Added storing authorization code and access token in cache; fixed bugs.

Change-Id: Ibc555ed65ebec8e7b40a76521311680a63c11a09
diff --git a/full/Changes b/full/Changes
index 51c8844..4b0dd20 100644
--- a/full/Changes
+++ b/full/Changes
@@ -4,7 +4,10 @@
 	- Added OAuth2 scope checking in search and VC controllers (margaretha)
 	- Added handling OAuth2 bearer token for VC access and User group controllers (margaretha)
 	- Added default scope to password grant (margaretha)
-	
+	- Made createBasicAuthorizationHeaderValue static (margaretha)
+	- Added store access token in openID token service (margaretha)
+	- Fixed empty scope in openID authorization and token service (margaretha)
+	- Implemented storing authorization code in cache (margaretha)
 	
 version 0.60.4
 05/07/2018
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/OAuth2Authentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/OAuth2Authentication.java
index ffee80a..8f5e702 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/OAuth2Authentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/OAuth2Authentication.java
@@ -37,8 +37,8 @@
             throw new KustvaktException(StatusCodes.EXPIRED);
         }
 
-        ZonedDateTime expiry =
-                accessToken.getCreatedDate().plusSeconds(config.getTokenTTL());
+        ZonedDateTime expiry = accessToken.getCreatedDate()
+                .plusSeconds(config.getAccessTokenExpiry());
         String scopes = scopeService
                 .convertAccessScopesToString(accessToken.getScopes());
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java b/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
index 7796345..5eed64f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/http/HttpAuthorizationHandler.java
@@ -1,6 +1,5 @@
 package de.ids_mannheim.korap.authentication.http;
 
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
 import de.ids_mannheim.korap.constant.AuthenticationScheme;
@@ -18,15 +17,12 @@
 @Component
 public class HttpAuthorizationHandler {
 
-    @Autowired
-    private TransferEncoding transferEncoding;
-
-    public String createBasicAuthorizationHeaderValue (String username, 
+    public static String createBasicAuthorizationHeaderValue (String username, 
             String password) throws KustvaktException {
         ParameterChecker.checkStringValue(username, "username");
         ParameterChecker.checkStringValue(password, "password");
 
-        String credentials = transferEncoding.encodeBase64(username, password);
+        String credentials = TransferEncoding.encodeBase64(username, password);
         return AuthenticationScheme.BASIC.displayName()+" " + credentials;
     }
 
@@ -54,7 +50,7 @@
 
     public AuthorizationData parseBasicToken (AuthorizationData data)
             throws KustvaktException {
-        String[] credentials = transferEncoding.decodeBase64(data.getToken());
+        String[] credentials = TransferEncoding.decodeBase64(data.getToken());
         data.setUsername(credentials[0]);
         data.setPassword(credentials[1]);
         return data;
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/http/TransferEncoding.java b/full/src/main/java/de/ids_mannheim/korap/authentication/http/TransferEncoding.java
index c4120df..52d1a90 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/http/TransferEncoding.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/http/TransferEncoding.java
@@ -21,7 +21,7 @@
      * @param password password
      * @return
      */
-    public String encodeBase64 (String username, String password) {
+    public static String encodeBase64 (String username, String password) {
         String s = username + ":" + password;
         return new String(Base64.encodeBase64(s.getBytes()));
     }
@@ -32,7 +32,7 @@
      * @return username and password as an array of strings.
      * @throws KustvaktException 
      */
-    public String[] decodeBase64 (String encodedStr)
+    public static String[] decodeBase64 (String encodedStr)
             throws KustvaktException {
 
         ParameterChecker.checkStringValue(encodedStr, "encoded string");
diff --git a/full/src/main/java/de/ids_mannheim/korap/cache/ResourceCache.java b/full/src/main/java/de/ids_mannheim/korap/cache/ResourceCache.java
index 8e5871c..45f0ce7 100644
--- a/full/src/main/java/de/ids_mannheim/korap/cache/ResourceCache.java
+++ b/full/src/main/java/de/ids_mannheim/korap/cache/ResourceCache.java
@@ -1,22 +1,13 @@
 package de.ids_mannheim.korap.cache;
 
-import de.ids_mannheim.korap.config.KustvaktCacheable;
-import de.ids_mannheim.korap.exceptions.EmptyResultException;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.exceptions.NotAuthorizedException;
-import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.resources.Permissions;
-import de.ids_mannheim.korap.resources.ResourceFactory;
-import de.ids_mannheim.korap.user.User;
-import net.sf.ehcache.CacheManager;
-import net.sf.ehcache.Element;
-
-import java.util.Collection;
-
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 
+import de.ids_mannheim.korap.config.KustvaktCacheable;
+import de.ids_mannheim.korap.resources.KustvaktResource;
+import net.sf.ehcache.CacheManager;
+import net.sf.ehcache.Element;
+
 /**
  * @author hanl
  * @date 23/03/2014
diff --git a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
index 68b2ac6..b11f8cf 100644
--- a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
+++ b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
@@ -27,6 +27,7 @@
 import de.ids_mannheim.korap.constant.AuthenticationMethod;
 import de.ids_mannheim.korap.interfaces.EncryptionIface;
 import de.ids_mannheim.korap.oauth2.openid.OpenIdConfiguration;
+import de.ids_mannheim.korap.utils.TimeUtils;
 
 /**
  * Configuration for Kustvakt full version including properties
@@ -73,6 +74,10 @@
     private Set<String> clientCredentialsScopes;
     private int maxAuthenticationAttempts;
 
+    private int accessTokenExpiry;
+    private int refreshTokenExpiry;
+    private int authorizationCodeExpiry;
+
     private URL issuer;
     private URI issuerURI;
     private OpenIdConfiguration openidConfig;
@@ -218,7 +223,7 @@
                 "korap.ids-mannheim.de"));
 
         setMaxAuthenticationAttempts(Integer
-                .parseInt(properties.getProperty("oauth2.max.attempts", "3")));
+                .parseInt(properties.getProperty("oauth2.max.attempts", "1")));
 
         String scopes = properties.getProperty("oauth2.default.scopes",
                 "openid preferred_username");
@@ -230,6 +235,13 @@
                 .getProperty("oauth2.client.credentials.scopes", "client_info");
         setClientCredentialsScopes(Arrays.stream(clientScopes.split(" "))
                 .collect(Collectors.toSet()));
+
+        accessTokenExpiry = TimeUtils.convertTimeToSeconds(
+                properties.getProperty("oauth2.access.token.expiry", "1D"));
+        refreshTokenExpiry = TimeUtils.convertTimeToSeconds(
+                properties.getProperty("oauth2.refresh.token.expiry", "90D"));
+        authorizationCodeExpiry = TimeUtils.convertTimeToSeconds(properties
+                .getProperty("oauth2.authorization.code.expiry", "10M"));
     }
 
     private void setMailConfiguration (Properties properties) {
@@ -583,4 +595,28 @@
     public void setOpenidConfig (OpenIdConfiguration openidConfig) {
         this.openidConfig = openidConfig;
     }
+
+    public int getAccessTokenExpiry () {
+        return accessTokenExpiry;
+    }
+
+    public void setAccessTokenExpiry (int accessTokenExpiry) {
+        this.accessTokenExpiry = accessTokenExpiry;
+    }
+
+    public int getRefreshTokenExpiry () {
+        return refreshTokenExpiry;
+    }
+
+    public void setRefreshTokenExpiry (int refreshTokenExpiry) {
+        this.refreshTokenExpiry = refreshTokenExpiry;
+    }
+
+    public int getAuthorizationCodeExpiry () {
+        return authorizationCodeExpiry;
+    }
+
+    public void setAuthorizationCodeExpiry (int authorizationCodeExpiry) {
+        this.authorizationCodeExpiry = authorizationCodeExpiry;
+    }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/ResourceDao.java b/full/src/main/java/de/ids_mannheim/korap/handlers/ResourceDao.java
deleted file mode 100644
index 9cf7165..0000000
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/ResourceDao.java
+++ /dev/null
@@ -1,259 +0,0 @@
-package de.ids_mannheim.korap.handlers;
-
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-
-import org.apache.logging.log4j.LogManager;
-import org.apache.logging.log4j.Logger;
-import org.springframework.dao.DataAccessException;
-import org.springframework.dao.IncorrectResultSizeDataAccessException;
-import org.springframework.jdbc.core.namedparam.MapSqlParameterSource;
-import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
-import org.springframework.jdbc.support.GeneratedKeyHolder;
-import org.springframework.jdbc.support.KeyHolder;
-
-import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.exceptions.DatabaseException;
-import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
-import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
-import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.resources.ResourceFactory;
-import de.ids_mannheim.korap.user.User;
-import de.ids_mannheim.korap.utils.SqlBuilder;
-
-/**
- * Created by hanl on 7/21/14.
- */
-//todo: auditing // testing
-public class ResourceDao<T extends KustvaktResource>
-        implements ResourceOperationIface<T> {
-
-    private static Logger log = LogManager.getLogger(ResourceDao.class);
-    protected final NamedParameterJdbcTemplate jdbcTemplate;
-
-
-    public ResourceDao (PersistenceClient client) {
-        this.jdbcTemplate = (NamedParameterJdbcTemplate) client.getSource();
-    }
-
-
-    @Override
-    public Class<T> type () {
-        return (Class<T>) KustvaktResource.class;
-    }
-
-
-    // todo: testing
-    @Override
-    public List<T> getResources (Collection<Object> ids, User user)
-            throws KustvaktException {
-        String sql = "SELECT rs.*, rt.name_path FROM resource_store as rs inner join resource_tree as rt"
-                + " on rs.id=rt.child_id WHERE rs.id IN (:ids);";
-        MapSqlParameterSource parameters = new MapSqlParameterSource();
-        parameters.addValue("ids", ids);
-        try {
-            return (List<T>) this.jdbcTemplate.query(sql, parameters,
-                    new RowMapperFactory.ResourceMapper());
-        }
-        catch (DataAccessException e) {
-            log.error(
-                    "Exception during database retrieval for ids '" + ids + "'",
-                    e);
-            throw new DatabaseException(user.getId(), "resource_store",
-                    StatusCodes.DB_GET_FAILED,
-                    "Exception during database retrieval for ids '" + ids,
-                    ids.toString());
-        }
-
-    }
-
-
-    @Override
-    public int updateResource (T resource, User user) throws KustvaktException {
-        MapSqlParameterSource source = new MapSqlParameterSource();
-        source.addValue("id", resource.getPersistentID());
-        source.addValue("name", resource.getName());
-        source.addValue("desc", resource.getDescription());
-        source.addValue("data", resource.getStringData());
-        final String sql = "UPDATE resource_store set name=:name, data=:data, description=:desc where persistent_id=:id;";
-        try {
-            return this.jdbcTemplate.update(sql, source);
-        }
-        catch (DataAccessException e) {
-            log.error("Exception during database update for id '"
-                    + resource.getPersistentID() + "'", e);
-            throw new DatabaseException(user.getId(), "resource_store",
-                    StatusCodes.DB_UPDATE_FAILED, "Exception during database update for id '"
-                            + resource.getPersistentID(), resource.toString());
-        }
-    }
-
-
-    @Override
-    public int[] updateResources (List<T> resources, User user)
-            throws KustvaktException {
-        return new int[1];
-    }
-
-
-    @Override
-    public <T extends KustvaktResource> T findbyId (String id, User user)
-            throws KustvaktException {
-        MapSqlParameterSource source = new MapSqlParameterSource();
-        source.addValue("pid", id);
-        String sql = "SELECT rs.*, rt.name_path FROM resource_store as rs inner join resource_tree as rt"
-                + " on rs.id=rt.child_id WHERE rs.persistent_id=:pid";
-        //group by rs.id;";
-        try {
-            return (T) this.jdbcTemplate.queryForObject(sql, source,
-                    new RowMapperFactory.ResourceMapper());
-        }
-        catch (DataAccessException e) {
-            // empty results
-            return null;
-        }
-    }
-
-
-    public KustvaktResource findbyPath (String path, User user)
-            throws KustvaktException {
-        MapSqlParameterSource source = new MapSqlParameterSource();
-        source.addValue("path", path);
-        String sql = "SELECT rs.*, rt.name_path FROM resource_store as rs inner join resource_tree as rt on rs.id=rt.child_id WHERE rt.name_path=:path;";
-        try {
-            return this.jdbcTemplate.queryForObject(sql, source,
-                    new RowMapperFactory.ResourceMapper());
-        }
-        catch (DataAccessException e) {
-            if (e instanceof IncorrectResultSizeDataAccessException)
-                throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
-                        "invalid request path given!", path);
-            return null;
-        }
-    }
-
-
-    @Override
-    public <T extends KustvaktResource> T findbyId (Integer id, User user)
-            throws KustvaktException {
-        MapSqlParameterSource source = new MapSqlParameterSource();
-        source.addValue("id", id);
-        String sql = "SELECT rs.*, rt.name_path FROM resource_store as rs inner join resource_tree as rt on rs.id=rt.child_id "
-                + "WHERE rs.id=:id group by rs.id order by rt.depth desc;";
-        try {
-            return (T) this.jdbcTemplate.queryForObject(sql, source,
-                    new RowMapperFactory.ResourceMapper());
-        }
-        catch (DataAccessException e) {
-            if (e instanceof IncorrectResultSizeDataAccessException)
-                throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
-                        "invalid request id given!", String.valueOf(id));
-            return null;
-        }
-    }
-
-
-    @Override
-    public <T1 extends KustvaktResource> List<T1> findbyPartialId (String id,
-            User user) throws KustvaktException {
-        return null;
-    }
-
-
-    @Override
-    public int storeResource (T resource, User user) throws KustvaktException {
-        MapSqlParameterSource source = new MapSqlParameterSource();
-        KeyHolder holder = new GeneratedKeyHolder();
-        // parent_id necessary so trigger can be used for tree insert!
-        final String sql, parid;
-        SqlBuilder b = new SqlBuilder("resource_store");
-        b.insert(Attributes.NAME, Attributes.PARENT_ID,
-                Attributes.PERSISTENT_ID, Attributes.DESCRIPTION,
-                Attributes.CREATOR, Attributes.TYPE, Attributes.CREATED);
-        b.params(
-                ":name, :parent, :pid, :desc, :ow, :type, :created, :dtype, :data");
-
-        if (resource.getParentID() == null) {
-            sql = "INSERT INTO resource_store (name, parent_id, persistent_id, description, creator, type, created, data) "
-                    + "VALUES (:name, :parent, :pid, :desc, :ow, :type, :created, :data);";
-            parid = null;
-        }
-        else {
-            // fixme: use trigger for consistency check!
-            sql = "INSERT INTO resource_store (name, parent_id, persistent_id, description, creator, type, created, data) "
-                    + "select :name, id, :pid, :desc, :ow, :type, :created, :data from resource_store where persistent_id=:parent;";
-            parid = resource.getParentID();
-        }
-
-        source.addValue("name", resource.getName());
-        source.addValue("pid", resource.getPersistentID());
-        source.addValue("parent", parid);
-        source.addValue("ow", user.getId());
-        source.addValue("desc", resource.getDescription());
-        source.addValue("type",
-                ResourceFactory.getResourceMapping(resource.getClass()));
-        source.addValue("created", System.currentTimeMillis());
-        source.addValue("data", resource.getStringData());
-
-        try {
-            this.jdbcTemplate.update(sql, source, holder,
-                    new String[] { "id" });
-        }
-        catch (DataAccessException e) {
-            log.error("Exception during database store for id '"
-                    + resource.getPersistentID() + "'", e);
-            throw new DatabaseException(user.getId(), "resource_store",
-                    StatusCodes.DB_INSERT_FAILED,
-                    "Exception during database store for id '"
-                            + resource.getPersistentID(),
-                    resource.toString());
-        }
-        resource.setId(holder.getKey().intValue());
-        return resource.getId();
-    }
-
-
-    @Override
-    public int deleteResource (String id, User user) throws KustvaktException {
-        MapSqlParameterSource source = new MapSqlParameterSource();
-        source.addValue("id", id);
-        final String sql = "DELETE FROM resource_store WHERE persistent_id=:id;";
-        try {
-            return this.jdbcTemplate.update(sql, source);
-        }
-        catch (DataAccessException e) {
-            throw new DatabaseException(user.getId(), "resource_store",
-                    StatusCodes.DB_DELETE_FAILED, "Operation DELETE failed.",
-                    id);
-        }
-    }
-
-
-    @Override
-    public int size () {
-        final String sql = "SELECT COUNT(*) FROM resource_store;";
-        try {
-            return this.jdbcTemplate.queryForObject(sql,
-                    new HashMap<String, Object>(), Integer.class);
-        }
-        catch (DataAccessException e) {
-            return 0;
-        }
-    }
-
-
-    @Override
-    public int truncate () {
-        final String sql = "DELETE FROM resource_store;";
-        try {
-            return this.jdbcTemplate.update(sql, new HashMap<String, Object>());
-        }
-        catch (DataAccessException e) {
-            return -1;
-        }
-    }
-
-}
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/RowMapperFactory.java b/full/src/main/java/de/ids_mannheim/korap/handlers/RowMapperFactory.java
index 39b7efa..2b52228 100644
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/RowMapperFactory.java
+++ b/full/src/main/java/de/ids_mannheim/korap/handlers/RowMapperFactory.java
@@ -1,30 +1,28 @@
 package de.ids_mannheim.korap.handlers;
 
-import de.ids_mannheim.korap.auditing.AuditRecord;
-import de.ids_mannheim.korap.config.URIParam;
-import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.resources.ResourceFactory;
-import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.user.KorAPUser;
-import de.ids_mannheim.korap.user.ShibbolethUser;
-import de.ids_mannheim.korap.user.User;
-import org.springframework.jdbc.core.RowMapper;
-
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Timestamp;
 import java.util.Map;
 
+import org.springframework.jdbc.core.RowMapper;
+
+import de.ids_mannheim.korap.auditing.AuditRecord;
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.URIParam;
+import de.ids_mannheim.korap.user.KorAPUser;
+import de.ids_mannheim.korap.user.User;
+
 /**
  * @author hanl
  * @date 14/01/2014
  */
 public class RowMapperFactory {
 
-    public static class UserMapMapper implements RowMapper<Map> {
+    public static class UserMapMapper implements RowMapper<Map<?,?>> {
 
         @Override
-        public Map mapRow (ResultSet rs, int rowNum) throws SQLException {
+        public Map<?, ?> mapRow (ResultSet rs, int rowNum) throws SQLException {
             User user = new UserMapper().mapRow(rs, rowNum);
             return user.toMap();
         }
@@ -98,24 +96,4 @@
         }
     }
 
-    public static class ResourceMapper implements RowMapper<KustvaktResource> {
-
-        @Override
-        public KustvaktResource mapRow (ResultSet rs, int rowNum)
-                throws SQLException {
-            KustvaktResource r = ResourceFactory.getResource(rs.getInt("type"));
-            if (r != null) {
-                r.setId(rs.getInt("id"));
-                r.setName(rs.getString("name"));
-
-                r.setFields(rs.getString("data"));
-                r.setDescription(rs.getString("description"));
-                r.setCreated(rs.getLong("created"));
-                r.setPath(rs.getString("name_path"));
-                r.setPersistentID(rs.getString("persistent_id"));
-            }
-            return r;
-        }
-
-    }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AccessTokenDao.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AccessTokenDao.java
index f7ee4ff..76daaab 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AccessTokenDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AccessTokenDao.java
@@ -14,6 +14,7 @@
 import org.springframework.stereotype.Repository;
 import org.springframework.transaction.annotation.Transactional;
 
+import de.ids_mannheim.korap.config.KustvaktCacheable;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.oauth2.entity.AccessScope;
@@ -24,18 +25,23 @@
 
 @Repository
 @Transactional
-public class AccessTokenDao {
+public class AccessTokenDao extends KustvaktCacheable {
+
+    public AccessTokenDao () {
+        super("access_token", "key:access_token");
+    }
 
     @PersistenceContext
     private EntityManager entityManager;
 
+    @Deprecated
     public void storeAccessToken (Authorization authorization, String token)
             throws KustvaktException {
         ParameterChecker.checkObjectValue(authorization, "Authorization");
         ParameterChecker.checkStringValue(token, "accessToken");
 
         AccessToken accessToken = new AccessToken();
-        accessToken.setAuthorization(authorization);
+        // accessToken.setAuthorization(authorization);
         accessToken.setUserId(authorization.getUserId());
         accessToken.setToken(token);
         accessToken.setScopes(authorization.getScopes());
@@ -45,7 +51,7 @@
     }
 
     public void storeAccessToken (String token, Set<AccessScope> scopes,
-            String userId, ZonedDateTime authenticationTime)
+            String userId, String clientId, ZonedDateTime authenticationTime)
             throws KustvaktException {
         ParameterChecker.checkObjectValue(scopes, "scopes");
         ParameterChecker.checkObjectValue(authenticationTime,
@@ -54,6 +60,7 @@
         accessToken.setToken(token);
         accessToken.setScopes(scopes);
         accessToken.setUserId(userId);
+        accessToken.setClientId(clientId);
         accessToken.setUserAuthenticationTime(authenticationTime);
         entityManager.persist(accessToken);
     }
@@ -61,6 +68,12 @@
 
     public AccessToken retrieveAccessToken (String accessToken)
             throws KustvaktException {
+
+        AccessToken token = (AccessToken) this.getCacheValue(accessToken);
+        if (token != null) {
+            return token;
+        }
+
         CriteriaBuilder builder = entityManager.getCriteriaBuilder();
         CriteriaQuery<AccessToken> query =
                 builder.createQuery(AccessToken.class);
@@ -69,7 +82,9 @@
         query.where(builder.equal(root.get(AccessToken_.token), accessToken));
         Query q = entityManager.createQuery(query);
         try {
-            return (AccessToken) q.getSingleResult();
+            token = (AccessToken) q.getSingleResult();
+            this.storeInCache(accessToken, token);
+            return token;
         }
         catch (NoResultException e) {
             throw new KustvaktException(StatusCodes.INVALID_ACCESS_TOKEN,
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationCacheDao.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationCacheDao.java
new file mode 100644
index 0000000..eed72d4
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationCacheDao.java
@@ -0,0 +1,72 @@
+package de.ids_mannheim.korap.oauth2.dao;
+
+import java.time.ZonedDateTime;
+import java.util.Set;
+
+import de.ids_mannheim.korap.config.KustvaktCacheable;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
+import de.ids_mannheim.korap.oauth2.entity.AccessScope;
+import de.ids_mannheim.korap.oauth2.entity.Authorization;
+import de.ids_mannheim.korap.oauth2.interfaces.AuthorizationDaoInterface;
+import de.ids_mannheim.korap.utils.ParameterChecker;
+
+public class AuthorizationCacheDao extends KustvaktCacheable
+        implements AuthorizationDaoInterface {
+
+    public AuthorizationCacheDao () {
+        super("authorization", "key:authorization");
+    }
+
+    @Override
+    public Authorization storeAuthorizationCode (String clientId, String userId,
+            String code, Set<AccessScope> scopes, String redirectURI,
+            ZonedDateTime authenticationTime, String nonce)
+            throws KustvaktException {
+        ParameterChecker.checkStringValue(clientId, "client_id");
+        ParameterChecker.checkStringValue(userId, "userId");
+        ParameterChecker.checkStringValue(code, "authorization code");
+        ParameterChecker.checkCollection(scopes, "scopes");
+        ParameterChecker.checkObjectValue(authenticationTime,
+                "user authentication time");
+
+        Authorization authorization = new Authorization();
+        authorization.setCode(code);
+        authorization.setClientId(clientId);
+        authorization.setUserId(userId);
+        authorization.setScopes(scopes);
+        authorization.setRedirectURI(redirectURI);
+        authorization.setUserAuthenticationTime(authenticationTime);
+        authorization.setNonce(nonce);
+        authorization.setCreatedDate(ZonedDateTime.now());
+
+        this.storeInCache(code, authorization);
+        return authorization;
+    }
+
+    @Override
+    public Authorization retrieveAuthorizationCode (String code)
+            throws KustvaktException {
+
+        Object auth = this.getCacheValue(code);
+        if (auth != null) {
+            return (Authorization) auth;
+        }
+        else {
+            throw new KustvaktException(StatusCodes.INVALID_AUTHORIZATION,
+                    "Authorization is invalid.", OAuth2Error.INVALID_REQUEST);
+        }
+    }
+
+    @Override
+    public Authorization updateAuthorization (Authorization authorization)
+            throws KustvaktException {
+
+        this.storeInCache(authorization.getCode(), authorization);
+        Authorization auth =
+                (Authorization) this.getCacheValue(authorization.getCode());
+        return auth;
+    }
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
index 82557c0..c62b130 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
@@ -20,11 +20,12 @@
 import de.ids_mannheim.korap.oauth2.entity.AccessScope;
 import de.ids_mannheim.korap.oauth2.entity.Authorization;
 import de.ids_mannheim.korap.oauth2.entity.Authorization_;
+import de.ids_mannheim.korap.oauth2.interfaces.AuthorizationDaoInterface;
 import de.ids_mannheim.korap.utils.ParameterChecker;
 
 @Transactional
 @Repository
-public class AuthorizationDao {
+public class AuthorizationDao implements AuthorizationDaoInterface{
 
     @PersistenceContext
     private EntityManager entityManager;
@@ -39,18 +40,18 @@
         ParameterChecker.checkObjectValue(authenticationTime,
                 "user authentication time");
 
-        Authorization authCode = new Authorization();
-        authCode.setCode(code);
-        authCode.setClientId(clientId);
-        authCode.setUserId(userId);
-        authCode.setScopes(scopes);
-        authCode.setRedirectURI(redirectURI);
-        authCode.setUserAuthenticationTime(authenticationTime);
-        authCode.setNonce(nonce);
+        Authorization authorization = new Authorization();
+        authorization.setCode(code);
+        authorization.setClientId(clientId);
+        authorization.setUserId(userId);
+        authorization.setScopes(scopes);
+        authorization.setRedirectURI(redirectURI);
+        authorization.setUserAuthenticationTime(authenticationTime);
+        authorization.setNonce(nonce);
 
-        entityManager.persist(authCode);
+        entityManager.persist(authorization);
         // what if unique fails
-        return authCode;
+        return authorization;
     }
 
     public Authorization retrieveAuthorizationCode (String code)
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessScope.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessScope.java
index 46d2b5c..f7951d9 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessScope.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessScope.java
@@ -1,5 +1,6 @@
 package de.ids_mannheim.korap.oauth2.entity;
 
+import java.io.Serializable;
 import java.util.List;
 
 import javax.persistence.Entity;
@@ -15,7 +16,9 @@
 @Setter
 @Entity
 @Table(name = "oauth2_access_scope")
-public class AccessScope {
+public class AccessScope implements Serializable{
+
+    private static final long serialVersionUID = -7356877266702636705L;
 
     @Id
     private String id;
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessToken.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessToken.java
index 55d0950..ce7cfd8 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessToken.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/entity/AccessToken.java
@@ -1,5 +1,6 @@
 package de.ids_mannheim.korap.oauth2.entity;
 
+import java.io.Serializable;
 import java.time.ZonedDateTime;
 import java.util.Set;
 
@@ -12,7 +13,6 @@
 import javax.persistence.JoinColumn;
 import javax.persistence.JoinTable;
 import javax.persistence.ManyToMany;
-import javax.persistence.OneToOne;
 import javax.persistence.Table;
 import javax.persistence.UniqueConstraint;
 
@@ -23,7 +23,9 @@
 @Setter
 @Entity
 @Table(name = "oauth2_access_token")
-public class AccessToken {
+public class AccessToken implements Serializable{
+
+    private static final long serialVersionUID = 8452701765986475302L;
 
     @Id
     @GeneratedValue(strategy = GenerationType.IDENTITY)
@@ -33,16 +35,16 @@
     private ZonedDateTime createdDate;
     @Column(name = "user_id")
     private String userId;
+    @Column(name = "client_id")
+    private String clientId;
     @Column(name = "is_revoked")
     private boolean isRevoked;
-    @Column(name = "total_attempts")
-    private int totalAttempts;
     @Column(name = "user_auth_time", updatable = false)
     private ZonedDateTime userAuthenticationTime;
     
-    @OneToOne(fetch=FetchType.LAZY)
-    @JoinColumn(name="authorization_id")
-    private Authorization authorization;
+//    @OneToOne(fetch=FetchType.LAZY, cascade=CascadeType.REMOVE)
+//    @JoinColumn(name="authorization_id")
+//    private Authorization authorization;
     
     @ManyToMany(fetch = FetchType.EAGER)
     @JoinTable(name = "oauth2_access_token_scope",
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/interfaces/AuthorizationDaoInterface.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/interfaces/AuthorizationDaoInterface.java
new file mode 100644
index 0000000..f9c7280
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/interfaces/AuthorizationDaoInterface.java
@@ -0,0 +1,21 @@
+package de.ids_mannheim.korap.oauth2.interfaces;
+
+import java.time.ZonedDateTime;
+import java.util.Set;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.oauth2.entity.AccessScope;
+import de.ids_mannheim.korap.oauth2.entity.Authorization;
+
+public interface AuthorizationDaoInterface {
+
+    public Authorization storeAuthorizationCode (String clientId, String userId,
+            String code, Set<AccessScope> scopes, String redirectURI,
+            ZonedDateTime authenticationTime, String nonce) throws KustvaktException;
+    
+    public Authorization retrieveAuthorizationCode (String code)
+            throws KustvaktException;
+    
+    public Authorization updateAuthorization (Authorization authorization)
+            throws KustvaktException;
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
index ec97923..7f61478 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
@@ -1,5 +1,6 @@
 package de.ids_mannheim.korap.oauth2.oltu.service;
 
+import java.time.ZoneId;
 import java.time.ZonedDateTime;
 import java.util.Set;
 
@@ -15,6 +16,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
+import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
@@ -58,7 +60,8 @@
             Set<String> scopes =
                     scopeService.filterScopes(oAuthRequest.getScopes(),
                             config.getClientCredentialsScopes());
-            return createsAccessTokenResponse(scopes, null, authenticationTime);
+            return createsAccessTokenResponse(scopes,
+                    oAuthRequest.getClientId(), null, authenticationTime);
         }
         else {
             throw new KustvaktException(StatusCodes.UNSUPPORTED_GRANT_TYPE,
@@ -88,9 +91,49 @@
         ZonedDateTime authenticationTime = authenticateUser(
                 oAuthRequest.getUsername(), oAuthRequest.getPassword(), scopes);
 
-        return createsAccessTokenResponse(scopes, oAuthRequest.getUsername(),
-                authenticationTime);
+        return createsAccessTokenResponse(scopes, oAuthRequest.getClientId(),
+                oAuthRequest.getUsername(), authenticationTime);
+    }
 
+    /**
+     * Clients must authenticate.
+     * Client credentials grant is limited to native clients.
+     * 
+     * @param clientId
+     *            client_id parameter, required
+     * @param clientSecret
+     *            client_secret parameter, required
+     * @param scopes
+     * @return
+     * @return authentication time
+     * @throws KustvaktException
+     * @throws OAuthSystemException
+     */
+    protected ZonedDateTime requestAccessTokenWithClientCredentials (
+            String clientId, String clientSecret, Set<String> scopes)
+            throws KustvaktException {
+
+        if (clientSecret == null || clientSecret.isEmpty()) {
+            throw new KustvaktException(
+                    StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+                    "Missing parameters: client_secret",
+                    OAuth2Error.INVALID_REQUEST);
+        }
+
+        // OAuth2Client client =
+        clientService.authenticateClient(clientId, clientSecret);
+
+        // if (!client.isNative()) {
+        // throw new KustvaktException(
+        // StatusCodes.CLIENT_AUTHENTICATION_FAILED,
+        // "Client credentials grant is not allowed for third party
+        // clients",
+        // OAuth2Error.UNAUTHORIZED_CLIENT);
+        // }
+
+        ZonedDateTime authenticationTime =
+                ZonedDateTime.now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
+        return authenticationTime;
     }
 
     /**
@@ -104,7 +147,7 @@
      * @throws KustvaktException
      */
     private OAuthResponse createsAccessTokenResponse (Set<String> scopes,
-            String userId, ZonedDateTime authenticationTime)
+            String clientId, String userId, ZonedDateTime authenticationTime)
             throws OAuthSystemException, KustvaktException {
 
         String accessToken = oauthIssuer.accessToken();
@@ -112,7 +155,7 @@
 
         Set<AccessScope> accessScopes =
                 scopeService.convertToAccessScope(scopes);
-        tokenDao.storeAccessToken(accessToken, accessScopes, userId,
+        tokenDao.storeAccessToken(accessToken, accessScopes, userId, clientId,
                 authenticationTime);
 
         return OAuthASResponse.tokenResponse(Status.OK.getStatusCode())
@@ -129,7 +172,9 @@
         String accessToken = oauthIssuer.accessToken();
         // String refreshToken = oauthIssuer.refreshToken();
 
-        tokenDao.storeAccessToken(authorization, accessToken);
+        tokenDao.storeAccessToken(accessToken, authorization.getScopes(),
+                authorization.getUserId(), authorization.getClientId(),
+                authorization.getUserAuthenticationTime());
 
         String scopes = scopeService
                 .convertAccessScopesToString(authorization.getScopes());
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/openid/service/OpenIdAuthorizationService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/openid/service/OpenIdAuthorizationService.java
index db118f5..341ff97 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/openid/service/OpenIdAuthorizationService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/openid/service/OpenIdAuthorizationService.java
@@ -107,8 +107,13 @@
             checkResponseType(responseType.toString());
 
             Scope scope = authzRequest.getScope();
-            Set<String> scopeSet = (scope != null)
-                    ? new HashSet<>(scope.toStringList()) : null;
+            Set<String> scopeSet = null;
+            if (scope != null) {
+                scopeSet = new HashSet<>(scope.toStringList());
+            }
+            else {
+                scopeSet = config.getDefaultAccessScopes();
+            }
             createAuthorization(username, clientId, redirectUriStr, scopeSet,
                     code.getValue(), authenticationTime, nonce);
         }
@@ -184,15 +189,16 @@
         if (nonce != null && !nonce.getValue().isEmpty()) {
             nonceValue = nonce.getValue();
         }
-        
+
         checkMaxAge(authRequest.getMaxAge(), authenticationTime);
 
         AuthorizationRequest request = authRequest;
         return handleAuthorizationRequest(request, code, username,
                 authenticationTime, nonceValue);
     }
-    
-    private void checkMaxAge (int maxAge, ZonedDateTime authenticationTime) throws KustvaktException {
+
+    private void checkMaxAge (int maxAge, ZonedDateTime authenticationTime)
+            throws KustvaktException {
         if (maxAge > 0) {
             ZonedDateTime now =
                     ZonedDateTime.now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/openid/service/OpenIdTokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/openid/service/OpenIdTokenService.java
index a61cbe1..91a51bf 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/openid/service/OpenIdTokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/openid/service/OpenIdTokenService.java
@@ -8,6 +8,7 @@
 import java.util.HashSet;
 import java.util.Set;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 
 import com.nimbusds.jose.JOSEException;
@@ -45,6 +46,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
+import de.ids_mannheim.korap.oauth2.dao.AccessTokenDao;
 import de.ids_mannheim.korap.oauth2.entity.AccessScope;
 import de.ids_mannheim.korap.oauth2.entity.Authorization;
 import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;
@@ -69,6 +71,9 @@
 @Service
 public class OpenIdTokenService extends OAuth2TokenService {
 
+    @Autowired
+    private AccessTokenDao tokenDao;
+
     public AccessTokenResponse requestAccessToken (TokenRequest tokenRequest)
             throws KustvaktException {
         AuthorizationGrant grant = tokenRequest.getAuthorizationGrant();
@@ -128,10 +133,14 @@
             ClientAuthentication clientAuthentication, ClientID clientId)
             throws KustvaktException {
 
-        Set<String> scopes = null;
+        Set<String> scopeSet = null;
         if (scope != null) {
-            scopes = new HashSet<String>();
-            scopes.addAll(scope.toStringList());
+            scopeSet = new HashSet<String>();
+            scopeSet.addAll(scope.toStringList());
+        }
+        else {
+            scopeSet = config.getDefaultAccessScopes();
+            scope = new Scope(scopeSet.toArray(new String[scopeSet.size()]));
         }
 
         ZonedDateTime authenticationTime;
@@ -145,8 +154,7 @@
             }
             else {
                 clientIdStr = clientId.getValue();
-                client = clientService.authenticateClient(clientIdStr,
-                        null);
+                client = clientService.authenticateClient(clientIdStr, null);
             }
         }
         else {
@@ -156,19 +164,24 @@
             client = clientService.authenticateClient(clientCredentials[0],
                     clientCredentials[1]);
         }
-        
+
         if (!client.isNative()) {
-            throw new KustvaktException(
-                    StatusCodes.CLIENT_AUTHORIZATION_FAILED,
+            throw new KustvaktException(StatusCodes.CLIENT_AUTHORIZATION_FAILED,
                     "Password grant is not allowed for third party clients",
                     OAuth2Error.UNAUTHORIZED_CLIENT);
         }
-        
-        authenticationTime =
-                authenticateUser(username, password, scopes);
-        
-        return createsAccessTokenResponse(scope, clientIdStr, username,
-                authenticationTime, null);
+
+        authenticationTime = authenticateUser(username, password, scopeSet);
+
+        AccessToken accessToken =
+                new BearerAccessToken(config.getTokenTTL(), scope);
+
+        tokenDao.storeAccessToken(accessToken.getValue(),
+                scopeService.convertToAccessScope(scopeSet), username,
+                clientIdStr, authenticationTime);
+
+        return createsAccessTokenResponse(accessToken, scope, clientIdStr,
+                username, authenticationTime, null);
     }
 
     private AccessTokenResponse requestAccessTokenWithAuthorizationCode (
@@ -211,22 +224,26 @@
         String[] scopeArray = scopes.stream().map(scope -> scope.toString())
                 .toArray(String[]::new);
         Scope scope = new Scope(scopeArray);
-        return createsAccessTokenResponse(scope, authorization.getClientId(),
-                authorization.getUserId(),
+        AccessToken accessToken =
+                new BearerAccessToken(config.getTokenTTL(), scope);
+        tokenDao.storeAccessToken(accessToken.getValue(), scopes,
+                authorization.getUserId(), authorization.getClientId(),
+                authorization.getUserAuthenticationTime());
+
+        return createsAccessTokenResponse(accessToken, scope,
+                authorization.getClientId(), authorization.getUserId(),
                 authorization.getUserAuthenticationTime(),
                 authorization.getNonce());
     }
 
-    private AccessTokenResponse createsAccessTokenResponse (Scope scope,
-            String clientId, String userId,
-            ZonedDateTime userAuthenticationTime, String nonce)
+    private AccessTokenResponse createsAccessTokenResponse (
+            AccessToken accessToken, Scope scope, String clientId,
+            String userId, ZonedDateTime userAuthenticationTime, String nonce)
             throws KustvaktException {
 
-        AccessToken accessToken =
-                new BearerAccessToken(config.getTokenTTL(), scope);
         RefreshToken refreshToken = new RefreshToken();
 
-        if (scope != null && scope.contains("openid")) {
+        if (scope.contains("openid")) {
             JWTClaimsSet claims = createIdTokenClaims(clientId, userId,
                     userAuthenticationTime, nonce);
             SignedJWT idToken = signIdToken(claims,
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
index f70ce8e..ae29e4c 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
@@ -12,10 +12,10 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.oauth2.constant.OAuth2Error;
-import de.ids_mannheim.korap.oauth2.dao.AuthorizationDao;
 import de.ids_mannheim.korap.oauth2.entity.AccessScope;
 import de.ids_mannheim.korap.oauth2.entity.Authorization;
 import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;
+import de.ids_mannheim.korap.oauth2.interfaces.AuthorizationDaoInterface;
 
 @Service(value = "authorizationService")
 public class OAuth2AuthorizationService {
@@ -27,12 +27,11 @@
     protected OAuth2ClientService clientService;
     @Autowired
     protected OAuth2ScopeService scopeService;
+    @Autowired
+    private AuthorizationDaoInterface authorizationDao;
 
     @Autowired
-    private AuthorizationDao authorizationDao;
-
-    @Autowired
-    private FullConfiguration config;
+    protected FullConfiguration config;
 
     /**
      * Authorization code request does not require client
@@ -178,7 +177,8 @@
 
     private boolean isExpired (ZonedDateTime createdDate) {
         jlog.debug("createdDate: " + createdDate);
-        ZonedDateTime expiration = createdDate.plusSeconds(60);
+        ZonedDateTime expiration =
+                createdDate.plusSeconds(config.getAuthorizationCodeExpiry());
         ZonedDateTime now = ZonedDateTime.now();
         jlog.debug("expiration: " + expiration + ", now: " + now);
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ScopeService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ScopeService.java
index cd4eec1..6f1ce49 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ScopeService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2ScopeService.java
@@ -1,5 +1,6 @@
 package de.ids_mannheim.korap.oauth2.service;
 
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
@@ -37,7 +38,7 @@
      * @return
      * @throws KustvaktException
      */
-    public Set<AccessScope> convertToAccessScope (Set<String> scopes)
+    public Set<AccessScope> convertToAccessScope (Collection<String> scopes)
             throws KustvaktException {
 
         List<AccessScope> definedScopes = accessScopeDao.retrieveAccessScopes();
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
index d6c11d9..d95cb65 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
@@ -132,45 +132,4 @@
         return authenticationTime;
     }
 
-    /**
-     * Clients must authenticate.
-     * Client credentials grant is limited to native clients.
-     * 
-     * @param clientId
-     *            client_id parameter, required
-     * @param clientSecret
-     *            client_secret parameter, required
-     * @param scopes
-     * @return authentication time
-     * @throws KustvaktException
-     * @throws OAuthSystemException
-     */
-    protected ZonedDateTime requestAccessTokenWithClientCredentials (
-            String clientId, String clientSecret, Set<String> scopes)
-            throws KustvaktException {
-
-        if (clientSecret == null || clientSecret.isEmpty()) {
-            throw new KustvaktException(
-                    StatusCodes.CLIENT_AUTHENTICATION_FAILED,
-                    "Missing parameters: client_secret",
-                    OAuth2Error.INVALID_REQUEST);
-        }
-
-        // OAuth2Client client =
-        clientService.authenticateClient(clientId, clientSecret);
-
-        // if (!client.isNative()) {
-        // throw new KustvaktException(
-        // StatusCodes.CLIENT_AUTHENTICATION_FAILED,
-        // "Client credentials grant is not allowed for third party
-        // clients",
-        // OAuth2Error.UNAUTHORIZED_CLIENT);
-        // }
-        ZonedDateTime authenticationTime =
-                ZonedDateTime.now(ZoneId.of(Attributes.DEFAULT_TIME_ZONE));
-        return authenticationTime;
-    }
-
-
-
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
index 321417d..b15f5e3 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
@@ -3,8 +3,6 @@
 import javax.ws.rs.core.SecurityContext;
 import javax.ws.rs.ext.Provider;
 
-import org.springframework.beans.factory.annotation.Autowired;
-
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.sun.jersey.spi.container.ContainerRequestFilter;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
@@ -23,13 +21,10 @@
 @Provider
 public class DemoFilter implements ContainerRequestFilter, ResourceFilter {
 
-    @Autowired
-    private HttpAuthorizationHandler handler;
-    
     @Override
     public ContainerRequest filter (ContainerRequest request) {
-        String authentication = request
-                .getHeaderValue(ContainerRequest.AUTHORIZATION);
+        String authentication =
+                request.getHeaderValue(ContainerRequest.AUTHORIZATION);
         if (authentication == null || authentication.isEmpty()) {
             try {
                 request.getUserPrincipal();
@@ -46,7 +41,8 @@
         TokenContext context = new TokenContext();
         String token = null;
         try {
-            token = handler.createBasicAuthorizationHeaderValue("demo", "demo2015");
+            token = HttpAuthorizationHandler
+                    .createBasicAuthorizationHeaderValue("demo", "demo2015");
         }
         catch (KustvaktException e) {
             e.printStackTrace();
diff --git a/full/src/main/resources/db/new-mysql/V1.4__oauth2_tables.sql b/full/src/main/resources/db/new-mysql/V1.4__oauth2_tables.sql
index 234df42..b8df487 100644
--- a/full/src/main/resources/db/new-mysql/V1.4__oauth2_tables.sql
+++ b/full/src/main/resources/db/new-mysql/V1.4__oauth2_tables.sql
@@ -54,14 +54,13 @@
 CREATE TABLE IF NOT EXISTS oauth2_access_token (
 	id INTEGER PRIMARY KEY AUTO_INCREMENT,
 	token VARCHAR(255) NOT NULL,
-	authorization_id INTEGER DEFAULT NULL,
 	user_id VARCHAR(100) DEFAULT NULL,
+	client_id VARCHAR(100) DEFAULT NULL,
 	created_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
 	is_revoked BOOLEAN DEFAULT 0,
-	total_attempts INTEGER DEFAULT 0,
 	user_auth_time TIMESTAMP NULL,
-	FOREIGN KEY (authorization_id)
-	   REFERENCES oauth2_authorization(id)
+	FOREIGN KEY (client_id)
+	   REFERENCES oauth2_client(id)
 );
 
 CREATE TABLE oauth2_access_token_scope (
diff --git a/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql b/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql
index f227752..2310c12 100644
--- a/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql
+++ b/full/src/main/resources/db/new-sqlite/V1.4__oauth2_tables.sql
@@ -59,14 +59,13 @@
 CREATE TABLE IF NOT EXISTS oauth2_access_token (
 	id INTEGER PRIMARY KEY AUTOINCREMENT,
 	token VARCHAR(255) NOT NULL,
-	authorization_id INTEGER DEFAULT NULL,
 	user_id VARCHAR(100) DEFAULT NULL,
+	client_id VARCHAR(100) DEFAULT NULL,
 	created_date TIMESTAMP DEFAULT (datetime('now','localtime')),
 	is_revoked BOOLEAN DEFAULT 0,
-	total_attempts INTEGER DEFAULT 0,
 	user_auth_time TIMESTAMP NOT NULL,
-	FOREIGN KEY (authorization_id)
-	   REFERENCES oauth2_authorization(id)
+	FOREIGN KEY (client_id)
+	   REFERENCES oauth2_client(id)
 );
 
 CREATE TABLE oauth2_access_token_scope (
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 456ecff..90ea568 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -159,6 +159,7 @@
 	<!-- Data access objects -->
 	<bean id="resourceDao" class="de.ids_mannheim.korap.dao.ResourceDao" />
 	<bean id="accessScopeDao" class="de.ids_mannheim.korap.oauth2.dao.AccessScopeDao" />
+	<bean id="authorizationDao" class="de.ids_mannheim.korap.oauth2.dao.AuthorizationCacheDao" />
 
 	<!-- props are injected from default-config.xml -->
 	<bean id="kustvakt_config" class="de.ids_mannheim.korap.config.FullConfiguration">
@@ -215,10 +216,6 @@
 		<constructor-arg ref="kustvakt_db" />
 	</bean>
 
-	<bean id="resource_provider" class="de.ids_mannheim.korap.handlers.ResourceDao">
-		<constructor-arg ref="kustvakt_db" />
-	</bean>
-
 	<bean id="document_provider" class="de.ids_mannheim.korap.handlers.DocumentDao">
 		<constructor-arg ref="kustvakt_db" />
 	</bean>
@@ -284,7 +281,6 @@
 	<util:list id="kustvakt_resources"
 		value-type="de.ids_mannheim.korap.interfaces.db.ResourceOperationIface">
 		<ref bean="document_provider" />
-		<ref bean="resource_provider" />
 	</util:list>
 
 	<!-- specify type for constructor argument -->
diff --git a/full/src/main/resources/ehcache.xml b/full/src/main/resources/ehcache.xml
index 17cff24..be4e71e 100644
--- a/full/src/main/resources/ehcache.xml
+++ b/full/src/main/resources/ehcache.xml
@@ -3,38 +3,13 @@
     <defaultCache eternal='true' overflowToDisk='false'/>
     <!--maxBytesLocalHeap="200M"-->
     <diskStore path="./cache_store"/>
-
-    <cache name="documents"
-           timeToIdleSeconds="172800"
-           eternal='false'
-           memoryStoreEvictionPolicy="LRU"
-           maxEntriesLocalHeap="2000"
-           overflowToDisk='false'/>
-    <cache name='users'
-           timeToIdleSeconds="172800"
-           eternal='false'
-           memoryStoreEvictionPolicy="LRU"
-           maxEntriesLocalHeap="50"
-           overflowToDisk='false'/>
+    
     <cache name='id_tokens'
            eternal='true'
            maxElementsOnDisk="10000000"
            memoryStoreEvictionPolicy="LRU"
            maxEntriesLocalHeap="50"
            overflowToDisk='true'/>
-    <cache name='id_tokens_inv'
-           eternal='true'
-           maxElementsOnDisk="10000000"
-           memoryStoreEvictionPolicy="LRU"
-           maxEntriesLocalHeap="50"
-           overflowToDisk='true'/>
-
-    <cache name='auth_sessions'
-           timeToIdleSeconds="172800"
-           eternal='false'
-           memoryStoreEvictionPolicy="LRU"
-           maxEntriesLocalHeap="100"
-           overflowToDisk='false'/>
 
     <cache name='auth_codes'
            timeToIdleSeconds="600"
@@ -52,4 +27,21 @@
            diskExpiryThreadIntervalSeconds="120"
            memoryStoreEvictionPolicy="LRU"
            statistics="false"/>
+           
+           
+    <!-- EM --> 
+    <cache name='authorization'
+           timeToLiveSeconds="1000"
+           eternal='false'
+           memoryStoreEvictionPolicy="LRU"
+           maxEntriesLocalHeap="100"
+           overflowToDisk='false'/>
+           
+    <cache name='access_token'
+           timeToIdleSeconds="3600"
+           timeToLiveSeconds="15000"
+           eternal='false'
+           memoryStoreEvictionPolicy="LRU"
+           maxEntriesLocalHeap="500"
+           overflowToDisk='false'/>          
 </ehcache>
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index 654a1ab..0c21e43 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -48,7 +48,11 @@
 ### oauth.password.authentication values)
 oauth.password.authentication = TEST
 oauth2.native.client.host = korap.ids-mannheim.de
-oauth2.max.attempts = 3
+oauth2.max.attempts = 1
+# expiry in seconds (S), minutes (M), hours (H), days (D)
+oauth2.access.token.expiry = 1D
+oauth2.refresh.token.expiry = 90D
+oauth2.authorization.code.expiry = 10M
 # -- scopes separated by space
 oauth2.default.scopes = search match_info 
 oauth2.client.credentials.scopes = client_info
diff --git a/full/src/main/resources/kustvakt.info b/full/src/main/resources/kustvakt.info
index c1c6cea..4a0344a 100644
--- a/full/src/main/resources/kustvakt.info
+++ b/full/src/main/resources/kustvakt.info
@@ -4,5 +4,5 @@
 # use this file to define the properties and logging file names
 kustvakt.properties=./kustvakt.conf
 kustvakt.logging=./log4j.properties
-kustvakt.caching=true
+kustvakt.cache=true
 kustvakt.cache_store=./store
\ No newline at end of file
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/BeanInjectTest.java b/full/src/test/java/de/ids_mannheim/korap/config/BeanInjectTest.java
index 574efc9..29a5e29 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/BeanInjectTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/BeanInjectTest.java
@@ -1,20 +1,19 @@
 package de.ids_mannheim.korap.config;
 
-import de.ids_mannheim.korap.handlers.DocumentDao;
-import de.ids_mannheim.korap.handlers.ResourceDao;
-import de.ids_mannheim.korap.handlers.UserDetailsDao;
-import de.ids_mannheim.korap.handlers.UserSettingsDao;
-import de.ids_mannheim.korap.resources.Document;
-import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.user.UserDetails;
-import de.ids_mannheim.korap.user.UserSettings;
-import org.junit.Test;
-import org.springframework.aop.support.AopUtils;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 
 import java.util.Collection;
 
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
+import org.junit.Test;
+import org.springframework.aop.support.AopUtils;
+
+import de.ids_mannheim.korap.handlers.DocumentDao;
+import de.ids_mannheim.korap.handlers.UserDetailsDao;
+import de.ids_mannheim.korap.handlers.UserSettingsDao;
+import de.ids_mannheim.korap.resources.Document;
+import de.ids_mannheim.korap.user.UserDetails;
+import de.ids_mannheim.korap.user.UserSettings;
 
 /**
  * Created by hanl on 03.06.16.
@@ -48,9 +47,6 @@
                 Document.class);
         assertEquals(DocumentDao.class, AopUtils.getTargetClass(o));
 
-        o = BeansFactory.getTypeFactory().getTypeInterfaceBean(coll,
-                KustvaktResource.class);
-        assertEquals(ResourceDao.class, AopUtils.getTargetClass(o));
         BeansFactory.closeApplication();
     }
 }
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/KustvaktResourceTest.java b/full/src/test/java/de/ids_mannheim/korap/config/KustvaktResourceTest.java
deleted file mode 100644
index 4222f88..0000000
--- a/full/src/test/java/de/ids_mannheim/korap/config/KustvaktResourceTest.java
+++ /dev/null
@@ -1,31 +0,0 @@
-package de.ids_mannheim.korap.config;
-
-import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.resources.VirtualCollection;
-
-/**
- * @author hanl
- * @date 11/02/2016
- */
-public class KustvaktResourceTest {
-
-
-    public void testIDCreation () {
-        KustvaktResource resource = new VirtualCollection(1);
-        resource.addField("field_1", "data");
-
-    }
-
-
-    public void testNullableData () {
-
-    }
-
-
-    public void testWrongDataType () {
-
-    }
-
-
-
-}
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/TestHelper.java b/full/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
index 765e8f4..3e73104 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
@@ -1,14 +1,10 @@
 package de.ids_mannheim.korap.config;
 
-import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
 
 import java.io.File;
 import java.io.IOException;
-import java.io.UnsupportedEncodingException;
-import java.security.NoSuchAlgorithmException;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.Arrays;
@@ -28,15 +24,11 @@
 import org.springframework.jdbc.datasource.SingleConnectionDataSource;
 
 import de.ids_mannheim.korap.authentication.KustvaktAuthenticationManager;
-import de.ids_mannheim.korap.exceptions.EmptyResultException;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.handlers.JDBCClient;
-import de.ids_mannheim.korap.handlers.ResourceDao;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
 import de.ids_mannheim.korap.interfaces.EntityHandlerIface;
 import de.ids_mannheim.korap.interfaces.KustvaktBaseDaoInterface;
 import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
-import de.ids_mannheim.korap.resources.KustvaktResource;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.TimeUtils;
 
@@ -223,36 +215,6 @@
         return new HashMap<>(data);
     }
 
-    public int setupResource (KustvaktResource resource)
-            throws KustvaktException {
-        ResourceDao dao = new ResourceDao(
-                (PersistenceClient) getBean(ContextHolder.KUSTVAKT_DB));
-        return dao.storeResource(resource, getUser());
-    }
-
-
-    public KustvaktResource getResource (String name) throws KustvaktException {
-        ResourceDao dao = new ResourceDao(
-                (PersistenceClient) getBean(ContextHolder.KUSTVAKT_DB));
-        KustvaktResource res = dao.findbyId(name, getUser());
-        if (res == null)
-            throw new RuntimeException("resource with name " + name
-                    + " not found ...");
-        return res;
-    }
-
-
-    public TestHelper dropResource (String ... names) throws KustvaktException {
-        ResourceDao dao = new ResourceDao(
-                (PersistenceClient) getBean(ContextHolder.KUSTVAKT_DB));
-        if (names == null || names.length == 0)
-            dao.truncate();
-        for (String name : names)
-            dao.deleteResource(name, null);
-        return this;
-    }
-
-
     public void close () {
         BeansFactory.closeApplication();
     }
diff --git a/full/src/test/java/de/ids_mannheim/korap/handlers/ResourceDaoTest.java b/full/src/test/java/de/ids_mannheim/korap/handlers/ResourceDaoTest.java
deleted file mode 100644
index 871c1dc..0000000
--- a/full/src/test/java/de/ids_mannheim/korap/handlers/ResourceDaoTest.java
+++ /dev/null
@@ -1,145 +0,0 @@
-package de.ids_mannheim.korap.handlers;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
-
-import java.util.ArrayList;
-import java.util.Collection;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
-import org.junit.Assert;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.BeanConfigTest;
-import de.ids_mannheim.korap.config.KustvaktClassLoader;
-import de.ids_mannheim.korap.config.TestHelper;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.resources.VirtualCollection;
-import de.ids_mannheim.korap.user.User;
-
-/**
- * @author hanl
- * @date 26/01/2016
- */
-@Deprecated
-@Ignore
-public class ResourceDaoTest extends BeanConfigTest {
-
-    private static List<Integer> ids = new ArrayList<>();
-
-//    @Autowired
-//    private TransactionTemplate txTemplate;
-//    
-//    @Autowired
-//    private ResourceDao<KustvaktResource> resourceDao;
-
-    @Override
-    public void initMethod () {
-//        helper().setupAccount();
-
-        List<Class<? extends KustvaktResource>> classes = new ArrayList<>(
-                KustvaktClassLoader.loadSubTypes(KustvaktResource.class));
-        int size = classes.size();
-        for (int i = 0; i < size; i++) {
-            Class<? extends KustvaktResource> s = classes.get(i < classes.size() ? i : 0);
-            try {
-                KustvaktResource r = (KustvaktResource) s.newInstance();
-                r.setName("resource_" + i);
-                r.setPersistentID(r.getName());
-                Map<String, Object> map = new HashMap<>();
-                map.put("testVar", "testVal_" + i);
-				r.setFields(map);
-                int id = helper().setupResource(r);
-                ids.add(id);
-                assertNotEquals(0, new ResourceDao<>(helper().getContext()
-                        .getPersistenceClient()).size());
-            }
-            catch (InstantiationException e) {
-                if (i < classes.size())
-                    classes.remove(i);
-            }
-            catch (KustvaktException | IllegalAccessException e) {
-                e.printStackTrace();
-            }
-        }
-    }
-
-    @Test
-    public void testBatchGetResources () throws KustvaktException {
-        ResourceDao dao = new ResourceDao(helper().getContext()
-                .getPersistenceClient());
-        assertNotEquals(0, dao.size());
-        Collection res = dao.getResources(ids, User.UserFactory.getDemoUser());
-        assertEquals(ids.size(), res.size());
-    }
-
-
-    @Test
-    public void testGetResource () throws KustvaktException {
-        ResourceDao<?> dao = new ResourceDao<>(helper().getContext()
-                .getPersistenceClient());
-        assertEquals("sqlite", helper().getContext().getPersistenceClient()
-                .getDatabase());
-
-        assertNotEquals(0, dao.size());
-        KustvaktResource res = dao.findbyId(ids.get(0),
-                User.UserFactory.getDemoUser());
-        assertNotNull(res);
-        Assert.assertEquals(true,res.getField("testVar").toString().startsWith("testVal_"));
-    }
-
-
-    @Test
-    public void createCollection () throws KustvaktException {
-        ResourceDao dao = new ResourceDao(helper().getContext()
-                .getPersistenceClient());
-        VirtualCollection c = new VirtualCollection("testColl1");
-        c.addField("key_1", "this is a test");
-        c.addField("key_2", 2);
-
-        User user = User.UserFactory
-                .getUser((String) TestHelper.getUserCredentials().get(Attributes.USERNAME));
-
-        int id = dao.storeResource(c, user);
-
-        KustvaktResource r = dao.findbyId(id, user);
-        assertNotEquals(dao.size(), 0);
-        assertNotNull(r);
-        assertEquals(r.getField("key_1") instanceof String, true);
-        assertEquals(r.getField("key_2") instanceof Integer, true);
-    }
-
-
-    @Test
-    public void ResourceDataUpdate () throws KustvaktException {
-        ResourceDao dao = new ResourceDao(helper().getContext()
-                .getPersistenceClient());
-        VirtualCollection c = new VirtualCollection("testColl2");
-        c.addField("key_1", "this is a test");
-        c.addField("key_2", 2);
-
-        User user = User.UserFactory
-                .getUser((String) TestHelper.getUserCredentials().get(Attributes.USERNAME));
-
-        int id = dao.storeResource(c, user);
-
-        c.setId(id);
-        c.addField("key_3", -1);
-        int row_update = dao.updateResource(c, user);
-        assert row_update > 0;
-
-        KustvaktResource r = dao.findbyId(id, user);
-        assert dao.size() > 0;
-        assert r != null;
-        assert r.getField("key_1") instanceof String;
-        assert r.getField("key_2") instanceof Integer;
-        assert r.getField("key_3") instanceof Integer;
-
-    }
-}
diff --git a/full/src/test/java/de/ids_mannheim/korap/misc/CollectionQueryBuilderTest.java b/full/src/test/java/de/ids_mannheim/korap/misc/CollectionQueryBuilderTest.java
index 87469ac..8e46259 100644
--- a/full/src/test/java/de/ids_mannheim/korap/misc/CollectionQueryBuilderTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/misc/CollectionQueryBuilderTest.java
@@ -1,18 +1,15 @@
 package de.ids_mannheim.korap.misc;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import org.junit.Test;
+
 import com.fasterxml.jackson.databind.JsonNode;
 
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.query.serialize.QuerySerializer;
-import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.resources.VirtualCollection;
-import de.ids_mannheim.korap.utils.KoralCollectionQueryBuilder;
 import de.ids_mannheim.korap.utils.JsonUtils;
-import org.junit.Ignore;
-import org.junit.Test;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
+import de.ids_mannheim.korap.utils.KoralCollectionQueryBuilder;
 
 /**
  * @author hanl
@@ -226,7 +223,7 @@
 
         KoralCollectionQueryBuilder test = new KoralCollectionQueryBuilder();
         test.with("corpusSigle=WPD");
-        String json = test.toJSON();
+//        String json = test.toJSON();
 //        System.out.println(json);
         //JsonNode node = (JsonNode) test.rebaseCollection(null);
         //node = b.mergeWith(node);
@@ -248,7 +245,7 @@
         KoralCollectionQueryBuilder test = new KoralCollectionQueryBuilder();
         // operator is not supposed to be here!
         test.and().with("corpusSigle=WPD");
-        String json = test.toJSON();
+//        String json = test.toJSON();
 //        System.out.println(json);
         //JsonNode node = (JsonNode) test.rebaseCollection(null);
         //node = b.mergeWith(node);
@@ -320,71 +317,6 @@
         assertEquals(2, node.at("/collection/operands/1/operands").size());
     }
 
-
-    @Test
-    public void testCollectionMergeWithFromResource () throws KustvaktException {
-        KoralCollectionQueryBuilder builder = new KoralCollectionQueryBuilder();
-        builder.with("textClass=politik & corpusSigle=WPD");
-        KustvaktResource resource = new VirtualCollection();
-        resource.setName("collection_1");
-        String json = builder.toJSON();
-        resource.setFields(json);
-
-        assertEquals(json, resource.getStringData());
-        builder = new KoralCollectionQueryBuilder();
-        builder.setBaseQuery(resource.getData());
-        builder.or().with("pubPlace=Mannheim");
-
-//        System.out.println("query " + builder.toJSON());
-        // todo: assertions
-    }
-
-
-    @Test
-    public void testCollectionMergeWithFromResourceNoCollection () throws KustvaktException {
-        KoralCollectionQueryBuilder builder = new KoralCollectionQueryBuilder();
-        builder.with("textClass=politik & corpusSigle=WPD");
-        KustvaktResource resource = new VirtualCollection();
-        resource.setName("collection_1");
-        String json = builder.toJSON();
-        resource.setFields(json);
-
-        assertEquals(json, resource.getStringData());
-        builder = new KoralCollectionQueryBuilder();
-        builder.setBaseQuery(resource.getData());
-        builder.or().with("pubPlace=Mannheim");
-
-//        System.out.println("query " + builder.toJSON());
-        // todo: assertions
-    }
-
-
-    @Test
-    public void testCollectionMergeFromQuerySerializer () throws KustvaktException {
-        QuerySerializer s = new QuerySerializer();
-        s.setQuery("[base=Haus]", "poliqarp");
-        KoralCollectionQueryBuilder total = new KoralCollectionQueryBuilder();
-        total.setBaseQuery(s.toJSON());
-
-
-        KoralCollectionQueryBuilder builder = new KoralCollectionQueryBuilder();
-        builder.with("textClass=politik & corpusSigle=WPD");
-        KustvaktResource resource = new VirtualCollection();
-        resource.setName("collection_1");
-        String json = builder.toJSON();
-        resource.setFields(json);
-        // operator is irrelevant here
-        JsonNode node = total.or().mergeWith(resource.getData());
-        assertNotNull(node);
-        assertEquals("koral:docGroup", node.at("/collection/@type").asText());
-        assertEquals("operation:and", node.at("/collection/operation").asText());
-        assertEquals("textClass", node.at("/collection/operands/0/key")
-                .asText());
-        assertEquals("corpusSigle", node.at("/collection/operands/1/key")
-                .asText());
-    }
-
-
     @Test
     public void testBaseCollectionNull () throws KustvaktException {
         // base is missing collection segment
diff --git a/full/src/test/java/de/ids_mannheim/korap/misc/LocalQueryTest.java b/full/src/test/java/de/ids_mannheim/korap/misc/LocalQueryTest.java
index 4815ac3..52b331a 100644
--- a/full/src/test/java/de/ids_mannheim/korap/misc/LocalQueryTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/misc/LocalQueryTest.java
@@ -1,4 +1,6 @@
 package de.ids_mannheim.korap.misc;
+import static org.junit.Assert.assertNotNull;
+
 import java.io.IOException;
 
 import org.junit.AfterClass;
@@ -67,6 +69,8 @@
         c.setIndex(new SearchKrill(index).getIndex());
         long sent = c.numberOf("base/sentences");
         long docs = c.numberOf("documents");
+        assertNotNull(sent);
+        assertNotNull(docs);
     }
 
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/misc/MetaQueryBuilderTest.java b/full/src/test/java/de/ids_mannheim/korap/misc/MetaQueryBuilderTest.java
index e99c8a9..1cef370 100644
--- a/full/src/test/java/de/ids_mannheim/korap/misc/MetaQueryBuilderTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/misc/MetaQueryBuilderTest.java
@@ -19,7 +19,7 @@
         System.out.println("____________________-");
         MetaQueryBuilder m = QueryBuilderUtil.defaultMetaBuilder(0, 1, 5,
                 "sentence", false);
-        Map map = m.raw();
+        Map<?, ?> map = m.raw();
         assertEquals("sentence", map.get("context"));
         assertEquals(1, map.get("startPage"));
         assertEquals(0, map.get("startIndex"));
diff --git a/full/src/test/java/de/ids_mannheim/korap/misc/PublicAPITest.java b/full/src/test/java/de/ids_mannheim/korap/misc/PublicAPITest.java
deleted file mode 100644
index 2e895aa..0000000
--- a/full/src/test/java/de/ids_mannheim/korap/misc/PublicAPITest.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package de.ids_mannheim.korap.misc;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.web.FastJerseyTest;
-
-import org.junit.BeforeClass;
-import org.junit.Test;
-
-/**
- * Created by hanl on 17.04.16.
- */
-public class PublicAPITest extends FastJerseyTest {
-
-
-    @Override
-    public void initMethod () throws KustvaktException {}
-
-
-    @Test
-    public void testContextSpanSent () {
-
-    }
-
-
-    @Test
-    public void testContextSpanPara () {
-
-    }
-
-
-    @Test
-    public void testSimpleSearch () {
-
-    }
-
-
-}
diff --git a/full/src/test/java/de/ids_mannheim/korap/misc/SerializationTest.java b/full/src/test/java/de/ids_mannheim/korap/misc/SerializationTest.java
index c72ef52..0d2a912 100644
--- a/full/src/test/java/de/ids_mannheim/korap/misc/SerializationTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/misc/SerializationTest.java
@@ -1,15 +1,17 @@
 package de.ids_mannheim.korap.misc;
+import org.junit.Ignore;
 import org.junit.Test;
 
 /**
  * @author hanl
  * @date 21/01/2016
  */
+@Ignore
 public class SerializationTest {
 
     @Test
     public void testSettingsObject () {
-        String t = "poliqarp_test";
+//        String t = "poliqarp_test";
 
         //        UserSettings s = new UserSettings();
         //        Map map = s.toObjectMap();
diff --git a/full/src/test/java/de/ids_mannheim/korap/resource/rewrite/CollectionRewriteTest.java b/full/src/test/java/de/ids_mannheim/korap/resource/rewrite/CollectionRewriteTest.java
index 48a5e7d..f153baa 100644
--- a/full/src/test/java/de/ids_mannheim/korap/resource/rewrite/CollectionRewriteTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/resource/rewrite/CollectionRewriteTest.java
@@ -8,7 +8,6 @@
 import com.fasterxml.jackson.databind.JsonNode;
 
 import de.ids_mannheim.korap.config.BeanConfigTest;
-import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.config.TestVariables;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.query.serialize.QuerySerializer;
@@ -23,13 +22,9 @@
  */
 public class CollectionRewriteTest extends BeanConfigTest {
 
-    private static KustvaktConfiguration config;
-
-
     @Override
     public void initMethod () throws KustvaktException {
 //        helper().runBootInterfaces();
-        config = helper().getContext().getConfiguration();
     }
 
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/FilterTest.java b/full/src/test/java/de/ids_mannheim/korap/web/FilterTest.java
index 64000cc..e56e8f3 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/FilterTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/FilterTest.java
@@ -5,7 +5,6 @@
 import org.eclipse.jetty.server.Response;
 import org.junit.Ignore;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.sun.jersey.api.client.ClientHandlerException;
 import com.sun.jersey.api.client.ClientResponse;
@@ -14,7 +13,6 @@
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.TestHelper;
-import de.ids_mannheim.korap.constant.TokenType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 
 /** EM: fix tests. new DB does not save users.
@@ -24,19 +22,14 @@
 @Ignore
 public class FilterTest extends FastJerseyTest {
 
-    @Autowired
-    HttpAuthorizationHandler handler;
-
-
     @Test
     public void testTestUserAuth () throws UniformInterfaceException, ClientHandlerException, 
         KustvaktException {
         
         ClientResponse resp = resource()
-                
                 .path("user/info")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
+                        HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
                                 (String) TestHelper.getUserCredentials().get(Attributes.USERNAME),
                                 (String) TestHelper.getUserCredentials().get(Attributes.PASSWORD)))
                 .get(ClientResponse.class);
@@ -60,7 +53,7 @@
         ClientResponse resp = resource()
                 .path("user/info")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
+                        HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
                                 "kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         String entity = resp.getEntity(String.class);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/OAuth2HandlerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/OAuth2HandlerTest.java
deleted file mode 100644
index 24d468f..0000000
--- a/full/src/test/java/de/ids_mannheim/korap/web/OAuth2HandlerTest.java
+++ /dev/null
@@ -1,143 +0,0 @@
-package de.ids_mannheim.korap.web;
-
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
-import static org.junit.Assert.assertTrue;
-
-import org.junit.Ignore;
-import org.junit.Test;
-
-import de.ids_mannheim.korap.config.AuthCodeInfo;
-import de.ids_mannheim.korap.config.BeanConfigTest;
-import de.ids_mannheim.korap.config.ClientInfo;
-import de.ids_mannheim.korap.config.ContextHolder;
-import de.ids_mannheim.korap.encryption.KustvaktEncryption;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.handlers.OAuth2Handler;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
-import de.ids_mannheim.korap.security.context.TokenContext;
-
-/**
- * EM: To do: not implemented in the new DB yet
- * @author hanl
- * @date 13/05/2015
- */
-@Ignore
-@Deprecated
-public class OAuth2HandlerTest extends BeanConfigTest {
-
-    private static ClientInfo info;
-
-    private static final String SCOPES = "search preferences queries account";
-
-
-    @Test
-    public void testStoreAuthorizationCodeThrowsNoException ()
-            throws KustvaktException {
-        
-        EncryptionIface crypto = new KustvaktEncryption(
-                helper().getContext().getConfiguration());
-        
-        String auth_code = crypto.createToken();
-        AuthCodeInfo codeInfo =
-                new AuthCodeInfo(info.getClient_id(), auth_code);
-        codeInfo.setScopes(SCOPES);
-
-        OAuth2Handler handler =
-                new OAuth2Handler(helper().getContext().getPersistenceClient());
-        handler.authorize(codeInfo, helper().getUser());
-        assertTrue("couldn't find entry in cache",
-                handler.hasCacheEntry(codeInfo.getCode()));
-        codeInfo = handler.getAuthorization(auth_code);
-        assertNotNull("client is null!", codeInfo);
-    }
-
-
-    @Test
-    public void testAuthorizationCodeRemoveThrowsNoException ()
-            throws KustvaktException {
-        EncryptionIface crypto = new KustvaktEncryption(
-                helper().getContext().getConfiguration());
-        
-        String auth_code = crypto.createToken();
-        AuthCodeInfo codeInfo =
-                new AuthCodeInfo(info.getClient_id(), auth_code);
-        codeInfo.setScopes(SCOPES);
-
-        OAuth2Handler handler =
-                new OAuth2Handler(helper().getContext().getPersistenceClient());
-        handler.authorize(codeInfo, helper().getUser());
-        String t = crypto.createToken();
-        String refresh = crypto.createToken();
-        handler.addToken(codeInfo.getCode(), t, refresh, 7200);
-
-        TokenContext ctx = handler.getPersistenceHandler().getContext(t);
-        assertNotNull("context is null", ctx);
-
-        AuthCodeInfo c2 = handler.getAuthorization(codeInfo.getCode());
-        assertNull("clearing authorization failed", c2);
-    }
-
-
-    @Test
-    public void testTokenEndpointRedirect () {
-
-    }
-
-
-    @Test
-    public void testStoreAccessCodeViaAuthCodeThrowsNoException () {
-        String auth_code =
-                new KustvaktEncryption(helper().getContext().getConfiguration())
-                        .createToken();
-        AuthCodeInfo codeInfo =
-                new AuthCodeInfo(info.getClient_id(), auth_code);
-        codeInfo.setScopes(SCOPES);
-
-    }
-
-
-    @Test
-    public void testDeleteAccessCodesByUserDeleteCascade () {
-
-    }
-
-
-    @Test
-    public void testAccessTokenbyUserDeleteCascade () {
-
-    }
-
-
-    @Test
-    public void testRefreshToken () {
-
-    }
-
-
-    // fixme: exception thrown?!
-    @Test
-    public void testAccessTokenExpired () {
-
-    }
-
-
-    @Override
-    public void initMethod () throws KustvaktException {
-        helper().setupAccount();
-
-        EncryptionIface crypto = new KustvaktEncryption(
-                helper().getContext().getConfiguration());
-        info = new ClientInfo(crypto.createRandomNumber(),
-                crypto.createToken());
-        info.setConfidential(true);
-        //todo: support for subdomains?!
-        info.setUrl("http://localhost:8080/api/v0.1");
-        info.setRedirect_uri("testwebsite/login");
-        PersistenceClient cl = helper().getBean(ContextHolder.KUSTVAKT_DB);
-        OAuth2Handler handler = new OAuth2Handler(cl);
-        handler.getPersistenceHandler().registerClient(info,
-                helper().getUser());
-    }
-}
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/AuthenticationControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/AuthenticationControllerTest.java
index abdb3f3..9997c10 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/AuthenticationControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/AuthenticationControllerTest.java
@@ -9,16 +9,13 @@
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
-import de.ids_mannheim.korap.authentication.http.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.TestHelper;
-import de.ids_mannheim.korap.constant.TokenType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.user.User;
@@ -34,12 +31,8 @@
 @Ignore
 public class AuthenticationControllerTest extends FastJerseyTest {
 
-    @Autowired
-    HttpAuthorizationHandler handler;
-    
     private static String[] credentials;
     
-    
     @BeforeClass
     public static void configure () throws Exception {
         credentials = new String[2];
@@ -61,7 +54,7 @@
 
     @Test
     public void testSessionToken() throws KustvaktException {
-        String auth = handler.createBasicAuthorizationHeaderValue( 
+        String auth = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue( 
                 credentials[0], credentials[1]);
         ClientResponse response = resource().path("auth")
                 .path("sessionToken").header(Attributes.AUTHORIZATION, auth)
@@ -98,7 +91,7 @@
 
     @Test
     public void testSessionTokenExpire() throws KustvaktException {
-        String auth = handler.createBasicAuthorizationHeaderValue(
+        String auth = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
                 credentials[0], credentials[1]);
         ClientResponse response = resource().path("auth")
                 .path("sessionToken").header(Attributes.AUTHORIZATION, auth)
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/AvailabilityTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/AvailabilityTest.java
index 15d627f..3854abe 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/AvailabilityTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/AvailabilityTest.java
@@ -5,7 +5,6 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
@@ -20,8 +19,6 @@
 import de.ids_mannheim.korap.utils.JsonUtils;
 
 public class AvailabilityTest extends SpringJerseyTest {
-    @Autowired
-    private HttpAuthorizationHandler handler;
 
     private void checkAndFree (String json) throws KustvaktException {
         JsonNode node = JsonUtils.readTree(json);
@@ -147,14 +144,15 @@
     }
 
 
-    private ClientResponse searchQueryWithIP (String collectionQuery,
-            String ip) throws UniformInterfaceException, ClientHandlerException,
+    private ClientResponse searchQueryWithIP (String collectionQuery, String ip)
+            throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
         return resource().path("search").queryParam("q", "[orth=das]")
                 .queryParam("ql", "poliqarp").queryParam("cq", collectionQuery)
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt",
-                                "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, ip)
                 .get(ClientResponse.class);
     }
@@ -162,8 +160,7 @@
 
     @Test
     public void testAvailabilityFreeAuthorized () throws KustvaktException {
-        ClientResponse response =
-                searchQuery("availability = CC-BY-SA");
+        ClientResponse response = searchQuery("availability = CC-BY-SA");
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -175,8 +172,7 @@
     @Test
     public void testAvailabilityRegexFreeAuthorized ()
             throws KustvaktException {
-        ClientResponse response =
-                searchQuery("availability = /.*BY.*/");
+        ClientResponse response = searchQuery("availability = /.*BY.*/");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -186,8 +182,7 @@
 
     @Test
     public void testAvailabilityFreeUnauthorized () throws KustvaktException {
-        ClientResponse response =
-                searchQuery("availability = ACA-NC");
+        ClientResponse response = searchQuery("availability = ACA-NC");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -198,8 +193,7 @@
     @Test
     public void testAvailabilityRegexFreeUnauthorized ()
             throws KustvaktException {
-        ClientResponse response =
-                searchQuery("availability = /ACA.*/");
+        ClientResponse response = searchQuery("availability = /ACA.*/");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -236,11 +230,10 @@
     @Test
     public void testAvailabilityRegexFreeUnauthorized3 ()
             throws KustvaktException {
-        ClientResponse response =
-                searchQuery("availability = /.*NC.*/");
+        ClientResponse response = searchQuery("availability = /.*NC.*/");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
-        //        System.out.println(response.getEntity(String.class));
+        // System.out.println(response.getEntity(String.class));
         checkAndFree(response.getEntity(String.class));
     }
 
@@ -249,8 +242,7 @@
     @Test
     public void testNegationAvailabilityFreeUnauthorized ()
             throws KustvaktException {
-        ClientResponse response =
-                searchQuery("availability != /CC-BY.*/");
+        ClientResponse response = searchQuery("availability != /CC-BY.*/");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -260,8 +252,7 @@
     @Test
     public void testNegationAvailabilityFreeUnauthorized2 ()
             throws KustvaktException {
-        ClientResponse response =
-                searchQuery("availability != /.*BY.*/");
+        ClientResponse response = searchQuery("availability != /.*BY.*/");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -281,8 +272,8 @@
     @Test
     public void testComplexNegationAvailabilityFreeUnauthorized ()
             throws KustvaktException {
-        ClientResponse response = searchQuery(
-                "textClass=politik & availability != /CC-BY.*/");
+        ClientResponse response =
+                searchQuery("textClass=politik & availability != /CC-BY.*/");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -293,8 +284,8 @@
     @Test
     public void testComplexAvailabilityFreeUnauthorized ()
             throws KustvaktException {
-        ClientResponse response = searchQuery(
-                "textClass=politik & availability=ACA-NC");
+        ClientResponse response =
+                searchQuery("textClass=politik & availability=ACA-NC");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -305,8 +296,8 @@
     @Test
     public void testComplexAvailabilityFreeUnauthorized3 ()
             throws KustvaktException {
-        ClientResponse response = searchQuery(
-                "textClass=politik & availability=/.*NC.*/");
+        ClientResponse response =
+                searchQuery("textClass=politik & availability=/.*NC.*/");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -327,8 +318,8 @@
 
     @Test
     public void testAvailabilityPublicUnauthorized () throws KustvaktException {
-        ClientResponse response = searchQueryWithIP(
-                "availability=QAO-NC-LOC:ids", "149.27.0.32");
+        ClientResponse response =
+                searchQueryWithIP("availability=QAO-NC-LOC:ids", "149.27.0.32");
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -340,8 +331,8 @@
     @Test
     public void testAvailabilityRegexPublicAuthorized ()
             throws KustvaktException {
-        ClientResponse response = searchQueryWithIP(
-                "availability= /ACA.*/", "149.27.0.32");
+        ClientResponse response =
+                searchQueryWithIP("availability= /ACA.*/", "149.27.0.32");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -352,8 +343,8 @@
     @Test
     public void testNegationAvailabilityPublicUnauthorized ()
             throws KustvaktException {
-        ClientResponse response = searchQueryWithIP(
-                "availability != ACA-NC", "149.27.0.32");
+        ClientResponse response =
+                searchQueryWithIP("availability != ACA-NC", "149.27.0.32");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -364,8 +355,8 @@
     @Test
     public void testNegationAvailabilityRegexPublicUnauthorized ()
             throws KustvaktException {
-        ClientResponse response = searchQueryWithIP(
-                "availability != /ACA.*/", "149.27.0.32");
+        ClientResponse response =
+                searchQueryWithIP("availability != /ACA.*/", "149.27.0.32");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -402,8 +393,8 @@
 
     @Test
     public void testAvailabilityRegexAllAuthorized () throws KustvaktException {
-        ClientResponse response = searchQueryWithIP(
-                "availability= /ACA.*/", "10.27.0.32");
+        ClientResponse response =
+                searchQueryWithIP("availability= /ACA.*/", "10.27.0.32");
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
 
@@ -412,8 +403,8 @@
 
     @Test
     public void testAvailabilityOr () throws KustvaktException {
-        ClientResponse response = searchQuery(
-                "availability=/CC-BY.*/ | availability=/ACA.*/");
+        ClientResponse response =
+                searchQuery("availability=/CC-BY.*/ | availability=/ACA.*/");
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -438,8 +429,8 @@
 
     @Test
     public void testAvailabilityOrCorpusSigle () throws KustvaktException {
-        ClientResponse response = searchQuery(
-                "availability=/CC-BY.*/ | corpusSigle=GOE");
+        ClientResponse response =
+                searchQuery("availability=/CC-BY.*/ | corpusSigle=GOE");
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -449,8 +440,8 @@
 
     @Test
     public void testOrWithoutAvailability () throws KustvaktException {
-        ClientResponse response = searchQuery(
-                "corpusSigle=GOE | textClass=politik");
+        ClientResponse response =
+                searchQuery("corpusSigle=GOE | textClass=politik");
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
index 4b0004a..4cee30e 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
@@ -5,7 +5,6 @@
 import static org.junit.Assert.assertTrue;
 
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
@@ -19,72 +18,65 @@
 
 public class MatchInfoControllerTest extends FastJerseyTest {
 
-    @Autowired
-    HttpAuthorizationHandler handler;
-    
     @Test
     public void testGetMatchInfoPublicCorpus () throws KustvaktException {
 
-        ClientResponse response = resource()
-                .path("corpus").path("GOE").path("AGA").path("01784")
-                .path("p36-100").path("matchInfo")
-                .queryParam("foundry", "*")
-                .get(ClientResponse.class);
+        ClientResponse response = resource().path("corpus").path("GOE")
+                .path("AGA").path("01784").path("p36-100").path("matchInfo")
+                .queryParam("foundry", "*").get(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String entity = response.getEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        
+
         assertNotNull(node);
         assertEquals("GOE/AGA/01784", node.at("/textSigle").asText());
-        assertEquals("Belagerung von Mainz",
-                node.at("/title").asText());
+        assertEquals("Belagerung von Mainz", node.at("/title").asText());
         assertEquals("Goethe, Johann Wolfgang von",
                 node.at("/author").asText());
         assertTrue(node.at("/snippet").asText()
                 .startsWith("<span class=\"context-left\"></span>"
-                        + "<span class=\"match\">"
-					));
+                        + "<span class=\"match\">"));
     }
-    
+
     @Test
     public void testGetMatchInfoNotAllowed () throws KustvaktException {
 
-        ClientResponse response = resource()
-                .path("corpus").path("GOE").path("AGI").path("04846")
-                .path("p36875-36876").path("matchInfo")
-                .queryParam("foundry", "*")
-                .get(ClientResponse.class);
+        ClientResponse response =
+                resource().path("corpus").path("GOE").path("AGI").path("04846")
+                        .path("p36875-36876").path("matchInfo")
+                        .queryParam("foundry", "*").get(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String entity = response.getEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        
+
         assertEquals("1003", node.at("/errors/0/0").asText());
-        assertEquals("Retrieving match info with ID "
-        		+ "match-GOE/AGI/04846-p36875-36876 is not allowed.", 
-        		node.at("/errors/0/1").asText());
+        assertEquals(
+                "Retrieving match info with ID "
+                        + "match-GOE/AGI/04846-p36875-36876 is not allowed.",
+                node.at("/errors/0/1").asText());
         assertTrue(node.at("/snippet").isMissingNode());
     }
 
     @Test
     public void testGetMatchInfoWithAuthentication () throws KustvaktException {
-        ClientResponse response = resource()
-                .path("corpus").path("GOE").path("AGI").path("04846")
-                .path("p36875-36876").path("matchInfo")
-                .queryParam("foundry", "*")
+        ClientResponse response = resource().path("corpus").path("GOE")
+                .path("AGI").path("04846").path("p36875-36876")
+                .path("matchInfo").queryParam("foundry", "*")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
                 .get(ClientResponse.class);
 
         String entity = response.getEntity(String.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
-        
+
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node);
         assertEquals("GOE/AGI/04846", node.at("/textSigle").asText());
@@ -96,30 +88,29 @@
                 node.at("/author").asText());
         assertTrue(node.at("/snippet").asText()
                 .startsWith("<span class=\"context-left\"></span>"
-                        + "<span class=\"match\">"
-					));
+                        + "<span class=\"match\">"));
         assertEquals("QAO-NC-LOC:ids", node.at("/availability").asText());
     }
-//    @Test
-//    public void testMatchInfoSave () {
-//
-//    }
-//
-//
-//    @Test
-//    public void testMatchInfoDelete () {
-//
-//    }
-//
-//
-//    @Test
-//    public void testGetMatches () {
-//
-//    }
+    // @Test
+    // public void testMatchInfoSave () {
+    //
+    // }
+    //
+    //
+    // @Test
+    // public void testMatchInfoDelete () {
+    //
+    // }
+    //
+    //
+    // @Test
+    // public void testGetMatches () {
+    //
+    // }
 
 
     @Override
     public void initMethod () throws KustvaktException {
-//        helper().runBootInterfaces();
+        // helper().runBootInterfaces();
     }
 }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java
index 911f8a9..8ba24d2 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java
@@ -16,6 +16,7 @@
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.core.util.MultivaluedMapImpl;
 
+import de.ids_mannheim.korap.authentication.http.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.SpringJerseyTest;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
@@ -25,7 +26,6 @@
 
 public class OAuth2AccessTokenTest extends SpringJerseyTest {
 
-
     private String requestToken () throws KustvaktException {
         MultivaluedMap<String, String> form = new MultivaluedMapImpl();
         form.add("grant_type", "password");
@@ -43,9 +43,9 @@
         JsonNode node = JsonUtils.readTree(entity);
         return node.at("/access_token").asText();
     }
-    
+
     @Test
-    public void testListVCScope() throws KustvaktException {
+    public void testListVCScope () throws KustvaktException {
         MultivaluedMap<String, String> form = new MultivaluedMapImpl();
         form.add("grant_type", "password");
         form.add("client_id", "fCBbQkAyYzI4NzUxMg");
@@ -55,6 +55,9 @@
         form.add("scope", OAuth2Scope.VC_INFO.toString());
 
         ClientResponse response = resource().path("oauth2").path("token")
+                .header(HttpHeaders.AUTHORIZATION,
+                        "Bearer" + TransferEncoding
+                                .encodeBase64("fCBbQkAyYzI4NzUxMg", "secret"))
                 .header(HttpHeaders.CONTENT_TYPE,
                         ContentType.APPLICATION_FORM_URLENCODED)
                 .entity(form).post(ClientResponse.class);
@@ -62,7 +65,7 @@
         String entity = response.getEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         String token = node.at("/access_token").asText();
-        
+
         response = resource().path("vc").path("list")
                 .header(Attributes.AUTHORIZATION, "Bearer " + token)
                 .get(ClientResponse.class);
@@ -74,9 +77,11 @@
     }
 
     @Test
-    public void testListVCScopeNotAuthorized () throws KustvaktException {
+    public void testListVCScopeNotAuthorized ()
+            throws KustvaktException, IOException {
+        String accessToken = requestToken();
         ClientResponse response = resource().path("vc").path("list")
-                .header(Attributes.AUTHORIZATION, "Bearer " + requestToken())
+                .header(Attributes.AUTHORIZATION, "Bearer " + accessToken)
                 .get(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
@@ -87,22 +92,23 @@
                 node.at("/errors/0/0").asInt());
         assertEquals("Scope vc_info is not authorized",
                 node.at("/errors/0/1").asText());
+
+        testSearchWithOAuth2Token(accessToken);
     }
 
-    @Test
-    public void testSearchWithOAuth2Token ()
+    private void testSearchWithOAuth2Token (String accessToken)
             throws KustvaktException, IOException {
         ClientResponse response = resource().path("search")
                 .queryParam("q", "Wasser").queryParam("ql", "poliqarp")
-                .header(Attributes.AUTHORIZATION, "Bearer " + requestToken())
+                .header(Attributes.AUTHORIZATION, "Bearer " + accessToken)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
         String ent = response.getEntity(String.class);
-        
+
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
-        
+
         JsonNode node = JsonUtils.readTree(ent);
         assertNotNull(node);
         assertEquals(25, node.at("/matches").size());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
index c742d1d..b5f89a5 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
@@ -12,7 +12,6 @@
 
 import org.apache.http.entity.ContentType;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
@@ -39,8 +38,6 @@
  */
 public class OAuth2ClientControllerTest extends SpringJerseyTest {
 
-    @Autowired
-    private HttpAuthorizationHandler handler;
     private String username = "OAuth2ClientControllerTest";
 
     private void checkWWWAuthenticateHeader (ClientResponse response) {
@@ -66,9 +63,8 @@
         json.setDescription("This is a confidential test client.");
 
         return resource().path("oauth2").path("client").path("register")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
@@ -107,9 +103,8 @@
 
         ClientResponse response = resource().path("oauth2").path("client")
                 .path("register")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
@@ -138,9 +133,8 @@
 
         ClientResponse response = resource().path("oauth2").path("client")
                 .path("register")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
@@ -160,9 +154,8 @@
 
         ClientResponse response = resource().path("oauth2").path("client")
                 .path("register")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
@@ -196,7 +189,7 @@
 
         ClientResponse response = resource().path("oauth2").path("client")
                 .path("deregister")
-                .header(Attributes.AUTHORIZATION, handler
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(username, "pass"))
                 .delete(ClientResponse.class);
 
@@ -209,7 +202,7 @@
 
         ClientResponse response = resource().path("oauth2").path("client")
                 .path("deregister").path(clientId)
-                .header(Attributes.AUTHORIZATION, handler
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(username, "pass"))
                 .delete(ClientResponse.class);
 
@@ -225,9 +218,8 @@
 
         ClientResponse response = resource().path("oauth2").path("client")
                 .path("deregister").path(clientId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.CONTENT_TYPE,
                         ContentType.APPLICATION_FORM_URLENCODED)
                 .entity(form).delete(ClientResponse.class);
@@ -240,9 +232,8 @@
 
         ClientResponse response = resource().path("oauth2").path("client")
                 .path("deregister").path(clientId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.CONTENT_TYPE,
                         ContentType.APPLICATION_FORM_URLENCODED)
                 .delete(ClientResponse.class);
@@ -265,9 +256,8 @@
 
         ClientResponse response = resource().path("oauth2").path("client")
                 .path("deregister").path(clientId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.CONTENT_TYPE,
                         ContentType.APPLICATION_FORM_URLENCODED)
                 .entity(form).delete(ClientResponse.class);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
index cc821fe..de48971 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
@@ -12,7 +12,6 @@
 import org.apache.oltu.oauth2.common.error.OAuthError;
 import org.apache.oltu.oauth2.common.message.types.TokenType;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.util.MultiValueMap;
 import org.springframework.web.util.UriComponentsBuilder;
 
@@ -35,16 +34,13 @@
  */
 public class OAuth2ControllerTest extends SpringJerseyTest {
 
-    @Autowired
-    private HttpAuthorizationHandler handler;
-
     private ClientResponse requestAuthorizationConfidentialClient (
             MultivaluedMap<String, String> form) throws KustvaktException {
 
-        return resource().path("oauth2").path("authorize")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "password"))
+        return resource().path("oauth2").path("authorize").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "dory", "password"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE,
                         ContentType.APPLICATION_FORM_URLENCODED)
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2EndpointTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2EndpointTest.java
index 95d3d38..a285f12 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2EndpointTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2EndpointTest.java
@@ -6,7 +6,6 @@
 
 import org.junit.Ignore;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientHandlerException;
@@ -14,10 +13,8 @@
 import com.sun.jersey.api.client.UniformInterfaceException;
 
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
-import de.ids_mannheim.korap.authentication.http.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.TestHelper;
-import de.ids_mannheim.korap.constant.TokenType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.FastJerseyTest;
@@ -29,8 +26,6 @@
 @Ignore
 // todo: in combination with other tests, causes failures!
 public class OAuth2EndpointTest extends FastJerseyTest {
-    @Autowired
-    HttpAuthorizationHandler handler;
     
     @Override
     public void initMethod () throws KustvaktException {
@@ -40,7 +35,7 @@
 
     @Test
     public void testAuthorizeClient () throws ClientHandlerException, UniformInterfaceException, KustvaktException {
-        String auth = handler.createBasicAuthorizationHeaderValue(
+        String auth = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
                 helper().getUser().getUsername(),
                 (String) TestHelper.getUserCredentials().get(Attributes.PASSWORD));
         ClientResponse response = resource().path(getAPIVersion()).path("oauth2")
@@ -78,7 +73,7 @@
     @Ignore
     public void authenticate () throws KustvaktException {
         Map<String, Object> cred = TestHelper.getUserCredentials();
-        String enc = handler.createBasicAuthorizationHeaderValue( 
+        String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue( 
                 (String) cred.get(Attributes.USERNAME), (String) cred.get(Attributes.PASSWORD));
         ClientResponse response = resource().path(getAPIVersion()).path("oauth2")
                 .path("register")
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2OpenIdControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2OpenIdControllerTest.java
index a5e84d3..7cd80e9 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2OpenIdControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2OpenIdControllerTest.java
@@ -46,8 +46,6 @@
 public class OAuth2OpenIdControllerTest extends SpringJerseyTest {
 
     @Autowired
-    private HttpAuthorizationHandler handler;
-    @Autowired
     private FullConfiguration config;
 
     private String redirectUri =
@@ -58,8 +56,9 @@
             MultivaluedMap<String, String> form) throws KustvaktException {
         return resource().path("oauth2").path("openid").path("authorize")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "password"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(username,
+                                        "password"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE,
                         ContentType.APPLICATION_FORM_URLENCODED)
@@ -104,7 +103,7 @@
         assertEquals("thisIsMyState", params.getFirst("state"));
     }
 
-    
+
 
     private void testRequestAuthorizationCodeWithoutOpenID (
             MultivaluedMap<String, String> form, String redirectUri)
@@ -289,6 +288,7 @@
 
         ClientResponse tokenResponse = sendTokenRequest(tokenForm);
         String entity = tokenResponse.getEntity(String.class);
+        System.out.println(entity);
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node.at("/access_token").asText());
         assertNotNull(node.at("/refresh_token").asText());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/QuerySerializationControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/QuerySerializationControllerTest.java
index abd743b..6d6813e 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/QuerySerializationControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/QuerySerializationControllerTest.java
@@ -14,14 +14,12 @@
 
 import org.junit.Ignore;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.constant.TokenType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.FastJerseyTest;
@@ -31,17 +29,15 @@
 @Ignore
 public class QuerySerializationControllerTest extends FastJerseyTest {
 
-    @Autowired
-    HttpAuthorizationHandler handler;
-    
     @Override
     public void initMethod () throws KustvaktException {
-        //        helper().runBootInterfaces();
+        // helper().runBootInterfaces();
     }
 
 
     @Test
-    public void testQuerySerializationFilteredPublic () throws KustvaktException {
+    public void testQuerySerializationFilteredPublic ()
+            throws KustvaktException {
         ClientResponse response = resource()
 
                 .path("corpus/WPD13/query").queryParam("q", "[orth=der]")
@@ -59,11 +55,11 @@
 
 
     @Test
-    public void testQuerySerializationUnexistingResource () throws KustvaktException {
-        ClientResponse response = resource()
-
-                .path("corpus/ZUW19/query").queryParam("q", "[orth=der]")
-                .queryParam("ql", "poliqarp").queryParam("context", "base/s:s")
+    public void testQuerySerializationUnexistingResource ()
+            throws KustvaktException {
+        ClientResponse response = resource().path("corpus/ZUW19/query")
+                .queryParam("q", "[orth=der]").queryParam("ql", "poliqarp")
+                .queryParam("context", "base/s:s")
                 .method("GET", ClientResponse.class);
         assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
                 response.getStatus());
@@ -76,7 +72,8 @@
 
 
     @Test
-    public void testQuerySerializationWithNonPublicCorpus () throws KustvaktException {
+    public void testQuerySerializationWithNonPublicCorpus ()
+            throws KustvaktException {
         ClientResponse response = resource()
 
                 .path("corpus/BRZ10/query").queryParam("q", "[orth=der]")
@@ -93,13 +90,16 @@
 
 
     @Test
-    public void testQuerySerializationWithAuthentication () throws KustvaktException {
+    public void testQuerySerializationWithAuthentication ()
+            throws KustvaktException {
         ClientResponse response = resource()
 
                 .path("corpus/BRZ10/query").queryParam("q", "[orth=der]")
                 .queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .method("GET", ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -113,7 +113,8 @@
 
 
     @Test
-    public void testQuerySerializationWithNewCollection () throws KustvaktException {
+    public void testQuerySerializationWithNewCollection ()
+            throws KustvaktException {
         // Add Virtual Collection
         ClientResponse response = resource()
 
@@ -123,7 +124,9 @@
                 .queryParam("name", "Weimarer Werke")
                 .queryParam("description", "Goethe-Werke in Weimar (seit 1775)")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -140,7 +143,9 @@
 
                 .path("collection")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -165,7 +170,9 @@
                 .queryParam("q", "[orth=der]").queryParam("ql", "poliqarp")
                 .queryParam("context", "base/s:s")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .method("GET", ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -195,7 +202,8 @@
 
 
     @Test
-    public void testQuerySerializationOfVirtualCollection () throws KustvaktException {
+    public void testQuerySerializationOfVirtualCollection ()
+            throws KustvaktException {
         ClientResponse response = resource()
 
                 .path("collection/GOE-VC/query").queryParam("q", "[orth=der]")
@@ -249,7 +257,8 @@
 
 
     @Test
-    public void testMetaQuerySerializationWithOffset () throws KustvaktException{
+    public void testMetaQuerySerializationWithOffset ()
+            throws KustvaktException {
         ClientResponse response = resource()
 
                 .path("query").queryParam("context", "sentence")
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/ResourceControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/ResourceControllerTest.java
deleted file mode 100644
index 6a0bb64..0000000
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/ResourceControllerTest.java
+++ /dev/null
@@ -1,384 +0,0 @@
-package de.ids_mannheim.korap.web.controller;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertTrue;
-
-import java.io.IOException;
-
-import org.apache.http.HttpStatus;
-import org.junit.Assert;
-import org.junit.Ignore;
-import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
-
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.JsonNode;
-import com.sun.jersey.api.client.ClientResponse;
-
-import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
-import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.constant.TokenType;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.handlers.ResourceDao;
-import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.user.User;
-import de.ids_mannheim.korap.utils.JsonUtils;
-import de.ids_mannheim.korap.web.FastJerseyTest;
-
-/**
- * @author hanl, margaretha
- * @date 14/01/2016
- * @update 24/04/2017
- */
-@Ignore
-@Deprecated
-public class ResourceControllerTest extends FastJerseyTest {
-
-    @Autowired
-    HttpAuthorizationHandler handler;
-    
-    // create a simple test collection for user kustvakt, otherwise test fails
-    @Test
-    @Ignore
-    public void testStats () throws KustvaktException{
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("collection")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .get(ClientResponse.class);
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
-        assertNotNull(node);
-        assertNotEquals(0, node.size());
-        String id = node.path(1).path("id").asText();
-
-        response = resource().path(getAPIVersion()).path("collection").path(id)
-                .path("stats")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .get(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-        node = JsonUtils.readTree(response.getEntity(String.class));
-        assertNotNull(node);
-        assertNotNull(node);
-        int docs = node.path("documents").asInt();
-        assertNotEquals(0, docs);
-        assertTrue(docs < 15);
-    }
-
-
-    @Test
-    public void testOwnerUpdateVirtualCollection () throws KustvaktException {
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("virtualcollection").path("GOE-VC") // persistent id
-                .queryParam("name", "Goethe collection")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        ResourceDao<?> dao = new ResourceDao<>(
-                helper().getContext().getPersistenceClient());
-        assertEquals("sqlite",
-                helper().getContext().getPersistenceClient().getDatabase());
-
-        KustvaktResource res = dao.findbyId("GOE-VC",
-                User.UserFactory.getDemoUser());
-        assertNotNull(res);
-        assertEquals("Goethe collection", res.getName().toString());
-
-    }
-
-
-    @Test
-    public void testOwnerUpdateCorpus () throws KustvaktException {
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("corpus").path("GOE") // persistent id
-                .queryParam("name", "Goethe corpus")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        ResourceDao<?> dao = new ResourceDao<>(
-                helper().getContext().getPersistenceClient());
-
-        KustvaktResource res = dao.findbyId("GOE",
-                User.UserFactory.getDemoUser());
-        assertNotNull(res);
-        assertEquals("Goethe corpus", res.getName().toString());
-
-    }
-
-
-    @Test
-    public void testOwnerUpdateFoundry () throws KustvaktException {
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("foundry").path("malt") // persistent id
-                .queryParam("name", "malt parser")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        ResourceDao<?> dao = new ResourceDao<>(
-                helper().getContext().getPersistenceClient());
-
-        KustvaktResource res = dao.findbyId("malt",
-                User.UserFactory.getDemoUser());
-        assertNotNull(res);
-        assertEquals("malt parser", res.getName().toString());
-
-    }
-
-
-    @Test
-    public void testOwnerUpdateLayer () throws KustvaktException {
-        ClientResponse response = resource().path(getAPIVersion()).path("layer")
-                .path("mate/d").queryParam("name", "Mate dependency")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        ResourceDao<?> dao = new ResourceDao<>(
-                helper().getContext().getPersistenceClient());
-
-        KustvaktResource res = dao.findbyId("mate/d",
-                User.UserFactory.getDemoUser());
-        assertNotNull(res);
-        assertEquals("Mate dependency", res.getName().toString());
-
-    }
-
-
-    @Test
-    public void testOwnerUpdateUnexistingCorpus () throws KustvaktException {
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("corpus").path("GOEC") // persistent id
-                .queryParam("name", "Goethe corpus")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
-                response.getStatus());
-
-        JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
-        assertEquals("Resource not found!",
-                node.get("errors").get(0).get(1).asText());
-
-    }
-
-
-    @Test
-    public void testUpdateUnauthorized () throws KustvaktException {
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("corpus").path("GOE") // persistent id
-                .queryParam("name", "Goethe corpus").post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
-                response.getStatus());
-
-        JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
-        assertEquals("Permission denied for resource id GOE for the user.",
-                node.get("errors").get(0).get(1).asText());
-
-    }
-
-
-    @Test
-    public void testStoreNewVirtualCollection () throws KustvaktException {
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("virtualcollection").queryParam("filter", "false")
-                .queryParam("name", "Brown")
-                .queryParam("description", "Brown corpus")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        String ent = response.getEntity(String.class);
-        JsonNode node = JsonUtils.readTree(ent);
-        assertEquals("Brown", node.path("name").asText());
-        assertEquals("Brown corpus", node.path("description").asText());
-
-        String id = node.path("id").asText();
-
-        // check if the resource is in the db
-        ResourceDao<?> dao = new ResourceDao<>(
-                helper().getContext().getPersistenceClient());
-        assertEquals("sqlite",
-                helper().getContext().getPersistenceClient().getDatabase());
-
-        assertNotEquals(0, dao.size());
-        KustvaktResource res = dao.findbyId(id, User.UserFactory.getDemoUser());
-        assertEquals("Brown", res.getName().toString());
-
-    }
-
-
-    @Test
-    public void testStoreUnsupportedType () throws KustvaktException {
-
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("corpus").queryParam("filter", "false")
-                .queryParam("name", "Brown")
-                .queryParam("description", "Brown corpus")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
-                response.getStatus());
-
-        String ent = response.getEntity(String.class);
-//        System.out.println(ent);
-        JsonNode node = JsonUtils.readTree(ent);
-        assertEquals(402, node.at("/errors/0/0").asInt());
-        assertEquals("Unsupported operation for the given resource type.",
-                node.at("/errors/0/1").asText());
-    }
-
-
-    @Test
-    public void testStoreNewVirtualCollectionFromExistingCollection ()
-            throws KustvaktException {
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("virtualcollection").queryParam("filter", "true")
-                .queryParam("ref", "WPD15-VC")
-                .queryParam("name", "Wikipedia collection")
-                .queryParam("query", "author ~ Asdert")
-                .queryParam("description", "Wikipedia subcorpus from Asdert")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        String ent = response.getEntity(String.class);
-        JsonNode node = JsonUtils.readTree(ent);
-        String id = node.path("id").asText();
-
-        assertEquals("Wikipedia collection", node.path("name").asText());
-        assertEquals("Wikipedia subcorpus from Asdert",
-                node.path("description").asText());
-        node = node.at("/data/collection/operands/1");
-        assertEquals("author", node.at("/key").asText());
-        assertEquals("Asdert", node.at("/value").asText());
-
-        // check if the resource is in the db
-        ResourceDao<?> dao = new ResourceDao<>(
-                helper().getContext().getPersistenceClient());
-        KustvaktResource res = dao.findbyId(id, User.UserFactory.getDemoUser());
-        assertEquals("Wikipedia collection", res.getName().toString());
-    }
-
-
-    // EM: The test covers multiple ordered operations dealing with 
-    // the same resource (store followed by update followed by delete).
-    @Test
-    public void testVirtualCollectionStoreUpdateDelete ()
-            throws KustvaktException, JsonProcessingException, IOException {
-        // resource store service
-        ClientResponse response = resource().path(getAPIVersion())
-                .path("virtualcollection").queryParam("filter", "false")
-                .queryParam("name", "Goethe")
-                .queryParam("description", "Goethe corpus")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        String ent = response.getEntity(String.class);
-        JsonNode node = JsonUtils.readTree(ent);
-        assertNotNull(node);
-        assertTrue(node.isObject());
-        assertEquals("Goethe", node.path("name").asText());
-        assertEquals("Goethe corpus", node.path("description").asText());
-
-        String id = node.path("id").asText();
-
-        // check if the resource is in the db
-        ResourceDao<?> dao = new ResourceDao<>(
-                helper().getContext().getPersistenceClient());
-        assertEquals("sqlite",
-                helper().getContext().getPersistenceClient().getDatabase());
-
-        assertNotEquals(0, dao.size());
-        KustvaktResource res = dao.findbyId(id, User.UserFactory.getDemoUser());
-        assertNotNull(res);
-        Assert.assertEquals("Goethe", res.getName().toString());
-
-        // no update resource service
-        response = resource().path(getAPIVersion()).path("virtualcollection")
-                .path(id).queryParam("name", "Goethe")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(HttpStatus.SC_BAD_REQUEST, response.getStatus());
-
-        node = JsonUtils.readTree(response.getEntity(String.class));
-        assertEquals("[No change has found.]",
-                node.get("errors").get(0).get(2).asText());
-
-        // update resource service
-        response = resource().path(getAPIVersion()).path("virtualcollection")
-                .path(id).queryParam("name", "Goethe collection")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .post(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        res = dao.findbyId(id, User.UserFactory.getDemoUser());
-        assertNotNull(res);
-        Assert.assertEquals("Goethe collection", res.getName().toString());
-
-
-        // delete resource service
-        response = resource().path(getAPIVersion()).path("virtualcollection")
-                .path(id)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
-                .delete(ClientResponse.class);
-
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
-                response.getStatus());
-
-        // check if the resource is *not* in the db anymore
-        dao = new ResourceDao<>(helper().getContext().getPersistenceClient());
-        assertEquals("sqlite",
-                helper().getContext().getPersistenceClient().getDatabase());
-
-        res = dao.findbyId(id, User.UserFactory.getDemoUser());
-        assertEquals(null, res);
-    }
-
-
-    @Override
-    public void initMethod () throws KustvaktException {
-//        helper().runBootInterfaces();
-    }
-}
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/ResourceInfoControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/ResourceInfoControllerTest.java
index fa40e73..67b0916 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/ResourceInfoControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/ResourceInfoControllerTest.java
@@ -7,7 +7,6 @@
 
 import org.junit.Ignore;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
@@ -17,24 +16,22 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.FastJerseyTest;
+
 /**
  * @author hanl, margaretha
  * @lastUpdate 19/04/2017
- * EM: FIX ME: Database restructure
+ *             EM: FIX ME: Database restructure
  */
 @Ignore
 public class ResourceInfoControllerTest extends FastJerseyTest {
 
-    @Autowired
-    HttpAuthorizationHandler handler;
-    
     @Override
     public void initMethod () throws KustvaktException {
-//        helper().runBootInterfaces();
+        // helper().runBootInterfaces();
     }
 
     @Test
-    public void testGetPublicVirtualCollectionInfo () throws KustvaktException{
+    public void testGetPublicVirtualCollectionInfo () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("collection").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -47,11 +44,14 @@
 
 
     @Test
-    public void testGetVirtualCollectionInfoWithAuthentication () throws KustvaktException{
+    public void testGetVirtualCollectionInfoWithAuthentication ()
+            throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("collection")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -64,7 +64,7 @@
 
 
     @Test
-    public void testGetVirtualCollectionInfoById () throws KustvaktException{
+    public void testGetVirtualCollectionInfoById () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("collection").path("GOE-VC").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -73,14 +73,14 @@
         JsonNode node = JsonUtils.readTree(ent);
         assertNotNull(node);
         assertNotEquals(0, node.size());
-        assertEquals("Goethe Virtual Collection",
-                node.path("name").asText());
+        assertEquals("Goethe Virtual Collection", node.path("name").asText());
         assertEquals("Goethe works from 1810",
                 node.path("description").asText());
     }
-    
+
     @Test
-    public void testGetVirtualCollectionInfoByIdUnauthorized () throws KustvaktException{
+    public void testGetVirtualCollectionInfoByIdUnauthorized ()
+            throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("collection").path("WPD15-VC").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
@@ -90,12 +90,13 @@
         assertNotNull(node);
         assertNotEquals(0, node.size());
         assertEquals(101, node.at("/errors/0/0").asInt());
-        assertEquals("[Cannot found public VirtualCollection with ids: [WPD15-VC]]",
+        assertEquals(
+                "[Cannot found public VirtualCollection with ids: [WPD15-VC]]",
                 node.at("/errors/0/2").asText());
     }
-    
+
     @Test
-    public void testGetPublicCorporaInfo () throws KustvaktException{
+    public void testGetPublicCorporaInfo () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("corpus").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -109,14 +110,14 @@
 
 
     @Test
-    public void testGetCorpusInfoById () throws KustvaktException{
+    public void testGetCorpusInfoById () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("corpus").path("WPD13").get(ClientResponse.class);
-        
+
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String ent = response.getEntity(String.class);
-//        System.out.println(ent);
+        // System.out.println(ent);
         JsonNode node = JsonUtils.readTree(ent);
         assertNotNull(node);
         assertTrue(node.isObject());
@@ -125,7 +126,7 @@
 
 
     @Test
-    public void testGetCorpusInfoById2 () throws KustvaktException{
+    public void testGetCorpusInfoById2 () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("corpus").path("GOE").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -139,7 +140,7 @@
 
 
     @Test
-    public void testGetPublicFoundriesInfo () throws KustvaktException{
+    public void testGetPublicFoundriesInfo () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("foundry").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -153,7 +154,7 @@
 
 
     @Test
-    public void testGetFoundryInfoById () throws KustvaktException{
+    public void testGetFoundryInfoById () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("foundry").path("tt").get(ClientResponse.class);
         String ent = response.getEntity(String.class);
@@ -167,7 +168,7 @@
 
 
     @Test
-    public void testGetUnexistingCorpusInfo () throws KustvaktException{
+    public void testGetUnexistingCorpusInfo () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("corpus").path("ZUW19").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
@@ -182,10 +183,12 @@
     }
 
 
-    // EM: queries for an unauthorized corpus get the same responses / treatment as 
-    // asking for an unexisting corpus info. Does it need a specific exception instead?
+    // EM: queries for an unauthorized corpus get the same responses /
+    // treatment as
+    // asking for an unexisting corpus info. Does it need a specific
+    // exception instead?
     @Test
-    public void testGetUnauthorizedCorpusInfo () throws KustvaktException{
+    public void testGetUnauthorizedCorpusInfo () throws KustvaktException {
         ClientResponse response = resource().path(getAPIVersion())
                 .path("corpus").path("BRZ10").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/SearchControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/SearchControllerTest.java
index 13836be..f10cfc7 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/SearchControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/SearchControllerTest.java
@@ -1,16 +1,15 @@
 package de.ids_mannheim.korap.web.controller;
 
 import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNotEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.assertFalse;
 
 import javax.ws.rs.core.MediaType;
 
 import org.junit.Ignore;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
@@ -30,15 +29,10 @@
  */
 public class SearchControllerTest extends SpringJerseyTest {
 
-    @Autowired
-    private HttpAuthorizationHandler handler;
-    
-
     @Test
     public void testSearchQueryPublicCorpora () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=der]")
-                .queryParam("ql", "poliqarp")
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=der]").queryParam("ql", "poliqarp")
                 .accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -54,36 +48,35 @@
                 node.at("/collection/rewrites/0/operation").asText());
     }
 
-	
+
     @Test
-    public void testSearchQueryFailure () throws KustvaktException{
-        ClientResponse response = resource()
-			.path("search").queryParam("q", "[orth=der")
-			.queryParam("ql", "poliqarp")
-			.queryParam("cq", "corpusSigle=WPD | corpusSigle=GOE")
-			.queryParam("count", "13")
-			.accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);
+    public void testSearchQueryFailure () throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=der").queryParam("ql", "poliqarp")
+                .queryParam("cq", "corpusSigle=WPD | corpusSigle=GOE")
+                .queryParam("count", "13").accept(MediaType.APPLICATION_JSON)
+                .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
                 response.getStatus());
 
         String ent = response.getEntity(String.class);
-		JsonNode node = JsonUtils.readTree(ent);
+        JsonNode node = JsonUtils.readTree(ent);
         assertNotNull(node);
         assertEquals(302, node.at("/errors/0/0").asInt());
         assertEquals(302, node.at("/errors/1/0").asInt());
-		assertTrue(node.at("/errors/2").isMissingNode());
-		assertFalse(node.at("/collection").isMissingNode());
+        assertTrue(node.at("/errors/2").isMissingNode());
+        assertFalse(node.at("/collection").isMissingNode());
         assertEquals(13, node.at("/meta/count").asInt());
     }
 
 
     @Test
-    public void testSearchQueryWithMeta () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=der]")
-                .queryParam("ql", "poliqarp").queryParam("cutoff", "true")
-                .queryParam("count", "5").queryParam("page", "1")
-                .queryParam("context", "40-t,30-t").get(ClientResponse.class);
+    public void testSearchQueryWithMeta () throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=der]").queryParam("ql", "poliqarp")
+                .queryParam("cutoff", "true").queryParam("count", "5")
+                .queryParam("page", "1").queryParam("context", "40-t,30-t")
+                .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String ent = response.getEntity(String.class);
@@ -99,10 +92,9 @@
     }
 
     @Test
-    public void testSearchQueryFreeExtern () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=die]")
-                .queryParam("ql", "poliqarp")
+    public void testSearchQueryFreeExtern () throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=die]").queryParam("ql", "poliqarp")
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -119,12 +111,11 @@
         assertEquals("operation:insertion",
                 node.at("/collection/rewrites/0/operation").asText());
     }
-    
+
     @Test
-    public void testSearchQueryFreeIntern () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=die]")
-                .queryParam("ql", "poliqarp")
+    public void testSearchQueryFreeIntern () throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=die]").queryParam("ql", "poliqarp")
                 .header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -141,29 +132,32 @@
         assertEquals("operation:insertion",
                 node.at("/collection/rewrites/0/operation").asText());
     }
-    
-    
+
+
     @Test
-    public void testSearchQueryExternAuthorized () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=die]")
-                .queryParam("ql", "poliqarp")
+    public void testSearchQueryExternAuthorized () throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=die]").queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String entity = response.getEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-//        System.out.println(entity);
+        // System.out.println(entity);
         assertNotNull(node);
         assertNotEquals(0, node.path("matches").size());
         assertEquals("koral:docGroup", node.at("/collection/@type").asText());
         assertEquals("CC-BY.*",
                 node.at("/collection/operands/0/value").asText());
-        assertEquals("ACA.*", node.at("/collection/operands/1/operands/0/value").asText());
-        assertEquals("QAO-NC", node.at("/collection/operands/1/operands/1/value").asText());
+        assertEquals("ACA.*",
+                node.at("/collection/operands/1/operands/0/value").asText());
+        assertEquals("QAO-NC",
+                node.at("/collection/operands/1/operands/1/value").asText());
         assertEquals("operation:or", node.at("/collection/operation").asText());
         assertEquals("availability(PUB)",
                 node.at("/collection/rewrites/0/scope").asText());
@@ -172,12 +166,13 @@
     }
 
     @Test
-    public void testSearchQueryInternAuthorized () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=die]")
-                .queryParam("ql", "poliqarp")
+    public void testSearchQueryInternAuthorized () throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=die]").queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -186,30 +181,35 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertNotNull(node);
         assertNotEquals(0, node.path("matches").size());
-        //EM: no rewrite is needed
-//        assertEquals("koral:docGroup", node.at("/collection/@type").asText());
-//        assertEquals("QAO.*", node.at("/collection/operands/0/value").asText());
-//        assertEquals("ACA.*",
-//                node.at("/collection/operands/1/operands/0/value").asText());
-//        assertEquals("CC-BY.*",
-//                node.at("/collection/operands/1/operands/1/value").asText());
-//        assertEquals("operation:or", node.at("/collection/operation").asText());
-//        assertEquals("availability(ALL)",
-//                node.at("/collection/rewrites/0/scope").asText());
-//        assertEquals("operation:insertion",
-//                node.at("/collection/rewrites/0/operation").asText());
+        // EM: no rewrite is needed
+        // assertEquals("koral:docGroup",
+        // node.at("/collection/@type").asText());
+        // assertEquals("QAO.*",
+        // node.at("/collection/operands/0/value").asText());
+        // assertEquals("ACA.*",
+        // node.at("/collection/operands/1/operands/0/value").asText());
+        // assertEquals("CC-BY.*",
+        // node.at("/collection/operands/1/operands/1/value").asText());
+        // assertEquals("operation:or",
+        // node.at("/collection/operation").asText());
+        // assertEquals("availability(ALL)",
+        // node.at("/collection/rewrites/0/scope").asText());
+        // assertEquals("operation:insertion",
+        // node.at("/collection/rewrites/0/operation").asText());
     }
 
- // EM: shouldn't this case gets CorpusAccess.PUB ? 
+    // EM: shouldn't this case gets CorpusAccess.PUB ?
     @Test
     @Ignore
-    public void testSearchQueryWithCollectionQueryAuthorizedWithoutIP () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=das]")
-                .queryParam("ql", "poliqarp")
+    public void testSearchQueryWithCollectionQueryAuthorizedWithoutIP ()
+            throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=das]").queryParam("ql", "poliqarp")
                 .queryParam("cq", "textClass=politik & corpusSigle=BRZ10")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -230,15 +230,16 @@
         assertEquals("corpusSigle",
                 node.at("/collection/operands/1/operands/1/key").asText());
     }
-    
+
     @Test
     @Ignore
-    public void testSearchQueryAuthorizedWithoutIP () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=die]")
-                .queryParam("ql", "poliqarp")
+    public void testSearchQueryAuthorizedWithoutIP () throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=die]").queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -254,16 +255,16 @@
         assertEquals("availability(PUB)",
                 node.at("/collection/rewrites/0/scope").asText());
     }
-    
-    
+
+
 
     @Test
     @Ignore
-    public void testSearchForPublicCorpusWithStringId () throws KustvaktException {
-        ClientResponse response = resource()
-                .path("corpus").path("GOE").path("search")
-                .queryParam("q", "blau").queryParam("ql", "poliqarp")
-                .get(ClientResponse.class);
+    public void testSearchForPublicCorpusWithStringId ()
+            throws KustvaktException {
+        ClientResponse response = resource().path("corpus").path("GOE")
+                .path("search").queryParam("q", "blau")
+                .queryParam("ql", "poliqarp").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String ent = response.getEntity(String.class);
@@ -285,11 +286,11 @@
 
     @Test
     @Ignore
-    public void testSearchForVirtualCollectionWithStringId () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("collection").path("GOE-VC").path("search")
-                .queryParam("q", "blau").queryParam("ql", "poliqarp")
-                .get(ClientResponse.class);
+    public void testSearchForVirtualCollectionWithStringId ()
+            throws KustvaktException {
+        ClientResponse response = resource().path("collection").path("GOE-VC")
+                .path("search").queryParam("q", "blau")
+                .queryParam("ql", "poliqarp").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String ent = response.getEntity(String.class);
@@ -311,11 +312,11 @@
 
     @Test
     @Ignore
-    public void testSearchForCorpusWithStringIdUnauthorized () throws KustvaktException {
-        ClientResponse response = resource()
-                .path("corpus").path("WPD15").path("search")
-                .queryParam("q", "blau").queryParam("ql", "poliqarp")
-                .get(ClientResponse.class);
+    public void testSearchForCorpusWithStringIdUnauthorized ()
+            throws KustvaktException {
+        ClientResponse response = resource().path("corpus").path("WPD15")
+                .path("search").queryParam("q", "blau")
+                .queryParam("ql", "poliqarp").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
                 response.getStatus());
         String ent = response.getEntity(String.class);
@@ -328,12 +329,14 @@
 
     @Test
     @Ignore
-    public void testSearchForSpecificCorpus () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("corpus").path("GOE").path("search")
-                .queryParam("q", "[orth=das]").queryParam("ql", "poliqarp")
+    public void testSearchForSpecificCorpus () throws KustvaktException {
+        ClientResponse response = resource().path("corpus").path("GOE")
+                .path("search").queryParam("q", "[orth=das]")
+                .queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("kustvakt", "kustvakt2015"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -354,13 +357,11 @@
 
 
 
-
     @Test
-    public void testSearchSentenceMeta () throws KustvaktException{
-        ClientResponse response = resource()
-                .path("search").queryParam("q", "[orth=der]")
-                .queryParam("ql", "poliqarp").queryParam("context", "sentence")
-                .get(ClientResponse.class);
+    public void testSearchSentenceMeta () throws KustvaktException {
+        ClientResponse response = resource().path("search")
+                .queryParam("q", "[orth=der]").queryParam("ql", "poliqarp")
+                .queryParam("context", "sentence").get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String ent = response.getEntity(String.class);
@@ -372,12 +373,12 @@
 
 
     @Test
-    public void testSearchSimpleCQL () throws KustvaktException{
+    public void testSearchSimpleCQL () throws KustvaktException {
         QuerySerializer s = new QuerySerializer();
         s.setQuery("(der) or (das)", "CQL");
 
-        ClientResponse response = resource()
-                .path("search").post(ClientResponse.class, s.toJSON());
+        ClientResponse response = resource().path("search")
+                .post(ClientResponse.class, s.toJSON());
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String ent = response.getEntity(String.class);
@@ -385,20 +386,20 @@
         JsonNode node = JsonUtils.readTree(ent);
         assertNotNull(node);
         assertNotEquals(0, node.path("matches").size());
-        //        assertEquals(17027, node.at("/meta/totalResults").asInt());
+        // assertEquals(17027, node.at("/meta/totalResults").asInt());
     }
 
 
     @Test
-    public void testSearchRawQuery () throws KustvaktException{
+    public void testSearchRawQuery () throws KustvaktException {
         QuerySerializer s = new QuerySerializer();
         s.setQuery("[orth=der]", "poliqarp");
         s.setCollection("corpusSigle=GOE");
 
         s.setQuery("Wasser", "poliqarp");
-//        System.out.println(s.toJSON());
-        ClientResponse response = resource()
-                .path("search").post(ClientResponse.class, s.toJSON());
+        // System.out.println(s.toJSON());
+        ClientResponse response = resource().path("search")
+                .post(ClientResponse.class, s.toJSON());
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
         String ent = response.getEntity(String.class);
@@ -407,7 +408,7 @@
         JsonNode node = JsonUtils.readTree(ent);
         assertNotNull(node);
         assertNotEquals(0, node.path("matches").size());
-        //        assertEquals(10993, node.at("/meta/totalResults").asInt());
+        // assertEquals(10993, node.at("/meta/totalResults").asInt());
     }
 
 }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserControllerTest.java
index f791244..0291cdb 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserControllerTest.java
@@ -49,8 +49,6 @@
 public class UserControllerTest extends FastJerseyTest {
 
     @Autowired
-    HttpAuthorizationHandler handler;
-    @Autowired
     FullConfiguration config;
 	private static String[] credentials;
 
@@ -86,7 +84,7 @@
 
 		// map.putSingle("address", "Mannheim");
 
-		String enc = handler.createBasicAuthorizationHeaderValue("testuser", "testPassword1234");
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue("testuser", "testPassword1234");
 		response = resource().path("user").path("info")
 				.header("Content-Type", MediaType.APPLICATION_JSON).header(Attributes.AUTHORIZATION, enc)
 				.get(ClientResponse.class);
@@ -111,7 +109,7 @@
 
 		// run login/ status --> exception or information about locked account
 		// should appear
-		String enc = handler.createBasicAuthorizationHeaderValue("testuser2", "testPassword1234");
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue("testuser2", "testPassword1234");
 		response = resource().path("user").path("info").header(Attributes.AUTHORIZATION, enc)
 				.get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -144,7 +142,7 @@
 		response = resource().uri(URI.create(conf_uri)).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
 
-		String enc = handler.createBasicAuthorizationHeaderValue("testuser", "testPassword1234");
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue("testuser", "testPassword1234");
 		response = resource().path("user").path("info").header(Attributes.AUTHORIZATION, enc)
 				.get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -152,7 +150,7 @@
 
 	@Test
 	public void loginHTTP() throws KustvaktException {
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		ClientResponse response = resource().path("user").path("info")
 				.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -162,7 +160,7 @@
 	@Test
 	@Ignore
 	public void loginJWT() throws KustvaktException{
-		String en = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String en = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		/* lauffähige Version von Hanl: */
 		ClientResponse response = resource().path("auth").path("apiToken")
 				.header(Attributes.AUTHORIZATION, en).get(ClientResponse.class);
@@ -192,7 +190,7 @@
 
 		assertTrue(BeansFactory.getKustvaktContext().getConfiguration().getTokenTTL() < 10);
 
-		String en = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String en = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		ClientResponse response = resource().path("auth").path("apiToken")
 				.header(Attributes.AUTHORIZATION, en).get(ClientResponse.class);
 
@@ -220,7 +218,7 @@
 
 	@Test
 	public void testGetUserDetails() throws KustvaktException {
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		ClientResponse response = resource().path("user").path("details")
 				.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -228,7 +226,7 @@
 
 	@Test
 	public void testGetUserDetailsEmbeddedPointer() throws KustvaktException {
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		Map m = new LinkedMap();
 		m.put("test", "[100, \"error message\", true, \"another message\"]");
 
@@ -246,7 +244,7 @@
 
 	@Test
 	public void testUpdateUserDetailsMerge() throws KustvaktException{
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		Map m = new LinkedMap();
 		m.put("test", "test value 1");
 
@@ -268,7 +266,7 @@
 
 	@Test
 	public void testGetUserDetailsPointer() throws KustvaktException {
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		ClientResponse response = resource().path("user").path("details")
 				.queryParam("pointer", "email").header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -280,7 +278,7 @@
 	public void testGetUserDetailsNonExistent() throws KustvaktException {
 //		helper().setupSimpleAccount("userservicetest", "servicepass");
 
-		String enc = handler.createBasicAuthorizationHeaderValue("userservicetest", "servicepass");
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue("userservicetest", "servicepass");
 		ClientResponse response = resource().path("user").path("details")
 				.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -294,7 +292,7 @@
 
 	@Test
 	public void testGetUserSettings() throws KustvaktException {
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		ClientResponse response = resource().path("user").path("settings")
 				.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -302,7 +300,7 @@
 
 	@Test
 	public void testUpdateUserDetailsJson() throws KustvaktException{
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		Map m = new LinkedMap();
 		m.put("firstName", "newName");
 		m.put("lastName", "newLastName");
@@ -337,7 +335,7 @@
 	@Test
 	@Ignore
 	public void testUpdateUserSettingsForm() throws IOException, KustvaktException{
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		MultivaluedMap m = new MultivaluedMapImpl();
 		m.putSingle("queryLanguage", "poliqarp_test");
 		m.putSingle("pageLength", "200");
@@ -375,7 +373,7 @@
 
 	@Test
 	public void testUpdateUserSettingsJson() throws IOException, KustvaktException {
-		String enc = handler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
+		String enc = HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(credentials[0], credentials[1]);
 		Map m = new HashMap<>();
 		m.put("queryLanguage", "poliqarp_test");
 		m.put("pageLength", "200");
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
index 946dd8b..745ed0a 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerAdminTest.java
@@ -7,7 +7,6 @@
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
@@ -31,8 +30,6 @@
  *
  */
 public class UserGroupControllerAdminTest extends SpringJerseyTest {
-    @Autowired
-    private HttpAuthorizationHandler handler;
 
     private String adminUsername = "admin";
     private String testUsername = "UserGroupControllerAdminTest";
@@ -43,8 +40,8 @@
         ClientResponse response = resource().path("group").path("list")
                 .queryParam("username", username)
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                testUsername, "pass"))
+                        HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                                        testUsername, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -59,8 +56,9 @@
         ClientResponse response = resource().path("group").path("list")
                 .path("system-admin").queryParam("username", "dory")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                adminUsername, "pass"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        adminUsername, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -77,8 +75,9 @@
                 .path("system-admin").queryParam("username", "dory")
                 .queryParam("status", "ACTIVE")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                adminUsername, "pass"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        adminUsername, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -94,10 +93,10 @@
     @Test
     public void testListWithoutUsername () throws UniformInterfaceException,
             ClientHandlerException, KustvaktException {
-        ClientResponse response = resource().path("group").path("list")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                adminUsername, "pass"))
+        ClientResponse response = resource().path("group").path("list").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        adminUsername, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -112,8 +111,9 @@
         ClientResponse response =
                 resource().path("group").path("list").path("system-admin")
                         .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        adminUsername, "pass"))
+                                HttpAuthorizationHandler
+                                        .createBasicAuthorizationHeaderValue(
+                                                adminUsername, "pass"))
                         .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                         .get(ClientResponse.class);
 
@@ -137,8 +137,9 @@
         ClientResponse response = resource().path("group").path("list")
                 .path("system-admin").queryParam("status", "HIDDEN")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                adminUsername, "pass"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        adminUsername, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -160,8 +161,9 @@
         ClientResponse response = resource().path("group").path("create")
                 .type(MediaType.APPLICATION_JSON)
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                testUsername, "password"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        testUsername, "password"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").entity(json)
                 .post(ClientResponse.class);
 
@@ -191,9 +193,8 @@
         ClientResponse response = resource().path("group").path("subscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("marlin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("marlin", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
@@ -215,8 +216,9 @@
                 resource().path("group").path("member").path("role").path("add")
                         .type(MediaType.APPLICATION_FORM_URLENCODED)
                         .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        adminUsername, "password"))
+                                HttpAuthorizationHandler
+                                        .createBasicAuthorizationHeaderValue(
+                                                adminUsername, "password"))
                         .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                         .entity(map).post(ClientResponse.class);
 
@@ -247,8 +249,9 @@
                 .path("role").path("delete")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                adminUsername, "password"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        adminUsername, "password"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").entity(map)
                 .post(ClientResponse.class);
 
@@ -268,10 +271,10 @@
     private JsonNode retrieveGroup (String groupId)
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
-        ClientResponse response = resource().path("group").path(groupId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                adminUsername, "pass"))
+        ClientResponse response = resource().path("group").path(groupId).header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        adminUsername, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -289,8 +292,9 @@
         ClientResponse response =
                 resource().path("group").path("delete").path(groupId)
                         .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        adminUsername, "pass"))
+                                HttpAuthorizationHandler
+                                        .createBasicAuthorizationHeaderValue(
+                                                adminUsername, "pass"))
                         .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                         .delete(ClientResponse.class);
 
@@ -308,8 +312,9 @@
         ClientResponse response = resource().path("group").path("member")
                 .path("delete").path(groupId).path("marlin")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                adminUsername, "pass"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        adminUsername, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
@@ -337,8 +342,9 @@
                 .path("invite").type(MediaType.APPLICATION_JSON)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                adminUsername, "pass"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        adminUsername, "pass"))
                 .entity(userGroup).post(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
index 8b7664c..b0a3d10 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
@@ -6,7 +6,6 @@
 import javax.ws.rs.core.MultivaluedMap;
 
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
@@ -32,8 +31,6 @@
  */
 public class UserGroupControllerTest extends SpringJerseyTest {
 
-    @Autowired
-    private HttpAuthorizationHandler handler;
     private String username = "UserGroupControllerTest";
     private String admin = "admin";
 
@@ -41,9 +38,8 @@
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
         ClientResponse response = resource().path("group").path("list")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -57,9 +53,8 @@
     @Test
     public void testListDoryGroups () throws KustvaktException {
         ClientResponse response = resource().path("group").path("list")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -78,9 +73,8 @@
     @Test
     public void testListNemoGroups () throws KustvaktException {
         ClientResponse response = resource().path("group").path("list")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("nemo",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("nemo", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -100,9 +94,8 @@
     public void testListMarlinGroups () throws KustvaktException {
         ClientResponse response = resource().path("group").path("list")
                 .queryParam("username", "marlin")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("marlin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("marlin", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -138,9 +131,8 @@
 
         ClientResponse response = resource().path("group").path("create")
                 .type(MediaType.APPLICATION_JSON)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").entity(json)
                 .post(ClientResponse.class);
 
@@ -148,9 +140,8 @@
 
         // list user group
         response = resource().path("group").path("list")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -194,17 +185,15 @@
         // delete marlin from group
         ClientResponse response = resource().path("group").path("member")
                 .path("delete").path(groupId).path("marlin")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
         // check group member
         response = resource().path("group").path("list")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -219,9 +208,8 @@
         // nemo is a group member
         ClientResponse response = resource().path("group").path("member")
                 .path("delete").path(groupId).path("marlin")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("nemo",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("nemo", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
@@ -242,9 +230,8 @@
         ClientResponse response = resource().path("group").path("member")
                 // dory group
                 .path("delete").path("2").path("pearl")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
@@ -260,9 +247,8 @@
             ClientHandlerException, KustvaktException {
         ClientResponse response = resource().path("group").path("member")
                 .path("delete").path("2").path("pearl")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
@@ -281,13 +267,12 @@
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
         // delete group
-        ClientResponse response =
-                resource().path("group").path("delete").path(groupId)
-                        .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        username, "pass"))
-                        .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                        .delete(ClientResponse.class);
+        ClientResponse response = resource().path("group").path("delete")
+                .path(groupId)
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+                .delete(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
 
@@ -295,9 +280,8 @@
         response = resource().path("group").path("list").path("system-admin")
                 .queryParam("username", username)
                 .queryParam("status", "DELETED")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -317,13 +301,12 @@
     public void testDeleteGroupUnauthorized () throws UniformInterfaceException,
             ClientHandlerException, KustvaktException {
         // dory is a group admin in marlin group
-        ClientResponse response =
-                resource().path("group").path("delete").path("1")
-                        .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        "dory", "pass"))
-                        .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                        .delete(ClientResponse.class);
+        ClientResponse response = resource().path("group").path("delete")
+                .path("1")
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+                .delete(ClientResponse.class);
 
         String entity = response.getEntity(String.class);
         // System.out.println(entity);
@@ -338,13 +321,12 @@
     @Test
     public void testDeleteDeletedGroup () throws UniformInterfaceException,
             ClientHandlerException, KustvaktException {
-        ClientResponse response =
-                resource().path("group").path("delete").path("4")
-                        .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        "dory", "pass"))
-                        .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                        .delete(ClientResponse.class);
+        ClientResponse response = resource().path("group").path("delete")
+                .path("4")
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+                .delete(ClientResponse.class);
 
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
 
@@ -363,9 +345,8 @@
         // dory is a group admin in marlin group
         ClientResponse response = resource().path("group").path("member")
                 .path("delete").path("1").path("marlin")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
@@ -390,18 +371,16 @@
         ClientResponse response = resource().path("group").path("member")
                 .path("invite").type(MediaType.APPLICATION_JSON)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .entity(userGroup).post(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
 
         // list group
         response = resource().path("group").path("list")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -429,9 +408,8 @@
         ClientResponse response = resource().path("group").path("member")
                 .path("invite").type(MediaType.APPLICATION_JSON)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .entity(userGroup).post(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
@@ -459,9 +437,8 @@
         ClientResponse response = resource().path("group").path("member")
                 .path("invite").type(MediaType.APPLICATION_JSON)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .entity(userGroup).post(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
@@ -490,9 +467,8 @@
         ClientResponse response = resource().path("group").path("member")
                 .path("invite").type(MediaType.APPLICATION_JSON)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .entity(userGroup).post(ClientResponse.class);
         String entity = response.getEntity(String.class);
         // System.out.println(entity);
@@ -523,9 +499,8 @@
         ClientResponse response = resource().path("group").path("member")
                 .path("invite").type(MediaType.APPLICATION_JSON)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .entity(userGroup).post(ClientResponse.class);
 
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -556,9 +531,8 @@
         ClientResponse response = resource().path("group").path("member")
                 .path("invite").type(MediaType.APPLICATION_JSON)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .entity(userGroup).post(ClientResponse.class);
 
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -580,9 +554,8 @@
         ClientResponse response = resource().path("group").path("subscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("marlin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("marlin", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
@@ -624,9 +597,8 @@
         ClientResponse response = resource().path("group").path("subscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("pearl",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("pearl", "pass"))
                 .entity(form).post(ClientResponse.class);
         String entity = response.getEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
@@ -642,7 +614,7 @@
     public void testSubscribeMissingGroupId () throws KustvaktException {
         ClientResponse response = resource().path("group").path("subscribe")
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION, handler
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue("bruce", "pass"))
                 .post(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -663,9 +635,8 @@
         ClientResponse response = resource().path("group").path("subscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("bruce",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("bruce", "pass"))
                 .entity(form).post(ClientResponse.class);
         String entity = response.getEntity(String.class);
         // System.out.println(entity);
@@ -686,9 +657,8 @@
         ClientResponse response = resource().path("group").path("subscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("pearl",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("pearl", "pass"))
                 .entity(form).post(ClientResponse.class);
         String entity = response.getEntity(String.class);
         // System.out.println(entity);
@@ -710,9 +680,8 @@
         ClientResponse response = resource().path("group").path("subscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("nemo",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("nemo", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -731,9 +700,8 @@
         ClientResponse response = resource().path("group").path("unsubscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("marlin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("marlin", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
@@ -745,9 +713,8 @@
     private void checkGroupMemberRole (String groupId, String deletedMemberName)
             throws KustvaktException {
         ClientResponse response = resource().path("group").path(groupId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -777,9 +744,8 @@
         ClientResponse response = resource().path("group").path("unsubscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("pearl",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("pearl", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         String entity = response.getEntity(String.class);
@@ -808,9 +774,8 @@
         ClientResponse response = resource().path("group").path("unsubscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("marlin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("marlin", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
@@ -830,9 +795,8 @@
         ClientResponse response = resource().path("group").path("unsubscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("marlin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("marlin", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -854,9 +818,8 @@
         ClientResponse response = resource().path("group").path("unsubscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("bruce",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("bruce", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -878,9 +841,8 @@
         ClientResponse response = resource().path("group").path("unsubscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("pearl",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("pearl", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -903,9 +865,8 @@
         ClientResponse response = resource().path("group").path("unsubscribe")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("nemo",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("nemo", "pass"))
                 .entity(form).post(ClientResponse.class);
 
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerAdminTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerAdminTest.java
index 28ed689..962b7d1 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerAdminTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerAdminTest.java
@@ -7,15 +7,14 @@
 
 import org.apache.http.entity.ContentType;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
 import com.sun.jersey.api.client.ClientHandlerException;
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.api.client.ClientResponse.Status;
-import com.sun.jersey.core.util.MultivaluedMapImpl;
 import com.sun.jersey.api.client.UniformInterfaceException;
+import com.sun.jersey.core.util.MultivaluedMapImpl;
 
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
@@ -30,9 +29,6 @@
  */
 public class VirtualCorpusControllerAdminTest extends SpringJerseyTest {
 
-    @Autowired
-    private HttpAuthorizationHandler handler;
-
     private String admin = "admin";
     private String username = "VirtualCorpusControllerAdminTest";
 
@@ -40,9 +36,8 @@
     public void testSearchPrivateVC () throws UniformInterfaceException,
             ClientHandlerException, KustvaktException {
         ClientResponse response = resource().path("vc").path("1")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -60,9 +55,8 @@
             ClientHandlerException, KustvaktException {
 
         ClientResponse response = resource().path("vc").path("2")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -81,7 +75,7 @@
         ClientResponse response = resource().path("vc").path("list")
                 .queryParam("createdBy", "dory")
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION, handler
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .get(ClientResponse.class);
 
@@ -98,7 +92,7 @@
                 .path("system-admin").queryParam("type", "SYSTEM")
                 .queryParam("createdBy", admin)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION, handler
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .get(ClientResponse.class);
 
@@ -114,9 +108,8 @@
                 + "\"corpusQuery\": \"creationDate since 1820\"}";
 
         ClientResponse response = resource().path("vc").path("create")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
 
@@ -133,13 +126,12 @@
     private void testDeleteSystemVC (String vcId)
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
-        ClientResponse response =
-                resource().path("vc").path("delete").path(vcId)
-                        .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        admin, "pass"))
-                        .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                        .delete(ClientResponse.class);
+        ClientResponse response = resource().path("vc").path("delete")
+                .path(vcId)
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+                .delete(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
 
@@ -154,9 +146,8 @@
                 + "\"corpusQuery\": \"corpusSigle=GOE\"}";
 
         ClientResponse response = resource().path("vc").path("create")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -176,7 +167,7 @@
         ClientResponse response = resource().path("vc").path("list")
                 .path("system-admin").queryParam("createdBy", username)
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION, handler
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .get(ClientResponse.class);
 
@@ -193,9 +184,8 @@
         String json = "{\"id\": \"" + vcId + "\", \"name\": \"edited vc\"}";
 
         ClientResponse response = resource().path("vc").path("edit")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -209,13 +199,12 @@
     private void testDeletePrivateVC (String vcId)
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
-        ClientResponse response =
-                resource().path("vc").path("delete").path(vcId)
-                        .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        admin, "pass"))
-                        .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                        .delete(ClientResponse.class);
+        ClientResponse response = resource().path("vc").path("delete")
+                .path(vcId)
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+                .delete(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
 
@@ -227,9 +216,8 @@
     private String testlistAccessByVC (String vcId) throws KustvaktException {
         ClientResponse response = resource().path("vc").path("access")
                 .path("list").queryParam("vcId", vcId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -251,9 +239,8 @@
             throws KustvaktException {
         ClientResponse response = resource().path("vc").path("access")
                 .path("list").path("byGroup").queryParam("groupId", groupId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -288,9 +275,8 @@
         // share VC
         response = resource().path("vc").path("access").path("share")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(admin,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(admin, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").entity(form)
                 .post(ClientResponse.class);
 
@@ -304,9 +290,8 @@
 
         ClientResponse response = resource().path("vc").path("access")
                 .path("delete").path(accessId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
index 0078a50..a9e849d 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/VirtualCorpusControllerTest.java
@@ -16,7 +16,6 @@
 
 import org.apache.http.entity.ContentType;
 import org.junit.Test;
-import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.google.common.net.HttpHeaders;
@@ -43,9 +42,6 @@
  */
 public class VirtualCorpusControllerTest extends SpringJerseyTest {
 
-    @Autowired
-    private HttpAuthorizationHandler handler;
-
     private void checkWWWAuthenticateHeader (ClientResponse response) {
         Set<Entry<String, List<String>>> headers =
                 response.getHeaders().entrySet();
@@ -68,9 +64,8 @@
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
         ClientResponse response = resource().path("vc").path(vcId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -84,9 +79,8 @@
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
         ClientResponse response = resource().path("vc").path("list")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
 
                 .get(ClientResponse.class);
@@ -101,14 +95,13 @@
     private JsonNode testListOwnerVC (String username)
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
-        ClientResponse response =
-                resource().path("vc").path("list").path("user")
-                        .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        username, "pass"))
-                        .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+        ClientResponse response = resource().path("vc").path("list")
+                .path("user")
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
 
-                        .get(ClientResponse.class);
+                .get(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
 
@@ -119,14 +112,13 @@
 
     private void testDeleteVC (String vcId, String username)
             throws KustvaktException {
-        ClientResponse response =
-                resource().path("vc").path("delete").path(vcId)
-                        .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
-                                        username, "pass"))
-                        .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+        ClientResponse response = resource().path("vc").path("delete")
+                .path(vcId)
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
 
-                        .delete(ClientResponse.class);
+                .delete(ClientResponse.class);
 
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
     }
@@ -135,9 +127,8 @@
             throws KustvaktException {
         ClientResponse response = resource().path("vc").path("access")
                 .path("list").queryParam("vcId", vcId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -170,10 +161,10 @@
     public void testSearchPrivateVCUnauthorized ()
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
-        ClientResponse response = resource().path("vc").path("1")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+        ClientResponse response = resource().path("vc").path("1").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -205,9 +196,8 @@
             KustvaktException {
 
         ClientResponse response = resource().path("vc").path("2")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("marlin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("marlin", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -264,7 +254,7 @@
         ClientResponse response = resource().path("vc").path("list")
                 .queryParam("createdBy", "dory")
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                .header(Attributes.AUTHORIZATION, handler
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
                         .createBasicAuthorizationHeaderValue("pearl", "pass"))
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -302,10 +292,10 @@
         String json = "{\"name\": \"new vc\",\"type\": \"PRIVATE\","
                 + "\"corpusQuery\": \"corpusSigle=GOE\"}";
 
-        ClientResponse response = resource().path("vc").path("create")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+        ClientResponse response = resource().path("vc").path("create").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -332,10 +322,10 @@
     public void testCreatePublishVC () throws KustvaktException {
         String json = "{\"name\": \"new published vc\",\"type\": \"PUBLISHED\""
                 + ",\"corpusQuery\": \"corpusSigle=GOE\"}";
-        ClientResponse response = resource().path("vc").path("create")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+        ClientResponse response = resource().path("vc").path("create").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -377,9 +367,8 @@
             throws UniformInterfaceException, ClientHandlerException,
             KustvaktException {
         ClientResponse response = resource().path("group").path(groupId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("admin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("admin", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
 
@@ -432,7 +421,7 @@
                 + "IsImlzcyI6Imh0dHBzOlwvXC9rb3JhcC5pZHMtbWFubmhlaW0uZG"
                 + "UiLCJleHAiOjE1MzA2MTgyOTR9.JUMvTQZ4tvdRXFBpQKzoNxrq7"
                 + "CuYAfytr_LWqY8woJs";
-        
+
         ClientResponse response = resource().path("vc").path("create")
                 .header(Attributes.AUTHORIZATION,
                         AuthenticationScheme.API.displayName() + " "
@@ -457,10 +446,10 @@
         String json = "{\"name\": \"new vc\",\"type\": \"SYSTEM\","
                 + "\"corpusQuery\": \"creationDate since 1820\"}";
 
-        ClientResponse response = resource().path("vc").path("create")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+        ClientResponse response = resource().path("vc").path("create").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
 
@@ -502,10 +491,10 @@
     public void testCreateVCWithoutcorpusQuery () throws KustvaktException {
         String json = "{\"name\": \"new vc\",\"type\": \"PRIVATE\"}";
 
-        ClientResponse response = resource().path("vc").path("create")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+        ClientResponse response = resource().path("vc").path("create").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -524,10 +513,10 @@
         String json = "{\"name\": \"new vc\",\"corpusQuery\": "
                 + "\"creationDate since 1820\"}";
 
-        ClientResponse response = resource().path("vc").path("create")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+        ClientResponse response = resource().path("vc").path("create").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -546,10 +535,10 @@
         String json = "{\"name\": \"new vc\",\"type\": \"PRIVAT\","
                 + "\"corpusQuery\": \"creationDate since 1820\"}";
 
-        ClientResponse response = resource().path("vc").path("create")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+        ClientResponse response = resource().path("vc").path("create").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .entity(json).post(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -569,8 +558,9 @@
     public void testDeleteVCUnauthorized () throws KustvaktException {
         ClientResponse response = resource().path("vc").path("delete").path("1")
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
 
                 .delete(ClientResponse.class);
@@ -595,9 +585,8 @@
         String json = "{\"id\": \"1\", \"name\": \"edited vc\"}";
 
         ClientResponse response = resource().path("vc").path("edit")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -612,9 +601,8 @@
         json = "{\"id\": \"1\", \"name\": \"dory VC\"}";
 
         response = resource().path("vc").path("edit")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -630,10 +618,10 @@
     public void testEditVCNotOwner () throws KustvaktException {
         String json = "{\"id\": \"1\", \"name\": \"edited vc\"}";
 
-        ClientResponse response = resource().path("vc").path("edit")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+        ClientResponse response = resource().path("vc").path("edit").header(
+                Attributes.AUTHORIZATION,
+                HttpAuthorizationHandler.createBasicAuthorizationHeaderValue(
+                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -662,9 +650,8 @@
         String json = "{\"id\": \"" + vcId + "\", \"type\": \"PUBLISHED\"}";
 
         ClientResponse response = resource().path("vc").path("edit")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -685,9 +672,8 @@
         json = "{\"id\": \"2\", \"type\": \"PROJECT\"}";
 
         response = resource().path("vc").path("edit")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .header(HttpHeaders.CONTENT_TYPE, ContentType.APPLICATION_JSON)
                 .post(ClientResponse.class, json);
@@ -711,13 +697,14 @@
 
     @Test
     public void testlistAccessMissingId () throws KustvaktException {
-        ClientResponse response =
-                resource().path("vc").path("access").path("list")
-                        .header(Attributes.AUTHORIZATION,
-                                handler.createBasicAuthorizationHeaderValue(
+        ClientResponse response = resource().path("vc").path("access")
+                .path("list")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
                                         "VirtualCorpusControllerTest", "pass"))
-                        .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
-                        .get(ClientResponse.class);
+                .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
+                .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -730,9 +717,8 @@
     public void testlistAccessByGroup () throws KustvaktException {
         ClientResponse response = resource().path("vc").path("access")
                 .path("list").path("byGroup").queryParam("groupId", "2")
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
@@ -762,9 +748,8 @@
         // share VC
         response = resource().path("vc").path("access").path("share")
                 .type(MediaType.APPLICATION_FORM_URLENCODED)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("marlin",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("marlin", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").entity(form)
                 .post(ClientResponse.class);
 
@@ -809,9 +794,8 @@
         // dory is VCA in marlin group
         ClientResponse response = resource().path("vc").path("access")
                 .path("share").type(MediaType.APPLICATION_FORM_URLENCODED)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("dory",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("dory", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").entity(form)
                 .post(ClientResponse.class);
 
@@ -838,9 +822,8 @@
         // nemo is not VCA in marlin group
         ClientResponse response = resource().path("vc").path("access")
                 .path("share").type(MediaType.APPLICATION_FORM_URLENCODED)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue("nemo",
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue("nemo", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32").entity(form)
                 .post(ClientResponse.class);
 
@@ -858,9 +841,8 @@
             KustvaktException {
         ClientResponse response = resource().path("vc").path("access")
                 .path("delete").path(accessId)
-                .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(username,
-                                "pass"))
+                .header(Attributes.AUTHORIZATION, HttpAuthorizationHandler
+                        .createBasicAuthorizationHeaderValue(username, "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
@@ -873,8 +855,9 @@
         ClientResponse response = resource().path("vc").path("access")
                 .path("delete").path(accessId)
                 .header(Attributes.AUTHORIZATION,
-                        handler.createBasicAuthorizationHeaderValue(
-                                "VirtualCorpusControllerTest", "pass"))
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue(
+                                        "VirtualCorpusControllerTest", "pass"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .delete(ClientResponse.class);
 
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index e09f9c4..99c295c 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -49,6 +49,10 @@
 oauth2.password.authentication = TEST
 oauth2.native.client.host = korap.ids-mannheim.de
 oauth2.max.attempts = 2
+# expiry in seconds (S), minutes (M), hours (H), days (D)
+oauth2.access.token.expiry = 3S
+oauth2.refresh.token.expiry = 90D
+oauth2.authorization.code.expiry = 10M
 # -- scopes separated by space
 oauth2.default.scopes = openid search match_info
 oauth2.client.credentials.scopes = client_info
diff --git a/full/src/test/resources/test-config.xml b/full/src/test/resources/test-config.xml
index 28cd408..ad3d702 100644
--- a/full/src/test/resources/test-config.xml
+++ b/full/src/test/resources/test-config.xml
@@ -159,7 +159,8 @@
 	<!-- Data access objects -->
 	<bean id="resourceDao" class="de.ids_mannheim.korap.dao.ResourceDao" />
 	<bean id="accessScopeDao" class="de.ids_mannheim.korap.oauth2.dao.AccessScopeDao" />
-
+	<bean id="authorizationDao" class="de.ids_mannheim.korap.oauth2.dao.AuthorizationCacheDao" />
+	
 	<!-- props are injected from default-config.xml -->
 	<bean id="kustvakt_config" class="de.ids_mannheim.korap.config.FullConfiguration">
 		<constructor-arg name="properties" ref="props" />
@@ -215,10 +216,6 @@
 		<constructor-arg ref="kustvakt_db" />
 	</bean>
 
-	<bean id="resource_provider" class="de.ids_mannheim.korap.handlers.ResourceDao">
-		<constructor-arg ref="kustvakt_db" />
-	</bean>
-
 	<bean id="document_provider" class="de.ids_mannheim.korap.handlers.DocumentDao">
 		<constructor-arg ref="kustvakt_db" />
 	</bean>
@@ -288,7 +285,6 @@
 	<util:list id="kustvakt_resources"
 		value-type="de.ids_mannheim.korap.interfaces.db.ResourceOperationIface">
 		<ref bean="document_provider" />
-		<ref bean="resource_provider" />
 	</util:list>
 
 	<!-- specify type for constructor argument -->