Introduced authentication type as enums.

Change-Id: I5d76adf1aca28cff4a62f965d7f6e80f09db60ec
diff --git a/full/src/main/java/de/ids_mannheim/korap/security/auth/APIAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
similarity index 96%
rename from full/src/main/java/de/ids_mannheim/korap/security/auth/APIAuthentication.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
index 5e4cfc2..c07744f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/security/auth/APIAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/APIAuthentication.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.security.auth;
+package de.ids_mannheim.korap.authentication;
 
 import com.nimbusds.jose.JOSEException;
 import com.nimbusds.jwt.SignedJWT;
@@ -23,7 +23,7 @@
 /**
  * Created by hanl on 5/23/14.
  */
-public class APIAuthentication implements AuthenticationIface {
+public class APIAuthentication implements AuthenticationIface{
 
     private JWTSigner signedToken;
     private Cache invalided = CacheManager.getInstance().getCache(
diff --git a/full/src/main/java/de/ids_mannheim/korap/security/auth/BasicHttpAuth.java b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java
similarity index 96%
rename from full/src/main/java/de/ids_mannheim/korap/security/auth/BasicHttpAuth.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java
index ba1a26c..cb25b1f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/security/auth/BasicHttpAuth.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.security.auth;
+package de.ids_mannheim.korap.authentication;
 
 import java.util.Map;
 
@@ -6,7 +6,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 
 import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.BeansFactory;
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.config.Scopes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
@@ -20,7 +19,8 @@
 import de.ids_mannheim.korap.utils.StringUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
 
-/**
+/** EM: do not use at the moment, there is no authentication checking
+ * 
  * @author hanl
  * @date 28/04/2015
  */
diff --git a/full/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
similarity index 98%
rename from full/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
index 31d5f46..b420399 100644
--- a/full/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.security.auth;
+package de.ids_mannheim.korap.authentication;
 
 import java.io.IOException;
 import java.io.UnsupportedEncodingException;
@@ -21,6 +21,7 @@
 
 import de.ids_mannheim.korap.auditing.AuditRecord;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.BeansFactory;
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.config.URIParam;
@@ -170,15 +171,15 @@
 	 * @throws KustvaktException
 	 */
 	@Override
-	public User authenticate(int type, String username, String password, Map<String, Object> attributes)
+	public User authenticate(AuthenticationType type, String username, String password, Map<String, Object> attributes)
 			throws KustvaktException {
 		User user;
 		switch (type) {
-		case 1:
+		case SHIBBOLETH:
 			// todo:
 			user = authenticateShib(attributes);
 			break;
-		case 2:
+		case LDAP:
 			// IdM/LDAP: (09.02.17/FB)
 			user = authenticateIdM(username, password, attributes);
 			break;
diff --git a/full/src/main/java/de/ids_mannheim/korap/security/auth/LdapAuth3.java b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
similarity index 99%
rename from full/src/main/java/de/ids_mannheim/korap/security/auth/LdapAuth3.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
index 0f44a67..8d1d859 100644
--- a/full/src/main/java/de/ids_mannheim/korap/security/auth/LdapAuth3.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/LdapAuth3.java
@@ -24,7 +24,7 @@
  * - Passwort des Admin verschl�sseln.
  */
  
-package de.ids_mannheim.korap.security.auth;
+package de.ids_mannheim.korap.authentication;
 
 import com.unboundid.ldap.sdk.*;
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/security/auth/LoginCounter.java b/full/src/main/java/de/ids_mannheim/korap/authentication/LoginCounter.java
similarity index 97%
rename from full/src/main/java/de/ids_mannheim/korap/security/auth/LoginCounter.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/LoginCounter.java
index 5f0a0e4..60289ce 100644
--- a/full/src/main/java/de/ids_mannheim/korap/security/auth/LoginCounter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/LoginCounter.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.security.auth;
+package de.ids_mannheim.korap.authentication;
 
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.utils.TimeUtils;
diff --git a/full/src/main/java/de/ids_mannheim/korap/security/auth/OpenIDconnectAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/OpenIDconnectAuthentication.java
similarity index 98%
rename from full/src/main/java/de/ids_mannheim/korap/security/auth/OpenIDconnectAuthentication.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/OpenIDconnectAuthentication.java
index dad0ec1..78d1915 100644
--- a/full/src/main/java/de/ids_mannheim/korap/security/auth/OpenIDconnectAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/OpenIDconnectAuthentication.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.security.auth;
+package de.ids_mannheim.korap.authentication;
 
 import com.nimbusds.jwt.SignedJWT;
 import de.ids_mannheim.korap.config.JWTSigner;
diff --git a/full/src/main/java/de/ids_mannheim/korap/security/auth/SessionAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/SessionAuthentication.java
similarity index 98%
rename from full/src/main/java/de/ids_mannheim/korap/security/auth/SessionAuthentication.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/SessionAuthentication.java
index d6060a5..bd015d6 100644
--- a/full/src/main/java/de/ids_mannheim/korap/security/auth/SessionAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/SessionAuthentication.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.security.auth;
+package de.ids_mannheim.korap.authentication;
 
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
diff --git a/full/src/main/java/de/ids_mannheim/korap/security/auth/SessionFactory.java b/full/src/main/java/de/ids_mannheim/korap/authentication/SessionFactory.java
similarity index 98%
rename from full/src/main/java/de/ids_mannheim/korap/security/auth/SessionFactory.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/SessionFactory.java
index 2d6d53e..1817799 100644
--- a/full/src/main/java/de/ids_mannheim/korap/security/auth/SessionFactory.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/SessionFactory.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.security.auth;
+package de.ids_mannheim.korap.authentication;
 
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
index 43b17cc..745470a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
@@ -27,12 +27,13 @@
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.sun.jersey.spi.container.ResourceFilters;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.BeansFactory;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
@@ -44,7 +45,7 @@
 import de.ids_mannheim.korap.web.filter.PiwikFilter;
 import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
 
-//import com.sun.xml.internal.messaging.saaj.util.Base64;
+// import com.sun.xml.internal.messaging.saaj.util.Base64;
 
 /**
  * @author hanl
@@ -58,12 +59,13 @@
 
     @Autowired
     KustvaktResponseHandler kustvaktResponseHandler;
-    
+
     private static Boolean DEBUG_LOG = true;
 
     //todo: bootstrap function to transmit certain default configuration settings and examples (example user queries,
     // default usersettings, etc.)
-    private static Logger jlog = KustvaktLogger.getLogger(AuthenticationController.class);
+    private static Logger jlog =
+            KustvaktLogger.getLogger(AuthenticationController.class);
 
     @Autowired
     private AuthenticationManagerIface controller;
@@ -193,7 +195,8 @@
         TokenContext context;
         try {
             // User user = controller.authenticate(0, values[0], values[1], attr); Implementation by Hanl
-            User user = controller.authenticate(2, values[0], values[1], attr); // Implementation with IdM/LDAP
+            User user = controller.authenticate(AuthenticationType.LDAP,
+                    values[0], values[1], attr); // Implementation with IdM/LDAP
             // Userdata data = this.controller.getUserData(user, UserDetails.class); // Implem. by Hanl
             // todo: is this necessary?
             //            attr.putAll(data.fields());
@@ -204,7 +207,8 @@
             attr.put(Attributes.LOCATION, user.getLocation());
             attr.put(Attributes.CORPUS_ACCESS, user.getCorpusAccess());
             context = controller.createTokenContext(user, attr,
-                    Attributes.API_AUTHENTICATION);
+                    AuthenticationType.LDAP.name());
+                    //Attributes.API_AUTHENTICATION);
         }
         catch (KustvaktException e) {
             throw kustvaktResponseHandler.throwit(e);
@@ -272,7 +276,8 @@
         TokenContext context;
         String contextJson;
         try {
-            User user = controller.authenticate(0, values[0], values[1], attr);
+            User user = controller.authenticate(AuthenticationType.SESSION,
+                    values[0], values[1], attr);
             context = controller.createTokenContext(user, attr,
                     Attributes.SESSION_AUTHENTICATION);
             contextJson = context.toJson();
@@ -308,7 +313,8 @@
 
         try {
             // todo: distinguish type KorAP/Shibusers
-            User user = controller.authenticate(1, null, null, attr);
+            User user = controller.authenticate(AuthenticationType.SHIBBOLETH,
+                    null, null, attr);
             context = controller.createTokenContext(user, attr, null);
         }
         catch (KustvaktException e) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
index 33163fd..06988f1 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/OAuthController.java
@@ -533,7 +533,7 @@
 
                 openid_valid = true;
                 try {
-                    user = controller.authenticate(0,
+                    user = controller.authenticate(AuthenticationType.OAUTH2,
                             oauthRequest.getUsername(),
                             oauthRequest.getPassword(), attr);
                 }
@@ -569,7 +569,7 @@
                             Scopes.Scope.openid.toString())) {
                 try {
                     if (user == null)
-                        user = controller.authenticate(0,
+                        user = controller.authenticate(AuthenticationType.OAUTH2,
                                 oauthRequest.getUsername(),
                                 oauthRequest.getPassword(), attr);
                     Userdata data = controller.getUserData(user,
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index f78b1a1..3326380 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -12,10 +12,11 @@
 import com.sun.jersey.spi.container.ContainerResponseFilter;
 import com.sun.jersey.spi.container.ResourceFilter;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.StringUtils;
@@ -42,11 +43,12 @@
 			throw kustvaktResponseHandler.throwAuthenticationException("The authorization header value is missing.");
 		}
 
+		// EM: fix me: authentication header format
 		// decode password
 		String authenticationType = StringUtils.getTokenType(authentication);
 		String authenticationCode = StringUtils.stripTokenType(authentication);
 		String username = null, token = null;
-		int tokenType = 0;
+//		A tokenType = 0;
 		
 		if (authenticationType.equals(Attributes.BASIC_AUTHENTICATION)) {
 			String[] authContent = BasicHttpAuth.decode(authenticationCode);
@@ -60,7 +62,8 @@
 		attributes.put(Attributes.HOST, host);
 		attributes.put(Attributes.USER_AGENT, agent);
 		try {
-			User user = authManager.authenticate(tokenType, username, token, attributes);
+		    // EM: fix me: AuthenticationType based on header value
+			User user = authManager.authenticate(AuthenticationType.LDAP, username, token, attributes);
 			if (!user.isAdmin()){
 				throw kustvaktResponseHandler.throwAuthenticationException("Admin authentication failed.");
 			}
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
index 2a06655..e2b8178 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
@@ -4,7 +4,8 @@
 import com.sun.jersey.spi.container.ContainerRequestFilter;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
 import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
+
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.web.utils.KustvaktContext;
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index cae9cdc..46aa18a 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -195,24 +195,24 @@
 	</bean>
 
 	<!-- authentication providers to use -->
-	<bean id="api_auth" class="de.ids_mannheim.korap.security.auth.APIAuthentication">
+	<bean id="api_auth" class="de.ids_mannheim.korap.authentication.APIAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
 			ref="kustvakt_config" />
 	</bean>
 
 	<bean id="openid_auth"
-		class="de.ids_mannheim.korap.security.auth.OpenIDconnectAuthentication">
+		class="de.ids_mannheim.korap.authentication.OpenIDconnectAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
 			ref="kustvakt_config" />
 		<constructor-arg
 			type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
 	</bean>
 
-	<bean id="basic_auth" class="de.ids_mannheim.korap.security.auth.BasicHttpAuth" />
+	<bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicHttpAuth" />
 
 
 	<bean id="session_auth"
-		class="de.ids_mannheim.korap.security.auth.SessionAuthentication">
+		class="de.ids_mannheim.korap.authentication.SessionAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
 			ref="kustvakt_config" />
 		<constructor-arg type="de.ids_mannheim.korap.interfaces.EncryptionIface"
@@ -251,7 +251,7 @@
 
 	<!-- specify type for constructor argument -->
 	<bean id="kustvakt_authenticationmanager"
-		class="de.ids_mannheim.korap.security.auth.KustvaktAuthenticationManager">
+		class="de.ids_mannheim.korap.authentication.KustvaktAuthenticationManager">
 		<constructor-arg
 			type="de.ids_mannheim.korap.interfaces.db.EntityHandlerIface" ref="kustvakt_userdb" />
 		<constructor-arg
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/ClassLoaderTest.java b/full/src/test/java/de/ids_mannheim/korap/config/ClassLoaderTest.java
index 0f95b20..e56d309 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/ClassLoaderTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/ClassLoaderTest.java
@@ -1,10 +1,11 @@
 package de.ids_mannheim.korap.config;
 
+import de.ids_mannheim.korap.authentication.KustvaktAuthenticationManager;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.handlers.JDBCAuditing;
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
 import de.ids_mannheim.korap.interfaces.db.AuditingIface;
-import de.ids_mannheim.korap.security.auth.KustvaktAuthenticationManager;
+
 import org.junit.Test;
 
 import static org.junit.Assert.assertNotNull;
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java b/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
index ac7cc25..aa213d2 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
@@ -1,6 +1,6 @@
 package de.ids_mannheim.korap.config;
 
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.utils.StringUtils;
 import org.apache.commons.codec.binary.Base64;
 import org.junit.Test;
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/TestHelper.java b/full/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
index 53a5f7b..b53cc6f 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/TestHelper.java
@@ -27,6 +27,7 @@
 import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
 import org.springframework.jdbc.datasource.SingleConnectionDataSource;
 
+import de.ids_mannheim.korap.authentication.KustvaktAuthenticationManager;
 import de.ids_mannheim.korap.exceptions.EmptyResultException;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.handlers.JDBCClient;
@@ -35,7 +36,6 @@
 import de.ids_mannheim.korap.interfaces.db.EntityHandlerIface;
 import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
 import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.security.auth.KustvaktAuthenticationManager;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.TimeUtils;
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
index 58d3ad6..a314d7f 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
@@ -13,11 +13,11 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.TestHelper;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
index d3b49b1..ed1eec6 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
@@ -3,7 +3,7 @@
 import com.sun.jersey.api.client.ClientResponse;
 import de.ids_mannheim.korap.config.TestHelper;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
 import org.eclipse.jetty.server.Response;
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
index e62d410..a265cfa 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
@@ -33,13 +33,13 @@
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.core.util.MultivaluedMapImpl;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.BeanConfigTest;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.handlers.ResourceDao;
 import de.ids_mannheim.korap.resources.KustvaktResource;
 import de.ids_mannheim.korap.resources.Permissions.Permission;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
index a0c325f..66f38fb 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
@@ -10,9 +10,9 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
index 807ee1f..d4c8aa1 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
@@ -12,10 +12,10 @@
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.api.client.UniformInterfaceException;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.TestHelper;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
index b9364df..7bc7910 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
@@ -12,6 +12,7 @@
 
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.interfaces.db.PolicyHandlerIface;
@@ -24,7 +25,6 @@
 import de.ids_mannheim.korap.resources.VirtualCollection;
 import de.ids_mannheim.korap.security.PolicyCondition;
 import de.ids_mannheim.korap.security.SecurityPolicy;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.user.User.UserFactory;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
index 88fd598..e12c483 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
@@ -19,9 +19,9 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
index 06741be..0209107 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
@@ -12,9 +12,9 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
 /**
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
index 3b6850b..8759b33 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
@@ -17,11 +17,11 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.handlers.ResourceDao;
 import de.ids_mannheim.korap.resources.KustvaktResource;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
index f40ba1b..380a316 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
@@ -18,6 +18,7 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.ContextHolder;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
@@ -25,7 +26,6 @@
 import de.ids_mannheim.korap.query.serialize.QuerySerializer;
 import de.ids_mannheim.korap.resources.Corpus;
 import de.ids_mannheim.korap.security.ac.ResourceFinder;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
index 1145ad4..8837d18 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
@@ -9,9 +9,9 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
index b754d26..733f60d 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
@@ -24,13 +24,13 @@
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.core.util.MultivaluedMapImpl;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.BeansFactory;
 import de.ids_mannheim.korap.config.JWTSigner;
 import de.ids_mannheim.korap.config.TestHelper;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
index f3dfdf1..e115d7c 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
@@ -10,11 +10,11 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
+import de.ids_mannheim.korap.authentication.BasicHttpAuth;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.SpringJerseyTest;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.security.auth.BasicHttpAuth;
 import de.ids_mannheim.korap.utils.JsonUtils;
 
 public class VirtualCorpusServiceTest extends SpringJerseyTest{
diff --git a/full/src/test/resources/test-config.xml b/full/src/test/resources/test-config.xml
index 43cc494..c1adc4f 100644
--- a/full/src/test/resources/test-config.xml
+++ b/full/src/test/resources/test-config.xml
@@ -192,24 +192,24 @@
 	</bean>
 
 	<!-- authentication providers to use -->
-	<bean id="api_auth" class="de.ids_mannheim.korap.security.auth.APIAuthentication">
+	<bean id="api_auth" class="de.ids_mannheim.korap.authentication.APIAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
 			ref="kustvakt_config" />
 	</bean>
 
 	<bean id="openid_auth"
-		class="de.ids_mannheim.korap.security.auth.OpenIDconnectAuthentication">
+		class="de.ids_mannheim.korap.authentication.OpenIDconnectAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
 			ref="kustvakt_config" />
 		<constructor-arg
 			type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
 	</bean>
 
-	<bean id="basic_auth" class="de.ids_mannheim.korap.security.auth.BasicHttpAuth" />
+	<bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicHttpAuth" />
 
 
 	<bean id="session_auth"
-		class="de.ids_mannheim.korap.security.auth.SessionAuthentication">
+		class="de.ids_mannheim.korap.authentication.SessionAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
 			ref="kustvakt_config" />
 		<constructor-arg type="de.ids_mannheim.korap.interfaces.EncryptionIface"
@@ -247,7 +247,7 @@
 
 	<!-- specify type for constructor argument -->
 	<bean id="kustvakt_authenticationmanager"
-		class="de.ids_mannheim.korap.security.auth.KustvaktAuthenticationManager">
+		class="de.ids_mannheim.korap.authentication.KustvaktAuthenticationManager">
 		<constructor-arg
 			type="de.ids_mannheim.korap.interfaces.db.EntityHandlerIface" ref="kustvakt_userdb" />
 		<constructor-arg