.name() + "is not supported.")
-                    .responseStatus(HttpServletResponse.SC_BAD_REQUEST);
-
+            throw new KustvaktException(StatusCodes.UNSUPPORTED_GRANT_TYPE,
+                    grantType + " is not supported.",
+                    OAuthError.TokenResponse.UNSUPPORTED_GRANT_TYPE);
         }
 
     }
@@ -92,16 +90,15 @@
      */
     private OAuthResponse requestAccessTokenWithAuthorizationCode (
             String authorization, String authorizationCode, String redirectURI,
-            String clientId) throws KustvaktException, OAuthProblemException {
+            String clientId) throws KustvaktException {
         OAuth2Client client;
         if (authorization == null || authorization.isEmpty()) {
             client = clientService.authenticateClientById(clientId);
             if (client.getType().equals(OAuth2ClientType.CONFIDENTIAL)) {
-                throw OAuthProblemException
-                        .error(OAuthError.TokenResponse.INVALID_CLIENT)
-                        .description("Client authentication using "
-                                + "authorization header is required.")
-                        .responseStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                throw new KustvaktException(
+                        StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+                        "Client authentication using authorization header is required.",
+                        OAuthError.TokenResponse.INVALID_CLIENT);
             }
         }
         else {
@@ -138,15 +135,13 @@
      * @throws KustvaktException 
      */
     private OAuthResponse requestAccessTokenWithClientCredentials (
-            String authorization, String scope)
-            throws OAuthProblemException, KustvaktException {
+            String authorization, String scope) throws KustvaktException {
 
         if (authorization == null || authorization.isEmpty()) {
-            throw OAuthProblemException
-                    .error(OAuthError.TokenResponse.INVALID_CLIENT)
-                    .description("Client authentication using "
-                            + "authorization header is required.")
-                    .responseStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            throw new KustvaktException(
+                    StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+                    "Client authentication using authorization header is required.",
+                    OAuthError.TokenResponse.INVALID_CLIENT);
         }
         else {
             OAuth2Client client =
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/FullResponseHandler.java b/full/src/main/java/de/ids_mannheim/korap/web/KustvaktExceptionHandler.java
similarity index 95%
rename from full/src/main/java/de/ids_mannheim/korap/web/FullResponseHandler.java
rename to full/src/main/java/de/ids_mannheim/korap/web/KustvaktExceptionHandler.java
index d836ead..e17cd0a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/FullResponseHandler.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/KustvaktExceptionHandler.java
@@ -18,12 +18,12 @@
  * @author margaretha
  *
  */
-public class FullResponseHandler extends CoreResponseHandler {
+public class KustvaktExceptionHandler extends CoreResponseHandler {
 
     @Autowired
     private HttpUnauthorizedHandler handler;
 
-    public FullResponseHandler (AuditingIface iface) {
+    public KustvaktExceptionHandler (AuditingIface iface) {
         super(iface);
     }
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/OAuth2ExceptionHandler.java b/full/src/main/java/de/ids_mannheim/korap/web/OAuth2ExceptionHandler.java
new file mode 100644
index 0000000..3d849af
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/web/OAuth2ExceptionHandler.java
@@ -0,0 +1,126 @@
+package de.ids_mannheim.korap.web;
+
+import javax.ws.rs.WebApplicationException;
+import javax.ws.rs.core.HttpHeaders;
+import javax.ws.rs.core.Response;
+import javax.ws.rs.core.Response.ResponseBuilder;
+import javax.ws.rs.core.Response.Status;
+
+import org.apache.oltu.oauth2.common.error.OAuthError;
+import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
+import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
+import org.apache.oltu.oauth2.common.message.OAuthResponse;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.interfaces.db.AuditingIface;
+
+/** OAuth2ExceptionHandler maps {@link KustvaktException} to 
+ * {@link OAuthProblemException} and creates {@link Response} 
+ * accordingly. 
+ * 
+ * <br/><br/>
+ * 
+ * OAuth2 error response consists of error (required), 
+ * error_description (optional) and error_uri (optional).
+ * 
+ * According to RFC 6749, error indicates error code 
+ * categorized into:
+ * <ul>
+ * <li>invalid_request: The request is missing a required parameter, 
+ * includes an unsupported parameter value (other than grant type),
+ * repeats a parameter, includes multiple credentials, utilizes 
+ * more than one mechanism for authenticating the client, or is 
+ * otherwise malformed.</li>
+ * 
+ * <li>invalid_client: Client authentication failed (e.g., unknown 
+ * client, no client authentication included, or unsupported 
+ * authentication method).  The authorization sever MAY return 
+ * an HTTP 401 (Unauthorized) status code to indicate which 
+ * HTTP authentication schemes are supported. If the client 
+ * attempted to authenticate via the "Authorization" request 
+ * header field, the authorization server MUST respond with 
+ * an HTTP 401 (Unauthorized) status code and include 
+ * the "WWW-Authenticate" response header field matching 
+ * the authentication scheme used by the client</li>
+ * 
+ * <li>invalid_grant: The provided authorization grant 
+ * (e.g., authorization code, resource owner credentials) or 
+ * refresh token is invalid, expired, revoked, does not match 
+ * the redirection URI used in the authorization request, or 
+ * was issued to another client.</li>
+ * 
+ * <li>unauthorized_client:The authenticated client is not 
+ * authorized to use this authorization grant type.</li>
+ * 
+ * <li>unsupported_grant_type: The authorization grant type 
+ * is not supported by the authorization server.</li>
+ * 
+ * <li>invalid_scope: The requested scope is invalid, unknown, 
+ * malformed, or exceeds the scope granted by the resource owner.</li>
+ * </ul>
+ * 
+ * 
+ * @author margaretha
+ *
+ */
+public class OAuth2ExceptionHandler extends CoreResponseHandler {
+
+    public OAuth2ExceptionHandler (AuditingIface iface) {
+        super(iface);
+    }
+
+    @Override
+    public WebApplicationException throwit (KustvaktException e) {
+        OAuthResponse oAuthResponse = null;
+        String errorCode = e.getEntity();
+        try {
+            if (errorCode.equals(OAuthError.TokenResponse.INVALID_CLIENT)) {
+                oAuthResponse = createOAuthResponse(e,
+                        Status.UNAUTHORIZED.getStatusCode());
+            }
+            else if (errorCode.equals(OAuthError.TokenResponse.INVALID_GRANT)
+                    || errorCode
+                            .equals(OAuthError.TokenResponse.INVALID_REQUEST)
+                    || errorCode.equals(OAuthError.TokenResponse.INVALID_SCOPE)
+                    || errorCode
+                            .equals(OAuthError.TokenResponse.UNAUTHORIZED_CLIENT)
+                    || errorCode.equals(
+                            OAuthError.TokenResponse.UNSUPPORTED_GRANT_TYPE)) {
+                oAuthResponse = createOAuthResponse(e,
+                        Status.BAD_REQUEST.getStatusCode());
+
+            }
+            else {
+                return super.throwit(e);
+            }
+        }
+        catch (OAuthSystemException e1) {
+            Response r = Response.status(Status.BAD_REQUEST)
+                    .entity(e1.getMessage()).build();
+            return new WebApplicationException(r);
+        }
+
+        Response r = createResponse(oAuthResponse);
+        return new WebApplicationException(r);
+    }
+
+    private OAuthResponse createOAuthResponse (KustvaktException e,
+            int statusCode) throws OAuthSystemException {
+        OAuthProblemException oAuthProblemException = OAuthProblemException
+                .error(e.getEntity()).description(e.getMessage());
+        return OAuthResponse.errorResponse(statusCode)
+                .error(oAuthProblemException).buildJSONMessage();
+    }
+
+    private Response createResponse (OAuthResponse oAuthResponse) {
+        ResponseBuilder builder =
+                Response.status(oAuthResponse.getResponseStatus());
+        builder.entity(oAuthResponse.getBody());
+        if (oAuthResponse.getResponseStatus() == Status.UNAUTHORIZED
+                .getStatusCode()) {
+            builder.header(HttpHeaders.WWW_AUTHENTICATE,
+                    "Basic realm=\"Kustvakt\"");
+        }
+        return builder.build();
+    }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AdminController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AdminController.java
index f85016a..9bb3ac8 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AdminController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AdminController.java
@@ -26,7 +26,7 @@
 import de.ids_mannheim.korap.server.KustvaktServer;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
-import de.ids_mannheim.korap.web.CoreResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 import de.ids_mannheim.korap.web.filter.AdminFilter;
 import de.ids_mannheim.korap.web.filter.PiwikFilter;
 
@@ -49,7 +49,7 @@
     private AuditingIface auditingController;
 
     @Autowired
-    CoreResponseHandler kustvaktResponseHandler;
+    private KustvaktExceptionHandler kustvaktExceptionHandler;
 
     // EM: not documented and tested, not sure what the purpose of the service is
     @GET
@@ -75,7 +75,7 @@
             integer_limit = Integer.valueOf(limit);
         }
         catch (NumberFormatException | NullPointerException e) {
-            throw kustvaktResponseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT);
+            throw kustvaktExceptionHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT);
         }
         String result="";
         try {
@@ -84,7 +84,7 @@
                     until_date, dayOnly, integer_limit));
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         // limit number of records to return
         return Response.ok(result).build();
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AnnotationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AnnotationController.java
index 09cebff..68ffb47 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AnnotationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AnnotationController.java
@@ -22,7 +22,7 @@
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.service.AnnotationService;
 import de.ids_mannheim.korap.utils.JsonUtils;
-import de.ids_mannheim.korap.web.CoreResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 import de.ids_mannheim.korap.web.filter.DemoUserFilter;
 import de.ids_mannheim.korap.web.filter.PiwikFilter;
 
@@ -39,7 +39,7 @@
 public class AnnotationController {
 
     @Autowired
-    CoreResponseHandler responseHandler;
+    private KustvaktExceptionHandler responseHandler;
 
     @Autowired
     private AnnotationService annotationService;
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
index 1e783c2..e075321 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
@@ -44,7 +44,7 @@
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.KustvaktLogger;
 import de.ids_mannheim.korap.utils.ServiceInfo;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
 import de.ids_mannheim.korap.web.filter.DemoUserFilter;
@@ -63,7 +63,7 @@
 public class AuthenticationController {
 
     @Autowired
-    private FullResponseHandler kustvaktResponseHandler;
+    private KustvaktExceptionHandler kustvaktExceptionHandler;
     
     @Autowired
     private HttpAuthorizationHandler authorizationHandler;
@@ -102,7 +102,7 @@
             return Response.ok(JsonUtils.toJSON(m)).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -121,7 +121,7 @@
             return Response.ok(ctx.toJson()).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
     
@@ -158,7 +158,7 @@
             return Response.ok(context.toJson()).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -178,7 +178,7 @@
         List<String> auth =
                 headers.getRequestHeader(ContainerRequest.AUTHORIZATION);
         if (auth == null || auth.isEmpty()) {
-            throw kustvaktResponseHandler
+            throw kustvaktExceptionHandler
                     .throwit(new KustvaktException(StatusCodes.MISSING_ARGUMENT,
                             "Authorization header is missing.",
                             "Authorization header"));
@@ -197,7 +197,7 @@
            
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         if (DEBUG_LOG == true) {
@@ -240,7 +240,7 @@
                 authorizationData.getPassword()== null || 
                 authorizationData.getPassword().isEmpty())
             // is actual an invalid request
-            throw kustvaktResponseHandler.throwit(StatusCodes.REQUEST_INVALID);
+            throw kustvaktExceptionHandler.throwit(StatusCodes.REQUEST_INVALID);
 
         Map<String, Object> attr = new HashMap<>();
         if (scopes != null && !scopes.isEmpty())
@@ -268,14 +268,14 @@
 //                    Attributes.API_AUTHENTICATION);
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         try {
             return Response.ok(context.toJson()).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -318,7 +318,7 @@
            
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         // Implementation Hanl mit '|'. 16.02.17/FB
@@ -329,7 +329,7 @@
                 authorizationData.getPassword()== null || 
                 authorizationData.getPassword().isEmpty())
             // is actual an invalid request
-            throw kustvaktResponseHandler.throwit(StatusCodes.REQUEST_INVALID);
+            throw kustvaktExceptionHandler.throwit(StatusCodes.REQUEST_INVALID);
 
         Map<String, Object> attr = new HashMap<>();
         attr.put(Attributes.HOST, host);
@@ -348,7 +348,7 @@
             jlog.debug(contextJson);
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok().entity(contextJson).build();
     }
@@ -382,13 +382,13 @@
             context = controller.createTokenContext(user, attr, null);
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         try {
             return Response.ok().entity(context.toJson()).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -406,7 +406,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Logout Exception: {}", e.string());
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok().build();
     }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/DocumentController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/DocumentController.java
index f1adb38..aafb569 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/DocumentController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/DocumentController.java
@@ -1,25 +1,30 @@
 package de.ids_mannheim.korap.web.controller;
 
-import com.sun.jersey.spi.container.ResourceFilters;
-import de.ids_mannheim.korap.config.BeansFactory;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.handlers.DocumentDao;
-import de.ids_mannheim.korap.resources.Document;
-import de.ids_mannheim.korap.server.KustvaktServer;
-import de.ids_mannheim.korap.utils.JsonUtils;
-import de.ids_mannheim.korap.utils.KustvaktLogger;
-import de.ids_mannheim.korap.web.CoreResponseHandler;
-import de.ids_mannheim.korap.web.filter.AdminFilter;
+import java.util.List;
+
+import javax.ws.rs.GET;
+import javax.ws.rs.POST;
+import javax.ws.rs.Path;
+import javax.ws.rs.PathParam;
+import javax.ws.rs.Produces;
+import javax.ws.rs.QueryParam;
+import javax.ws.rs.core.MediaType;
+import javax.ws.rs.core.Response;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 
-import javax.ws.rs.*;
-import javax.ws.rs.core.MediaType;
-import javax.ws.rs.core.Response;
-import java.util.List;
+import com.sun.jersey.spi.container.ResourceFilters;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.handlers.DocumentDao;
+import de.ids_mannheim.korap.resources.Document;
+import de.ids_mannheim.korap.server.KustvaktServer;
+import de.ids_mannheim.korap.utils.JsonUtils;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
+import de.ids_mannheim.korap.web.filter.AdminFilter;
 
 /**
  * EM: To Do: restructure codes regarding service and controller layers
@@ -35,8 +40,8 @@
 public class DocumentController {
 
     @Autowired
-    CoreResponseHandler kustvaktResponseHandler;
-    
+    private KustvaktExceptionHandler kustvaktExceptionHandler;
+
     private static Logger jlog =
             LoggerFactory.getLogger(DocumentController.class);
     private DocumentDao documentDao;
@@ -52,7 +57,7 @@
             this.documentDao.storeResource(doc, null);
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok().build();
     }
@@ -73,7 +78,7 @@
             return Response.ok(JsonUtils.toJSON(docs)).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/KustvaktController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/KustvaktController.java
index 32663f5..1a1ef0e 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/KustvaktController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/KustvaktController.java
@@ -26,7 +26,7 @@
 
     private static Logger jlog = LoggerFactory.getLogger(UserController.class);
     @Autowired
-    private CoreResponseHandler kustvaktResponseHandler;
+    private CoreResponseHandler kustvaktExceptionHandler;
 
 
     @Path("info")
@@ -39,7 +39,7 @@
             return Response.ok(JsonUtils.toJSON(m)).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
index 08d2a0a..d3163e6 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuth2Controller.java
@@ -14,23 +14,20 @@
 import javax.ws.rs.core.SecurityContext;
 
 import org.apache.http.HttpHeaders;
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
-import org.apache.oltu.oauth2.common.exception.OAuthSystemException;
 import org.apache.oltu.oauth2.common.message.OAuthResponse;
-import org.apache.oltu.oauth2.common.message.types.GrantType;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.service.OAuth2Service;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.OAuth2ExceptionHandler;
 
 @Controller
 @Path("/oauth2")
 public class OAuth2Controller {
 
     @Autowired
-    private FullResponseHandler responseHandler;
+    private OAuth2ExceptionHandler responseHandler;
     @Autowired
     private OAuth2Service oauth2Service;
 
@@ -59,7 +56,7 @@
             @Context SecurityContext securityContext,
             @HeaderParam("Authorization") String authorization,
             // required for all grants
-            @FormParam("grant_type") GrantType grantType,
+            @FormParam("grant_type") String grantType,
             // required for Authorization Code Grant
             @FormParam("code") String authorizationCode,
             @FormParam("redirect_uri") String redirectURI,
@@ -85,8 +82,5 @@
         catch (KustvaktException e) {
             throw responseHandler.throwit(e);
         }
-        catch (OAuthProblemException e) {
-            throw responseHandler.throwit(e);
-        }
     }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
index d7eb33e..fa406ac 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthClientController.java
@@ -12,7 +12,6 @@
 import javax.ws.rs.core.Response;
 import javax.ws.rs.core.SecurityContext;
 
-import org.apache.oltu.oauth2.common.exception.OAuthProblemException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 
@@ -22,7 +21,8 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.security.context.TokenContext;
 import de.ids_mannheim.korap.service.OAuth2ClientService;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
+import de.ids_mannheim.korap.web.OAuth2ExceptionHandler;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
 import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
@@ -41,7 +41,7 @@
     @Autowired
     private OAuth2ClientService clientService;
     @Autowired
-    private FullResponseHandler responseHandler;
+    private OAuth2ExceptionHandler responseHandler;
 
     /** Registers a client application. Before starting an OAuth process, 
      * client applications have to be registered first. Only registered
@@ -104,9 +104,6 @@
         catch (KustvaktException e) {
             throw responseHandler.throwit(e);
         }
-        catch (OAuthProblemException e) {
-            throw responseHandler.throwit(e);
-        }
     }
 
 
@@ -124,8 +121,5 @@
         catch (KustvaktException e) {
             throw responseHandler.throwit(e);
         }
-        catch (OAuthProblemException e) {
-            throw responseHandler.throwit(e);
-        }
     }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
index 3a91014..e457cea 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
@@ -74,7 +74,7 @@
 public class OAuthController {
 
     @Autowired
-    CoreResponseHandler kustvaktResponseHandler;
+    CoreResponseHandler kustvaktExceptionHandler;
     
     private OAuth2Handler handler;
     @Autowired
@@ -159,7 +159,7 @@
             json = JsonUtils.toJSON(Scopes.mapScopes(scopes, data));
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         // json format with scope callback parameter
         // todo: add other scopes as well!
@@ -184,7 +184,7 @@
             return Response.ok(JsonUtils.toJSON(auths)).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -232,7 +232,7 @@
 //                user.addUserData(data);
             }
             catch (KustvaktException e) {
-                throw kustvaktResponseHandler.throwit(e);
+                throw kustvaktExceptionHandler.throwit(e);
             }
 
             // register response according to response_type
@@ -308,7 +308,7 @@
                     this.handler.authorize(codeInfo, user);
                 }
                 catch (KustvaktException e) {
-                    throw kustvaktResponseHandler.throwit(e);
+                    throw kustvaktExceptionHandler.throwit(e);
                 }
                 builder.setParam(OAuth.OAUTH_RESPONSE_TYPE,
                         ResponseType.CODE.toString());
@@ -344,7 +344,7 @@
                                 new_context.getToken());
                     }
                     catch (KustvaktException e) {
-                        throw kustvaktResponseHandler.throwit(e);
+                        throw kustvaktExceptionHandler.throwit(e);
                     }
                 }
                 response = builder.buildBodyMessage();
@@ -529,7 +529,7 @@
                     }
                 }
                 catch (KustvaktException e) {
-                    throw kustvaktResponseHandler.throwit(e);
+                    throw kustvaktExceptionHandler.throwit(e);
                 }
                 // todo: errors for invalid scopes or different scopes then during authorization request?
                 //todo ??
@@ -559,7 +559,7 @@
                             oauthRequest.getPassword(), attr);
                 }
                 catch (KustvaktException e) {
-                    throw kustvaktResponseHandler.throwit(e);
+                    throw kustvaktExceptionHandler.throwit(e);
                 }
 
                 try {
@@ -581,7 +581,7 @@
 
                 }
                 catch (KustvaktException e) {
-                    throw kustvaktResponseHandler.throwit(e);
+                    throw kustvaktExceptionHandler.throwit(e);
                 }
             }
 
@@ -606,7 +606,7 @@
                     builder.setParam(c.getTokenType().displayName(), c.getToken());
                 }
                 catch (KustvaktException e) {
-                    throw kustvaktResponseHandler.throwit(e);
+                    throw kustvaktExceptionHandler.throwit(e);
                 }
             }
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
index d97052b..e64bcfe 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
@@ -82,7 +82,7 @@
             LoggerFactory.getLogger(SearchController.class);
 
     @Autowired
-    private CoreResponseHandler responseHandler;
+    private CoreResponseHandler kustvaktExceptionHandler;
     @Autowired
     private SearchKrill searchKrill;
     private ResourceCache resourceHandler;
@@ -215,7 +215,7 @@
             result = graphDBhandler.getResponse("distCollo", "q", query);
         }
         catch (KustvaktException e) {
-            throw responseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok(result).build();
     }
@@ -323,7 +323,7 @@
             cquery.setBaseQuery(ss.toJSON());
         }
         catch (KustvaktException e1) {
-            throw responseHandler.throwit(e1);
+            throw kustvaktExceptionHandler.throwit(e1);
         }
 
         String query = "";
@@ -343,7 +343,7 @@
                 }
             }
             catch (KustvaktException e) {
-                throw responseHandler.throwit(e);
+                throw kustvaktExceptionHandler.throwit(e);
             }
         }
 
@@ -399,7 +399,7 @@
             // jsonld = this.processor.processQuery(jsonld, user);
         }
         catch (KustvaktException e) {
-            throw responseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         jlog.info("Serialized search: {}", jsonld);
 
@@ -434,7 +434,7 @@
         catch (KustvaktException e) {
             jlog.error("Failed retrieving user in the search service: {}",
                     e.string());
-            throw responseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         QuerySerializer serializer = new QuerySerializer();
@@ -451,7 +451,7 @@
             jlog.info("the serialized query {}", query);
         }
         catch (KustvaktException e) {
-            throw responseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         String result = doSearch(eng, query, pageLength, meta);
@@ -496,7 +496,7 @@
             MetaQueryBuilder meta, boolean raw) {
 
         if (raw) {
-            throw responseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
+            throw kustvaktExceptionHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
                     "raw not supported!", null);
         }
 
@@ -510,7 +510,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Failed searching in Neo4J: {}", e.string());
-            throw responseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
     }
@@ -535,7 +535,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Exception encountered: {}", e.string());
-            throw responseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         VirtualCollection tmp = resourceHandler.getCache(cache.getId(),
@@ -548,7 +548,7 @@
                 cache.setStats(JsonUtils.convertToClass(stats, Map.class));
             }
             catch (KustvaktException e) {
-                throw responseHandler.throwit(e);
+                throw kustvaktExceptionHandler.throwit(e);
             }
             resourceHandler.cache(cache);
         }
@@ -562,7 +562,7 @@
             return Response.ok(JsonUtils.toJSON(vals)).build();
         }
         catch (KustvaktException e) {
-            throw responseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -599,7 +599,7 @@
         catch (KustvaktException e) {
             jlog.error("Failed getting user in the matchInfo service: {}",
                     e.string());
-            throw responseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         CorpusAccess corpusAccess = user.getCorpusAccess();
@@ -642,7 +642,7 @@
         }
         catch (Exception e) {
             jlog.error("Exception in the MatchInfo service encountered!", e);
-            throw responseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
+            throw kustvaktExceptionHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
                     e.getMessage(), "");
         }
         jlog.debug("MatchInfo results: " + results);
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/StatisticController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/StatisticController.java
index be74ec8..a468302 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/StatisticController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/StatisticController.java
@@ -44,7 +44,7 @@
     private static Logger jlog =
             LoggerFactory.getLogger(StatisticController.class);
     @Autowired
-    private CoreResponseHandler kustvaktResponseHandler;
+    private CoreResponseHandler kustvaktExceptionHandler;
     @Autowired
     private SearchKrill searchKrill;
 
@@ -68,7 +68,7 @@
             @QueryParam("corpusQuery") String corpusQuery) {
 
         if (corpusQuery == null || corpusQuery.isEmpty()) {
-            throw kustvaktResponseHandler
+            throw kustvaktExceptionHandler
                     .throwit(new KustvaktException(StatusCodes.MISSING_ARGUMENT,
                             "Parameter corpusQuery is missing.",
                             "corpusQuery"));
@@ -82,12 +82,12 @@
             json = builder.toJSON();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         String stats = searchKrill.getStatistics(json);
         if (stats.contains("-1"))
-            throw kustvaktResponseHandler.throwit(StatusCodes.NO_RESULT_FOUND);
+            throw kustvaktExceptionHandler.throwit(StatusCodes.NO_RESULT_FOUND);
         jlog.debug("Stats: " + stats);
         return Response.ok(stats).build();
     }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserController.java
index 670840b..2cda085 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserController.java
@@ -52,7 +52,7 @@
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.StringUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
 import de.ids_mannheim.korap.web.filter.DemoUserFilter;
@@ -71,7 +71,7 @@
 public class UserController {
 
     @Autowired
-    private FullResponseHandler kustvaktResponseHandler;
+    private KustvaktExceptionHandler kustvaktExceptionHandler;
 
     private static Logger jlog = LoggerFactory.getLogger(UserController.class);
     @Autowired
@@ -104,7 +104,7 @@
             user = controller.createUserAccount(values, true);
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         URIParam uri = user.getField(URIParam.class);
         if (uri.hasValues()) {
@@ -123,13 +123,13 @@
                 return Response.ok(JsonUtils.toJSON(object)).build();
             }
             catch (KustvaktException e) {
-                throw kustvaktResponseHandler.throwit(e);
+                throw kustvaktExceptionHandler.throwit(e);
             }
         }
         else {
             jlog.error("Failed creating confirmation and expiry tokens.");
             // EM: why illegal argument when uri fragment/param is self-generated 
-            throw kustvaktResponseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
+            throw kustvaktExceptionHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
                     "failed to validate uri parameter",
                     "confirmation fragment");
         }
@@ -157,7 +157,7 @@
             //            controller.updateAccount(user);
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok().build();
     }
@@ -169,10 +169,10 @@
     public Response confirmRegistration (@QueryParam("uri") String uritoken,
             @Context Locale locale, @QueryParam("user") String username) {
         if (uritoken == null || uritoken.isEmpty())
-            throw kustvaktResponseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
+            throw kustvaktExceptionHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
                     "parameter missing", "uri parameter");
         if (username == null || username.isEmpty())
-            throw kustvaktResponseHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
+            throw kustvaktExceptionHandler.throwit(StatusCodes.ILLEGAL_ARGUMENT,
                     "parameter missing", "Username");
 
         try {
@@ -180,7 +180,7 @@
         }
         catch (KustvaktException e) {
             e.printStackTrace();
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok().build();
     }
@@ -198,7 +198,7 @@
             node = JsonUtils.readTree(json);
         }
         catch (KustvaktException e1) {
-            throw kustvaktResponseHandler.throwit(e1);
+            throw kustvaktExceptionHandler.throwit(e1);
         }
         StringBuilder builder = new StringBuilder();
         String username, email;
@@ -227,7 +227,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Eoxception encountered!", e.string());
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         ObjectNode obj = JsonUtils.createObjectNode();
@@ -237,7 +237,7 @@
             return Response.ok(JsonUtils.toJSON(obj)).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -282,7 +282,7 @@
             return Response.ok(m.toEntity()).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -303,7 +303,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Exception encountered!", e);
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok(result).build();
     }
@@ -339,7 +339,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Exception encountered!", e);
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
 
         return Response.ok().build();
@@ -365,7 +365,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Exception encountered: {}", e.string());
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok(result).build();
     }
@@ -396,7 +396,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Exception encountered!", e);
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok().build();
     }
@@ -452,13 +452,13 @@
         }
         catch (KustvaktException e) {
             jlog.error("Exception encountered!", e);
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         try {
             return Response.ok(JsonUtils.toJSON(add)).build();
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
     }
 
@@ -475,7 +475,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Exception encountered!", e);
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok().build();
     }
@@ -499,7 +499,7 @@
         }
         catch (KustvaktException e) {
             jlog.error("Exception encountered!", e);
-            throw kustvaktResponseHandler.throwit(e);
+            throw kustvaktExceptionHandler.throwit(e);
         }
         return Response.ok(queryStr).build();
     }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
index 5781520..357ceb5 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
@@ -26,7 +26,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.security.context.TokenContext;
 import de.ids_mannheim.korap.service.UserGroupService;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
 import de.ids_mannheim.korap.web.filter.PiwikFilter;
@@ -50,7 +50,7 @@
 public class UserGroupController {
 
     @Autowired
-    private FullResponseHandler responseHandler;
+    private KustvaktExceptionHandler responseHandler;
     @Autowired
     private UserGroupService service;
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
index 1ef676d..d2894c8 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
@@ -28,7 +28,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.security.context.TokenContext;
 import de.ids_mannheim.korap.service.VirtualCorpusService;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 import de.ids_mannheim.korap.web.filter.AuthenticationFilter;
 import de.ids_mannheim.korap.web.filter.BlockingFilter;
 import de.ids_mannheim.korap.web.filter.PiwikFilter;
@@ -55,7 +55,7 @@
 public class VirtualCorpusController {
 
     @Autowired
-    private FullResponseHandler responseHandler;
+    private KustvaktExceptionHandler responseHandler;
     @Autowired
     private VirtualCorpusService service;
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index aa3b0ad..f28331c 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -27,7 +27,7 @@
 import de.ids_mannheim.korap.security.context.TokenContext;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.StringUtils;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 
 /**
  * @author hanl, margaretha
@@ -46,7 +46,7 @@
     private AuthenticationManagerIface authManager;
 
     @Autowired
-    private FullResponseHandler kustvaktResponseHandler;
+    private KustvaktExceptionHandler kustvaktResponseHandler;
 
     @Autowired
     private HttpAuthorizationHandler authorizationHandler;
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index 118f780..94975d1 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -19,7 +19,7 @@
 import de.ids_mannheim.korap.security.context.KustvaktContext;
 import de.ids_mannheim.korap.security.context.TokenContext;
 import de.ids_mannheim.korap.utils.TimeUtils;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 
 /**
  * @author hanl, margaretha
@@ -38,7 +38,7 @@
     private AuthenticationManagerIface authenticationManager;
 
     @Autowired
-    private FullResponseHandler kustvaktResponseHandler;
+    private KustvaktExceptionHandler kustvaktResponseHandler;
 
     @Override
     public ContainerRequest filter (ContainerRequest request) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/BlockingFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/BlockingFilter.java
index 107d102..0bb563a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/BlockingFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/BlockingFilter.java
@@ -13,7 +13,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.security.context.TokenContext;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 
 /**
  * @author hanl
@@ -27,7 +27,7 @@
 public class BlockingFilter implements ContainerRequestFilter, ResourceFilter {
 
     @Autowired
-    private FullResponseHandler kustvaktResponseHandler;
+    private KustvaktExceptionHandler kustvaktResponseHandler;
 
     @Override
     public ContainerRequest filter (ContainerRequest request) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/NonDemoBlockingFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/NonDemoBlockingFilter.java
index d47e1da..da8c444 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/NonDemoBlockingFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/NonDemoBlockingFilter.java
@@ -13,7 +13,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.security.context.TokenContext;
-import de.ids_mannheim.korap.web.FullResponseHandler;
+import de.ids_mannheim.korap.web.KustvaktExceptionHandler;
 
 /**
  * EM: pretty much identical to {@link BlockingFilter}, should be deleted? 
@@ -30,7 +30,7 @@
         implements ContainerRequestFilter, ResourceFilter {
 
     @Autowired
-    private FullResponseHandler kustvaktResponseHandler;
+    private KustvaktExceptionHandler kustvaktResponseHandler;
 
     @Override
     public ContainerRequest filter (ContainerRequest request) {
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 95b2365..feef295 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -181,9 +181,13 @@
 		<constructor-arg ref="kustvakt_db" />
 	</bean>
 
-	<bean id="kustvakt_response" class="de.ids_mannheim.korap.web.FullResponseHandler">
+	<bean id="kustvaktResponseHandler" class="de.ids_mannheim.korap.web.KustvaktExceptionHandler">
 		<constructor-arg index="0" name="iface" ref="kustvakt_auditing" />
 	</bean>
+	<bean id="oauth2_exception" class="de.ids_mannheim.korap.web.OAuth2ExceptionHandler">
+		<constructor-arg index="0" name="iface" ref="kustvakt_auditing" />
+	</bean>
+
 
 	<bean id="kustvakt_userdb" class="de.ids_mannheim.korap.handlers.EntityDao">
 		<constructor-arg ref="kustvakt_db" />
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
index 6251147..483c6e2 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
@@ -4,6 +4,10 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
+import java.util.List;
+import java.util.Set;
+import java.util.Map.Entry;
+
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.apache.http.entity.ContentType;
@@ -18,6 +22,7 @@
 import com.sun.jersey.api.client.ClientResponse.Status;
 import com.sun.jersey.api.client.UniformInterfaceException;
 import com.sun.jersey.core.util.MultivaluedMapImpl;
+import com.sun.jersey.spi.container.ContainerRequest;
 
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
@@ -38,6 +43,18 @@
     private HttpAuthorizationHandler handler;
     private String username = "OAuth2ClientControllerTest";
 
+    private void checkWWWAuthenticateHeader (ClientResponse response) {
+        Set<Entry<String, List<String>>> headers =
+                response.getHeaders().entrySet();
+
+        for (Entry<String, List<String>> header : headers) {
+            if (header.getKey().equals(ContainerRequest.WWW_AUTHENTICATE)) {
+                assertEquals("Basic realm=\"Kustvakt\"",
+                        header.getValue().get(0));
+            }
+        }
+    }
+    
     private ClientResponse testRegisterConfidentialClient ()
             throws KustvaktException {
 
@@ -70,8 +87,8 @@
         response = testRegisterConfidentialClient();
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         node = JsonUtils.readTree(response.getEntity(String.class));
-        assertEquals(StatusCodes.CLIENT_REGISTRATION_FAILED,
-                node.at("/errors/0/0").asInt());
+        assertEquals(OAuthError.TokenResponse.INVALID_REQUEST,
+                node.at("/error").asText());
 
         testDeregisterClientIncorrectCredentials(clientId);
         testDeregisterConfidentialClient(clientId, clientSecret);
@@ -161,7 +178,6 @@
                 .entity(form).delete(ClientResponse.class);
 
         String entity = response.getEntity(String.class);
-//        System.out.println(entity);
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
         
         JsonNode node = JsonUtils.readTree(entity);
@@ -169,5 +185,7 @@
                 node.at("/error").asText());
         assertEquals("Invalid client credentials.",
                 node.at("/error_description").asText());
+        
+        checkWWWAuthenticateHeader(response);
     }
 }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
index f52c883..794ea6b 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
@@ -1,12 +1,17 @@
 package de.ids_mannheim.korap.web.controller;
 
+import static org.junit.Assert.assertEquals;
+
 import javax.ws.rs.core.MultivaluedMap;
+import javax.ws.rs.core.Response.Status;
 
 import org.apache.http.entity.ContentType;
+import org.apache.oltu.oauth2.common.error.OAuthError;
 import org.apache.oltu.oauth2.common.message.types.GrantType;
 import org.junit.Test;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
 import com.sun.jersey.api.client.ClientHandlerException;
 import com.sun.jersey.api.client.ClientResponse;
@@ -17,6 +22,7 @@
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.SpringJerseyTest;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.JsonUtils;
 
 /**
  * @author margaretha
@@ -34,9 +40,8 @@
             KustvaktException {
 
         MultivaluedMap<String, String> form = new MultivaluedMapImpl();
-//        form.add("grant_type", "blahblah");
-        form.add("grant_type", GrantType.REFRESH_TOKEN.name());
-        
+        form.add("grant_type", "blahblah");
+
         ClientResponse response = resource().path("oauth2").path("token")
                 .header(Attributes.AUTHORIZATION,
                         handler.createBasicAuthorizationHeaderValue(username,
@@ -46,8 +51,15 @@
                         ContentType.APPLICATION_FORM_URLENCODED)
                 .entity(form).post(ClientResponse.class);
 
-        System.out.println(response.getStatus());
-        System.out.println(response.getEntity(String.class));
+        String entity = response.getEntity(String.class);
+//        System.out.println(entity);
+        assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
+
+        JsonNode node = JsonUtils.readTree(entity);
+        assertEquals("blahblah is not supported.",
+                node.get("error_description").asText());
+        assertEquals(OAuthError.TokenResponse.UNSUPPORTED_GRANT_TYPE,
+                node.get("error"));
     }
 
 }
diff --git a/full/src/test/resources/test-config.xml b/full/src/test/resources/test-config.xml
index 1757481..66b6c97 100644
--- a/full/src/test/resources/test-config.xml
+++ b/full/src/test/resources/test-config.xml
@@ -181,7 +181,10 @@
 		<constructor-arg ref="kustvakt_db" />
 	</bean>
 
-	<bean id="kustvakt_response" class="de.ids_mannheim.korap.web.FullResponseHandler">
+	<bean id="kustvaktExceptionHandler" class="de.ids_mannheim.korap.web.KustvaktExceptionHandler">
+		<constructor-arg index="0" name="iface" ref="kustvakt_auditing" />
+	</bean>
+	<bean id="oauth2ExceptionHandler" class="de.ids_mannheim.korap.web.OAuth2ExceptionHandler">
 		<constructor-arg index="0" name="iface" ref="kustvakt_auditing" />
 	</bean>