Moved javax.servlet-api to core & added post construct to lite.

Change-Id: Iedbb97dd9b4a1cda68096967e7e636579719839b
diff --git a/full/Changes b/full/Changes
index bd4de8a..5d23f15 100644
--- a/full/Changes
+++ b/full/Changes
@@ -13,6 +13,8 @@
     - Added "highlights" parameter to matchInfo controller (margaretha)
     - Added "fields" parameter to search controllers (margaretha)
     - Integrated lite controllers, services and tests in full version (margaretha)
+29/10/2018
+    - Moved javax.servlet-api to core
 
 # version 0.61.2
 12/09/2018
diff --git a/full/pom.xml b/full/pom.xml
index 24f2108..0f20e87 100644
--- a/full/pom.xml
+++ b/full/pom.xml
@@ -328,12 +328,6 @@
 			<version>1.1.1</version>
 		</dependency>
 
-		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>javax.servlet-api</artifactId>
-			<version>4.0.1</version>
-		</dependency>
-
 		<!-- Flyway -->
 		<dependency>
 			<groupId>org.flywaydb</groupId>
diff --git a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
index fb7b541..591e41d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/oauth2/oltu/service/OltuTokenService.java
@@ -86,6 +86,8 @@
      * Client authentication is done using the given client
      * credentials.
      * 
+     * TODO: should create a new refresh token when the old refresh token is used
+     * 
      * @param refreshTokenStr
      * @param scopes
      * @param clientId
@@ -188,6 +190,8 @@
      * authenticate, client_id is made required (similar to
      * authorization code grant).
      * 
+     * TODO: FORCE client secret
+     * 
      * @param clientId
      *            client_id, required
      * @param clientSecret