Added authentication to metadata controller (issue #38) & updated search
krill error handling

Change-Id: I2937de0223561246c3af078e9ada1258e4fae7d2
diff --git a/core/Changes b/core/Changes
index 3f2d0b7..378a85e 100644
--- a/core/Changes
+++ b/core/Changes
@@ -1,7 +1,8 @@
 # version 0.61.6
-
 06/02/2018
    - Added default foundry for structure layer (margaretha)
+   - Added authentication to metadata controller (margaretha, issue #38)
+   - Updated search krill error handling (margaretha)
 
 # version 0.61.5
 17/12/2018
diff --git a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
index 72b8cfc..446137c 100644
--- a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
+++ b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
@@ -111,7 +111,8 @@
     public static final int STATUS_OK = 1000;
     public static final int NOTHING_CHANGED = 1001;
     public static final int REQUEST_INVALID = 1002;
-    public static final int ACCESS_DENIED = 1003;
+    
+//    public static final int ACCESS_DENIED = 1003;
 
     
     // User group and member 
diff --git a/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java b/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
index fa6a680..ca63c08 100644
--- a/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
+++ b/core/src/main/java/de/ids_mannheim/korap/service/SearchService.java
@@ -193,14 +193,7 @@
 
     }
 
-    public String retrieveMatchInfo (String corpusId, String docId,
-            String textId, String matchId, Set<String> foundries,
-            String username, HttpHeaders headers, Set<String> layers,
-            boolean spans, boolean highlights) throws KustvaktException {
-        String matchid =
-                searchKrill.getMatchId(corpusId, docId, textId, matchId);
-
-        User user = createUser(username, headers);
+    private Pattern determineAvailabilityPattern (User user) {
         Pattern p = null;
         if (user != null) {
             CorpusAccess corpusAccess = user.getCorpusAccess();
@@ -216,9 +209,22 @@
                     break;
             }
         }
+        return p;
+    }
+    
+    public String retrieveMatchInfo (String corpusId, String docId,
+            String textId, String matchId, Set<String> foundries,
+            String username, HttpHeaders headers, Set<String> layers,
+            boolean spans, boolean highlights) throws KustvaktException {
+        String matchid =
+                searchKrill.getMatchId(corpusId, docId, textId, matchId);
+
+        User user = createUser(username, headers);
+        Pattern p = determineAvailabilityPattern(user);
+        
         boolean match_only = foundries == null || foundries.isEmpty();
         String results;
-        try {
+//        try {
             if (!match_only) {
 
                 ArrayList<String> foundryList = new ArrayList<String>();
@@ -241,12 +247,12 @@
             else {
                 results = searchKrill.getMatch(matchid, p);
             }
-        }
-        catch (Exception e) {
-            jlog.error("Exception in the MatchInfo service encountered!", e);
-            throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
-                    e.getMessage());
-        }
+//        }
+//        catch (Exception e) {
+//            jlog.error("Exception in the MatchInfo service encountered!", e);
+//            throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
+//                    e.getMessage());
+//        }
         if (DEBUG){
             jlog.debug("MatchInfo results: " + results);
         }
@@ -254,9 +260,12 @@
     }
 
     public String retrieveDocMetadata (String corpusId, String docId,
-            String textId) {
+            String textId, String username, HttpHeaders headers)
+            throws KustvaktException {
+        User user = createUser(username, headers);
+        Pattern p = determineAvailabilityPattern(user);
         String textSigle = searchKrill.getTextSigle(corpusId, docId, textId);
-        return searchKrill.getFields(textSigle);
+        return searchKrill.getFields(textSigle, p);
     }
 
     public String getCollocationBase (String query) throws KustvaktException {
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/SearchKrill.java b/core/src/main/java/de/ids_mannheim/korap/web/SearchKrill.java
index f81b5aa..0580d7e 100644
--- a/core/src/main/java/de/ids_mannheim/korap/web/SearchKrill.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/SearchKrill.java
@@ -29,8 +29,7 @@
  * @author Nils Diewald
  */
 public class SearchKrill {
-    private final static Logger jlog = LogManager
-            .getLogger(SearchKrill.class);
+    private final static Logger jlog = LogManager.getLogger(SearchKrill.class);
 
     private static final boolean DEBUG = false;
 
@@ -39,13 +38,13 @@
     String i = "/Users/hanl/Projects/prep_corpus";
     String klinux10 = "/vol/work/hanl/indices";
     public static KrillIndex index;
-    
+
     /**
      * Constructor
      */
     // todo: use korap.config to get index location
     public SearchKrill (String path) {
-    	
+
         try {
             if (path.equals(":temp:")) {
                 index = new KrillIndex();
@@ -61,7 +60,7 @@
             };
         }
         catch (IOException e) {
-            jlog.error("Unable to loadSubTypes index:"+ e.getMessage());
+            jlog.error("Unable to loadSubTypes index:" + e.getMessage());
         };
     };
 
@@ -69,7 +68,6 @@
         return index;
     };
 
-
     /**
      * Search in the Lucene index.
      * 
@@ -78,12 +76,12 @@
      *            filters.
      */
     public String search (String json) {
-        if (DEBUG){
+        if (DEBUG) {
             jlog.debug(json);
         }
-        if (index != null){
+        if (index != null) {
             String result = new Krill(json).apply(index).toJsonString();
-            if (DEBUG){
+            if (DEBUG) {
                 jlog.debug(result);
             }
             return result;
@@ -93,7 +91,6 @@
         return kr.toJsonString();
     };
 
-
     /**
      * Search in the Lucene index and return matches as token lists.
      * 
@@ -103,7 +100,7 @@
      */
     @Deprecated
     public String searchTokenList (String json) {
-        if (DEBUG){
+        if (DEBUG) {
             jlog.debug(json);
         }
         if (index != null)
@@ -113,116 +110,106 @@
         return kr.toJsonString();
     };
 
-
     /**
      * Get info on a match - by means of a richly annotated html
      * snippet.
      * 
      * @param id
      *            match id
-     * @param availabilityList 
-     * @throws KustvaktException 
+     * @param availabilityList
+     * @throws KustvaktException
      */
-    public String getMatch (String id, Pattern licensePattern) {
-    	Match km;
+    public String getMatch (String id, Pattern licensePattern) throws KustvaktException {
+        Match km;
         if (index != null) {
             try {
-            	km = index.getMatch(id);
-            	String availability = km.getAvailability();
-            	if (licensePattern!=null && availability != null){
-            		Matcher m = licensePattern.matcher(availability);
-            		if (!m.matches()){
-            		    if (DEBUG){
-            		        jlog.debug("availability: "+availability);
-            		    }
-                        if (availability.isEmpty()){
-                            km.addError(StatusCodes.MISSING_ATTRIBUTE, 
-                                    "Availability for "+ id +"is empty.", id);
-                        }
-            			km = new Match();
-            			km.addError(StatusCodes.ACCESS_DENIED, 
-            				"Retrieving match info with ID "+id+" is not allowed.", id);
-            		}
-            	}
+                km = index.getMatch(id);
+                String availability = km.getAvailability();
+                checkAvailability(licensePattern, availability, id);
             }
             catch (QueryException qe) {
                 km = new Match();
                 km.addError(qe.getErrorCode(), qe.getMessage());
             }
         }
-        else{
-        	km = new Match();
-        	km.addError(601, "Unable to find index");
+        else {
+            km = new Match();
+            km.addError(601, "Unable to find index");
         }
         return km.toJsonString();
     };
 
+    private void checkAvailability (Pattern licensePattern, String availability,
+            String id) throws KustvaktException {
+        if (DEBUG) {
+            jlog.debug("pattern: " + licensePattern.toString()
+                    + ", availability: " + availability);
+        }
+        if (licensePattern != null && availability != null) {
+            Matcher m = licensePattern.matcher(availability);
+            if (!m.matches()) {
+                if (availability.isEmpty()) {
+                    throw new KustvaktException(StatusCodes.MISSING_ATTRIBUTE,
+                            "Availability for " + id + "is empty.", id);
+                }
+                throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
+                        "Retrieving resource with ID " + id
+                                + " is not allowed.",
+                        id);
+            }
+        }
 
-	/*
-	 * Retrieve the meta fields for a certain document
-	 */
-	public String getFields (String id) {
-		MetaFields meta;
+    }
+    
+    /*
+     * Retrieve the meta fields for a certain document
+     */
+    public String getFields (String id, Pattern licensePattern)
+            throws KustvaktException {
+        MetaFields meta;
 
-		// No index found
-		if (index == null) {
-        	meta = new MetaFields(id);
-        	meta.addError(601, "Unable to find index");
-		}
+        // No index found
+        if (index == null) {
+            meta = new MetaFields(id);
+            meta.addError(601, "Unable to find index");
+        }
 
-		// Index available
-		else {
+        // Index available
+        else {
+            // Get fields
+            meta = index.getFields(id);
+        };
 
-			//Get fields
-			meta = index.getFields(id);
-		};
-		return meta.toJsonString();
-	};
+        String availability = meta.getFieldValue("availability");
+        checkAvailability(licensePattern, availability, id);
 
+        return meta.toJsonString();
+    };
 
-	
     public String getMatch (String id, List<String> foundries,
             List<String> layers, boolean includeSpans,
-            boolean includeHighlights, boolean sentenceExpansion, 
-            Pattern licensePattern) {
-    	 Match km;
+            boolean includeHighlights, boolean sentenceExpansion,
+            Pattern licensePattern) throws KustvaktException {
+        Match km;
         if (index != null) {
             try {
-            	km = index.getMatchInfo(id, "tokens", true, foundries,
-                        layers, includeSpans, includeHighlights,
-                        sentenceExpansion);
-            	String availability = km.getAvailability();
-            	
-            	if (licensePattern !=null && availability != null){
-            	    if (availability.isEmpty()){
-            	        km.addError(StatusCodes.MISSING_ATTRIBUTE, 
-                                "Availability for "+ id +"is empty.", id);
-            	    }
-            		Matcher m = licensePattern.matcher(availability);
-            		if (!m.matches()){
-            		    if (DEBUG){
-            		        jlog.debug("pattern: "+ licensePattern.toString() + ", availability: "+availability);
-            		    }
-            			km = new Match();
-            			km.addError(StatusCodes.ACCESS_DENIED, 
-            					"Retrieving match info with ID "+id+" is not allowed.", id);
-            		}
-            	}
-            	
+                km = index.getMatchInfo(id, "tokens", true, foundries, layers,
+                        includeSpans, includeHighlights, sentenceExpansion);
+                String availability = km.getAvailability();
+                checkAvailability(licensePattern, availability, id);
             }
             catch (QueryException qe) {
                 km = new Match();
                 km.addError(qe.getErrorCode(), qe.getMessage());
             }
         }
-        else{
-        	km = new Match();
-        	km.addError(601, "Unable to find index");
+        else {
+            km = new Match();
+            km.addError(601, "Unable to find index");
         }
         return km.toJsonString();
     };
 
-
     /**
      * Get info on a match - by means of a richly annotated html
      * snippet.
@@ -270,7 +257,6 @@
         return km.toJsonString();
     };
 
-
     /**
      * Get statistics on (virtual) collections.
      * 
@@ -284,23 +270,23 @@
             return "{\"documents\" : -1, error\" : \"No index given\" }";
         };
 
-		// Define a virtual corpus
-		KrillCollection kc;
-		if (json != null && !json.equals("")) {
-			if (DEBUG){
-			    jlog.debug(json);
-			}
+        // Define a virtual corpus
+        KrillCollection kc;
+        if (json != null && !json.equals("")) {
+            if (DEBUG) {
+                jlog.debug(json);
+            }
 
-			// Create Virtual collection from json search
-			kc = new KrillCollection(json);
-		}
+            // Create Virtual collection from json search
+            kc = new KrillCollection(json);
+        }
 
-		// There is no json string defined
-		else {
+        // There is no json string defined
+        else {
 
-			// Create Virtual collection of everything
-			kc = new KrillCollection();
-		};
+            // Create Virtual collection of everything
+            kc = new KrillCollection();
+        };
 
         // Set index
         kc.setIndex(index);
@@ -308,11 +294,11 @@
         // Get numbers from index (currently slow)
         try {
             docs = kc.numberOf("documents");
-			if (docs > 0) {
-				tokens = kc.numberOf("tokens");
-				sentences = kc.numberOf("base/sentences");
-				paragraphs = kc.numberOf("base/paragraphs");
-			};
+            if (docs > 0) {
+                tokens = kc.numberOf("tokens");
+                sentences = kc.numberOf("base/sentences");
+                paragraphs = kc.numberOf("base/paragraphs");
+            };
         }
         catch (IOException e) {
             e.printStackTrace();
@@ -325,7 +311,6 @@
         return sb.toString();
     };
 
-
     /**
      * Return the match identifier as a string.
      * This is a convenient method to deal with legacy instantiation
@@ -334,22 +319,21 @@
      */
     public String getMatchId (String corpusID, String docID, String textID,
             String matchID) {
-        // Create a string representation of the match 
+        // Create a string representation of the match
         StringBuilder sb = new StringBuilder();
         sb.append("match-").append(corpusID).append('/').append(docID)
                 .append('/').append(textID).append('-').append(matchID);
         return sb.toString();
     };
 
-
     /**
      * Return the text sigle as a string.
      */
     public String getTextSigle (String corpusID, String docID, String textID) {
-        // Create a string representation of the match 
+        // Create a string representation of the match
         StringBuilder sb = new StringBuilder();
-        sb.append(corpusID).append('/').append(docID)
-                .append('/').append(textID);
+        sb.append(corpusID).append('/').append(docID).append('/')
+                .append(textID);
         return sb.toString();
     };
 };
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java b/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
index 0cd61a3..f3299a8 100644
--- a/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/controller/SearchController.java
@@ -163,6 +163,8 @@
         return Response.ok(result).build();
     }
 
+    // EM: legacy support
+    @Deprecated
     @GET
     @Path("{version}/corpus/{corpusId}/{docId}/{textId}/{matchId}/matchInfo")
     public Response getMatchInfo (@Context SecurityContext ctx,
@@ -177,16 +179,40 @@
             // Highlights may also be a list of valid highlight classes
             @QueryParam("hls") Boolean highlights) throws KustvaktException {
 
+        return retrieveMatchInfo(ctx, headers, locale, corpusId, docId, textId,
+                matchId, foundries, layers, spans, highlights);
+    }
+    
+    @GET
+    @Path("{version}/corpus/{corpusId}/{docId}/{textId}/{matchId}")
+    public Response retrieveMatchInfo (@Context SecurityContext ctx,
+            @Context HttpHeaders headers, @Context Locale locale,
+            @PathParam("corpusId") String corpusId,
+            @PathParam("docId") String docId,
+            @PathParam("textId") String textId,
+            @PathParam("matchId") String matchId,
+            @QueryParam("foundry") Set<String> foundries,
+            @QueryParam("layer") Set<String> layers,
+            @QueryParam("spans") Boolean spans, 
+            // Highlights may also be a list of valid highlight classes
+            @QueryParam("hls") Boolean highlights) throws KustvaktException {
+
         TokenContext tokenContext = (TokenContext) ctx.getUserPrincipal();
         scopeService.verifyScope(tokenContext, OAuth2Scope.MATCH_INFO);
         spans = spans != null ? spans : false;
         highlights = highlights != null ? highlights : false;
         if (layers == null || layers.isEmpty()) layers = new HashSet<>();
 
-        String results = searchService.retrieveMatchInfo(corpusId, docId,
-                textId, matchId, foundries, tokenContext.getUsername(), headers,
-                layers, spans, highlights);
-        return Response.ok(results).build();
+        try{
+            String results = searchService.retrieveMatchInfo(corpusId, docId,
+                    textId, matchId, foundries, tokenContext.getUsername(),
+                    headers, layers, spans, highlights);
+            return Response.ok(results).build();
+        }
+        catch (KustvaktException e) {
+            throw kustvaktResponseHandler.throwit(e);
+        }
+        
     }
 
     /*
@@ -197,12 +223,21 @@
     @GET
     @Path("{version}/corpus/{corpusId}/{docId}/{textId}")
     public Response getMetadata (@PathParam("corpusId") String corpusId,
-            @PathParam("docId") String docId, @PathParam("textId") String textId
-    // @QueryParam("fields") Set<String> fields
+            @PathParam("docId") String docId,
+            @PathParam("textId") String textId, 
+            @Context SecurityContext ctx,
+            @Context HttpHeaders headers
+            // @QueryParam("fields") Set<String> fields
     ) throws KustvaktException {
-        String results =
-                searchService.retrieveDocMetadata(corpusId, docId, textId);
-        return Response.ok(results).build();
+        TokenContext tokenContext = (TokenContext) ctx.getUserPrincipal();
+        try {
+            String results = searchService.retrieveDocMetadata(corpusId, docId,
+                    textId, tokenContext.getUsername(), headers);
+            return Response.ok(results).build();
+        }
+        catch (KustvaktException e) {
+            throw kustvaktResponseHandler.throwit(e);
+        }
     }
 
     @POST
diff --git a/full/Changes b/full/Changes
index adb6bf6..198aa7f 100644
--- a/full/Changes
+++ b/full/Changes
@@ -7,6 +7,7 @@
    - Added unique index to group name (margaretha)
 06/02/2019
    - Updated a user setting test using array for multiple values (margaretha)
+   - Added metadata controller tests (margaretha)
 
 # version 0.61.5
 17/12/2018
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index 24dcb47..2a5a045 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -46,7 +46,7 @@
 ## availability regex
 ## only support |
 availability.regex.free = CC-BY.*
-availability.regex.public = ACA.* | QAO.NC
+availability.regex.public = ACA.*|QAO.NC
 availability.regex.all = QAO.*
 
 ## options referring to the security module!
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
index c6e0961..6209b23 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/MatchInfoControllerTest.java
@@ -14,6 +14,7 @@
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.SpringJerseyTest;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.utils.JsonUtils;
 
 public class MatchInfoControllerTest extends SpringJerseyTest {
@@ -21,9 +22,10 @@
     @Test
     public void testGetMatchInfoPublicCorpus () throws KustvaktException {
 
-        ClientResponse response = resource().path(API_VERSION).path("corpus").path("GOE")
-                .path("AGA").path("01784").path("p36-100").path("matchInfo")
-                .queryParam("foundry", "*").get(ClientResponse.class);
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGA").path("01784").path("p36-100")
+                .path("matchInfo").queryParam("foundry", "*")
+                .get(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -43,19 +45,20 @@
     @Test
     public void testGetMatchInfoNotAllowed () throws KustvaktException {
 
-        ClientResponse response =
-                resource().path(API_VERSION).path("corpus").path("GOE").path("AGI").path("04846")
-                        .path("p36875-36876").path("matchInfo")
-                        .queryParam("foundry", "*").get(ClientResponse.class);
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("04846").path("p36875-36876")
+                .path("matchInfo").queryParam("foundry", "*")
+                .get(ClientResponse.class);
 
-        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+        assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
                 response.getStatus());
         String entity = response.getEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
 
-        assertEquals("1003", node.at("/errors/0/0").asText());
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
         assertEquals(
-                "Retrieving match info with ID "
+                "Retrieving resource with ID "
                         + "match-GOE/AGI/04846-p36875-36876 is not allowed.",
                 node.at("/errors/0/1").asText());
         assertTrue(node.at("/snippet").isMissingNode());
@@ -63,8 +66,8 @@
 
     @Test
     public void testGetMatchInfoWithAuthentication () throws KustvaktException {
-        ClientResponse response = resource().path(API_VERSION).path("corpus").path("GOE")
-                .path("AGI").path("04846").path("p36875-36876")
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("04846").path("p36875-36876")
                 .path("matchInfo").queryParam("foundry", "*")
                 .header(Attributes.AUTHORIZATION,
                         HttpAuthorizationHandler
@@ -91,4 +94,39 @@
                         + "<span class=\"match\">"));
         assertEquals("QAO-NC-LOC:ids", node.at("/availability").asText());
     }
+
+    @Test
+    public void testAvailabilityAll () throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGD").path("00000").path("p75-76")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "10.27.0.32")
+                .get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+                response.getStatus());
+    }
+
+    @Test
+    public void testAvailabilityAllUnauthorized () throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGD").path("00000").path("p75-76")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "170.27.0.32")
+                .get(ClientResponse.class);
+
+        JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
+        assertEquals(
+                "Retrieving resource with ID "
+                        + "match-GOE/AGD/00000-p75-76 is not allowed.",
+                node.at("/errors/0/1").asText());
+    }
 }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java
new file mode 100644
index 0000000..fb083bd
--- /dev/null
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/MetadataControllerTest.java
@@ -0,0 +1,107 @@
+package de.ids_mannheim.korap.web.controller;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import org.junit.Test;
+
+import com.fasterxml.jackson.databind.JsonNode;
+import com.google.common.net.HttpHeaders;
+import com.sun.jersey.api.client.ClientResponse;
+
+import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.SpringJerseyTest;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.utils.JsonUtils;
+
+public class MetadataControllerTest extends SpringJerseyTest {
+
+    @Test
+    public void testFreeMetadata () throws KustvaktException {
+
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGA").path("01784")
+                .queryParam("foundry", "*").get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+                response.getStatus());
+        String entity = response.getEntity(String.class);
+        JsonNode node = JsonUtils.readTree(entity);
+
+        assertTrue(!node.at("/document").isMissingNode());
+
+    }
+
+    @Test
+    public void testMetadataUnauthorized () throws KustvaktException {
+
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("04846")
+                .queryParam("foundry", "*").get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
+                response.getStatus());
+        String entity = response.getEntity(String.class);
+        JsonNode node = JsonUtils.readTree(entity);
+
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
+        assertEquals(
+                "Retrieving resource with ID "
+                        + "GOE/AGI/04846 is not allowed.",
+                node.at("/errors/0/1").asText());
+    }
+
+    @Test
+    public void testMetadataWithAuthentication () throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("04846")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
+                .get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+                response.getStatus());
+    }
+
+    @Test
+    public void testMetadataAvailabilityAll () throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("00000")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "10.27.0.32")
+                .get(ClientResponse.class);
+
+        assertEquals(ClientResponse.Status.OK.getStatusCode(),
+                response.getStatus());
+    }
+
+    @Test
+    public void testMetadataAvailabilityAllUnauthorized ()
+            throws KustvaktException {
+        ClientResponse response = resource().path(API_VERSION).path("corpus")
+                .path("GOE").path("AGI").path("00000")
+                .header(Attributes.AUTHORIZATION,
+                        HttpAuthorizationHandler
+                                .createBasicAuthorizationHeaderValue("kustvakt",
+                                        "kustvakt2015"))
+                .header(HttpHeaders.X_FORWARDED_FOR, "170.27.0.32")
+                .get(ClientResponse.class);
+
+        JsonNode node = JsonUtils.readTree(response.getEntity(String.class));
+        assertEquals(StatusCodes.AUTHORIZATION_FAILED,
+                node.at("/errors/0/0").asInt());
+        assertEquals(
+                "Retrieving resource with ID "
+                        + "GOE/AGI/00000 is not allowed.",
+                node.at("/errors/0/1").asText());
+    }
+}
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 7587bc9..a4f8467 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -46,7 +46,7 @@
 ## availability regex
 ## only support |
 availability.regex.free = CC-BY.*
-availability.regex.public = ACA.* | QAO-NC
+availability.regex.public = ACA.*|QAO-NC
 availability.regex.all = QAO.*
 
 ## options referring to the security module!