Added parameter checking for authorization DAO.

Change-Id: Ic7e089d153829b83d09efeccb275990bd23e6d5c
diff --git a/full/Changes b/full/Changes
index 2b3e4fa..a3308c8 100644
--- a/full/Changes
+++ b/full/Changes
@@ -1,9 +1,10 @@
 version 0.60.3
-07/05/2018
+09/05/2018
 	- improved user authentication by using authentication filter for authorization code request (margaretha)
 	- limited client authentication to client id checking in authorization code request (margaretha)
 	- added user_id in the oauth2_access_token table (margaretha)
 	- implemented OAuth2Authentication provider for token context management (margaretha)
+	- added parameter checking for authorization DAO (margaretha)
 	
 version 0.60.2
 03/05/2018
diff --git a/full/pom.xml b/full/pom.xml
index f0e16a8..9ea7367 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -156,7 +156,7 @@
 		<dependency>
 			<groupId>de.ids_mannheim.korap</groupId>
 			<artifactId>Kustvakt-core</artifactId>
-			<version>0.60.2</version>
+			<version>0.60.3</version>
 		</dependency>
 		<!-- LDAP -->
 		<dependency>
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
index d60fe63..af04f45 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/dao/AuthorizationDao.java
@@ -29,7 +29,13 @@
     private EntityManager entityManager;
 
     public void storeAuthorizationCode (String clientId, String userId,
-            String code, Set<AccessScope> scopes, String redirectURI) {
+            String code, Set<AccessScope> scopes, String redirectURI)
+            throws KustvaktException {
+        ParameterChecker.checkStringValue(clientId, "client_id");
+        ParameterChecker.checkStringValue(userId, "userId");
+        ParameterChecker.checkStringValue(code, "authorization code");
+        ParameterChecker.checkCollection(scopes, "scopes");
+        
         Authorization authCode = new Authorization();
         authCode.setCode(code);
         authCode.setClientId(clientId);
@@ -66,7 +72,9 @@
         }
     }
 
-    public Authorization updateAuthorization (Authorization authorization) {
+    public Authorization updateAuthorization (Authorization authorization)
+            throws KustvaktException {
+        ParameterChecker.checkObjectValue(authorization, "authorization");
         authorization = entityManager.merge(authorization);
         return authorization;
     }
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
index a949c92..b258fc0 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2AuthorizationService.java
@@ -200,7 +200,8 @@
         return authorization;
     }
 
-    public void addTotalAttempts (Authorization authorization) {
+    public void addTotalAttempts (Authorization authorization)
+            throws KustvaktException {
         int totalAttempts = authorization.getTotalAttempts() + 1;
         if (totalAttempts == config.getMaxAuthenticationAttempts()) {
             authorization.setRevoked(true);
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
index 59b5e31..eedc744 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/service/OAuth2TokenService.java
@@ -143,7 +143,7 @@
      * @param clientId
      *            client_id, required
      * @param clientSecret
-     *            clilent_secret, required if client_secret was issued
+     *            client_secret, required if client_secret was issued
      *            for the client in client registration.
      * @return an OAuthResponse containing an access token if
      *         successful
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
index 3d3c037..b6b1b15 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/VirtualCorpusController.java
@@ -59,7 +59,6 @@
     @Autowired
     private VirtualCorpusService service;
 
-    // EM: should system admins be able to create VC for other users?
     /** Creates a user virtual corpus, also for system admins
      * 
      * @see VirtualCorpusJson
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index a241afa..0c66a2f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -72,11 +72,11 @@
 
                     // OAuth2 authentication scheme
                     case BEARER:
-                        if (request.getPath().equals("oauth2/authorize")) {
-                            throw new KustvaktException(
-                                    StatusCodes.AUTHENTICATION_FAILED,
-                                    "Bearer is not supported for user authentication at oauth2/authorize");
-                        }
+//                        if (request.getPath().equals("oauth2/authorize")) {
+//                            throw new KustvaktException(
+//                                    StatusCodes.AUTHENTICATION_FAILED,
+//                                    "Bearer is not supported for user authentication at oauth2/authorize");
+//                        }
 
                         context = authenticationManager.getTokenContext(
                                 TokenType.BEARER, authData.getToken(), host,