Generalized http authentication framework.

Change-Id: I99b9bdb8b93445ceaf51ecb8105a23f980408df2
diff --git a/core/src/main/java/de/ids_mannheim/korap/config/AuthenticationType.java b/core/src/main/java/de/ids_mannheim/korap/config/AuthenticationType.java
index 3c19993..48e7375 100644
--- a/core/src/main/java/de/ids_mannheim/korap/config/AuthenticationType.java
+++ b/core/src/main/java/de/ids_mannheim/korap/config/AuthenticationType.java
@@ -1,5 +1,9 @@
 package de.ids_mannheim.korap.config;
 
 public enum AuthenticationType {
-    LDAP, SHIBBOLETH, OAUTH2, OPENID, SESSION, DATABASE;
+    LDAP, SHIBBOLETH, OAUTH2, OPENID, SESSION, BASIC;
+    
+    public String displayName () {
+        return name().toLowerCase();
+    }
 }
\ No newline at end of file
diff --git a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
index 75bf020..111f6e3 100644
--- a/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
+++ b/core/src/main/java/de/ids_mannheim/korap/exceptions/StatusCodes.java
@@ -120,9 +120,9 @@
     public static final int LOGOUT_SUCCESSFUL = 2009;
     public static final int LOGOUT_FAILED = 2010;
 
-    public static final int CLIENT_REGISTRATION_FAILURE = 2011;
+    public static final int CLIENT_REGISTRATION_FAILED = 2011;
     public static final int CLIENT_REMOVAL_FAILURE = 2012;
-    public static final int CLIENT_AUTHORIZATION_FAILURE = 2013;
+    public static final int CLIENT_AUTHORIZATION_FAILED = 2013;
 
     // 2020 - 2029 reserviert für LDAP-Fehlercodes - 21.04.17/FB
     public static final int LDAP_BASE_ERRCODE = 2020;
diff --git a/core/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java b/core/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
index e475ed5..80800c3 100644
--- a/core/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
+++ b/core/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
@@ -46,35 +46,35 @@
     		
         AuthenticationIface iface = this.providers.get(type);
         // todo: configurable authentication schema
-        if (iface == null)
-            iface = this.providers.get(default_iface);
+        if (iface == null) iface = this.providers.get(default_iface);
         return iface;
     }
 
 
-    public abstract TokenContext getTokenStatus (String token, String host,
-            String useragent) throws KustvaktException;
+    public abstract TokenContext getTokenStatus (AuthenticationType type,
+            String token, String host, String useragent)
+            throws KustvaktException;
 
 
     public abstract User getUser (String username) throws KustvaktException;
 
-    public abstract boolean isRegistered(String id);
+    public abstract boolean isRegistered (String id);
 
 
     public abstract User authenticate (AuthenticationType type, String username,
             String password, Map<String, Object> attributes)
             throws KustvaktException;
-    
-//    public abstract User authenticate (int type, String username,
-//            String password, Map<String, Object> attributes)
-//            throws KustvaktException;
+
+    //    public abstract User authenticate (int type, String username,
+    //            String password, Map<String, Object> attributes)
+    //            throws KustvaktException;
 
 
     public abstract TokenContext createTokenContext (User user,
             Map<String, Object> attr, AuthenticationType type)
             throws KustvaktException;
 
-    public abstract void setAccessAndLocation(User user, HttpHeaders headers);
+    public abstract void setAccessAndLocation (User user, HttpHeaders headers);
 
     public abstract void logout (TokenContext context) throws KustvaktException;
 
diff --git a/core/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java b/core/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
index e5517b6..6c88743 100644
--- a/core/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
+++ b/core/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
@@ -79,16 +79,23 @@
 
 
     //todo:  if exception, make exception message and error code available if not masked!
-    public WebApplicationException throwAuthenticationException (String username) {
+    public WebApplicationException throwAuthenticationException (String message) {
         return new WebApplicationException(Response
                 .status(Response.Status.UNAUTHORIZED)
                 .header(HttpHeaders.WWW_AUTHENTICATE,
-                        "Basic realm=Kustvakt Authentication Service")
-                .entity(buildNotification(StatusCodes.BAD_CREDENTIALS,
-                        "Unauthorized access", username)).build());
+                        "Basic realm=Kustvakt")
+                .entity(buildNotification(StatusCodes.CLIENT_AUTHORIZATION_FAILED,
+                        "Unauthorized access", message)).build());
     }
 
-
+    public WebApplicationException throwAuthenticationException (KustvaktException e) {
+        return new WebApplicationException(Response
+                .status(Response.Status.UNAUTHORIZED)
+                .header(HttpHeaders.WWW_AUTHENTICATE,
+                        "Basic realm=Kustvakt")
+                .entity(buildNotification(e.getStatusCode(),
+                        e.getMessage(), e.getEntity())).build());
+    }
 
     private Response.Status getStatus (int code) {
         Response.Status status = Response.Status.BAD_REQUEST;
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
similarity index 100%
rename from full/src/main/java/de/ids_mannheim/korap/authentication/BasicHttpAuth.java
rename to full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
index 3c90a2c..7ee3506 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
@@ -5,9 +5,9 @@
 import java.net.InetAddress;
 import java.net.UnknownHostException;
 import java.security.NoSuchAlgorithmException;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Map;
-import java.util.Arrays;
 
 import javax.ws.rs.core.HttpHeaders;
 import javax.ws.rs.core.MultivaluedMap;
@@ -20,6 +20,7 @@
 import com.unboundid.ldap.sdk.LDAPException;
 
 import de.ids_mannheim.korap.auditing.AuditRecord;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.BeansFactory;
@@ -98,21 +99,15 @@
 	 * @throws KustvaktException
 	 */
 	@Override
-	public TokenContext getTokenStatus(String token, String host, String useragent) throws KustvaktException {
-		if (token == null)
-			throw new KustvaktException(StatusCodes.MISSING_ARGUMENT, "authorization header");
+	public TokenContext getTokenStatus(AuthenticationType type, String token, 
+	        String host, String useragent) throws KustvaktException {
 
-		// EM: fix me
-		String token_type = StringUtils.getTokenType(token);
-		AuthenticationType type = AuthenticationType.valueOf(token_type);
-		
-		token = StringUtils.stripTokenType(token);
-		jlog.info("getting session status of token type '{}'", token.split(" ")[0]);
 		AuthenticationIface provider = getProvider(type , null);
 
 		if (provider == null)
 			// throw exception for missing type parameter
-			throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT, "token type not defined or found", "token_type");
+			throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT, 
+			        "token type not defined or found", "token_type");
 
 		TokenContext context = provider.getTokenContext(token);
 		if (context != null && TimeUtils.isExpired(context.getExpirationTime()))
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
new file mode 100644
index 0000000..8f310a6
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
@@ -0,0 +1,14 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import de.ids_mannheim.korap.config.AuthenticationType;
+import lombok.Getter;
+import lombok.Setter;
+
+@Getter
+@Setter
+public class AuthorizationData {
+
+    private String token;
+    private AuthenticationType authenticationType;
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
new file mode 100644
index 0000000..b5851e3
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
@@ -0,0 +1,59 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import com.sun.jersey.api.client.ClientResponse.Status;
+
+import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
+import de.ids_mannheim.korap.utils.ParameterChecker;
+
+/** Implementation of HTTP authentication scheme (see RFC 7253 and 7617)
+ *  for client asking for authorization and sending user data.  
+ * 
+ * @author margaretha
+ * 
+ */
+@Component
+public class HttpAuthorizationHandler {
+
+    @Autowired
+    private TransferEncoding transferEncoding;
+
+    public String createAuthorizationHeader (AuthenticationType type,
+            String username, String password) throws KustvaktException {
+        ParameterChecker.checkStringValue(username, "username");
+        ParameterChecker.checkStringValue(password, "password");
+
+        String credentials = transferEncoding.encodeBase64(username, password);
+        return type.displayName() + " " + credentials;
+    }
+
+    public AuthorizationData parseAuthorizationHeader (
+            String authorizationHeader) throws KustvaktException {
+        ParameterChecker.checkStringValue(authorizationHeader,
+                "authorization header");
+
+        String[] values = authorizationHeader.split(" ");
+        if (values.length != 2) {
+            throw new KustvaktException(StatusCodes.CLIENT_AUTHORIZATION_FAILED,
+                    "Cannot parse authorization header value "
+                            + authorizationHeader
+                            + ". Use this format: [authentication "
+                            + "scheme] [Base64-encoded token]",
+                    authorizationHeader);
+        }
+
+        AuthorizationData data = new AuthorizationData();
+        data.setAuthenticationType(
+                AuthenticationType.valueOf(values[0].toUpperCase()));
+        data.setToken(values[1]);
+        return data;
+    }
+
+    public void parseToken (AuthorizationData data) throws KustvaktException {
+        String[] credentials = transferEncoding.decodeBase64(data.getToken());        
+    }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java
new file mode 100644
index 0000000..70246d0
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/TransferEncoding.java
@@ -0,0 +1,53 @@
+package de.ids_mannheim.korap.authentication.framework;
+
+import org.apache.commons.codec.binary.Base64;
+import org.springframework.stereotype.Component;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.ParameterChecker;
+
+/** TransferEncoding contains encoding and decoding methods for data transfer, 
+ *  e.g. transfering credentials using basic Http authentication.  
+ *   
+ * @author margaretha
+ *
+ */
+@Component
+public class TransferEncoding {
+
+    /** Encodes username and password using Base64.
+     * 
+     * @param username username
+     * @param password password
+     * @return
+     */
+    public String encodeBase64 (String username, String password) {
+        String s = username + ":" + password;
+        return new String(Base64.encodeBase64(s.getBytes()));
+    }
+
+    /** Decodes the given string using Base64.
+     * 
+     * @param encodedStr 
+     * @return username and password as an array of strings.
+     * @throws KustvaktException 
+     */
+    public String[] decodeBase64 (String encodedStr)
+            throws KustvaktException {
+
+        ParameterChecker.checkStringValue(encodedStr, "encoded string");
+        String decodedStr = new String(Base64.decodeBase64(encodedStr));
+
+        if (decodedStr.contains(":") && decodedStr.split(":").length == 2) {
+            String[] strArr = decodedStr.split(":");
+            if ((strArr[0] != null && !strArr[0].isEmpty())
+                    && (strArr[1] != null && !strArr[1].isEmpty())) {
+                return decodedStr.split(":");
+            }
+
+        }
+
+        throw new IllegalArgumentException(
+                "Unknown Base64 encoding format: " + decodedStr);
+    }
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java b/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java
new file mode 100644
index 0000000..51ab9c1
--- /dev/null
+++ b/full/src/main/java/de/ids_mannheim/korap/dao/UserDao.java
@@ -0,0 +1,23 @@
+package de.ids_mannheim.korap.dao;
+
+import org.springframework.stereotype.Repository;
+
+import de.ids_mannheim.korap.user.KorAPUser;
+import de.ids_mannheim.korap.user.User;
+
+/** Dummy DAO for testing using basic authentication.
+ * 
+ * @author margaretha
+ *
+ */
+@Repository
+public class UserDao {
+
+    public User getAccount (String username) {
+        User user = new KorAPUser();
+        user.setUsername(username);
+        return user;
+    }
+
+
+}
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java b/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
index 7237afd..ef020f0 100644
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
+++ b/full/src/main/java/de/ids_mannheim/korap/handlers/AdminDao.java
@@ -72,6 +72,7 @@
 		return 0;
 	}
 
+	// EM: FIX ME
 	@Override
 	public boolean isAdmin(int userId) {
 		Map<String, String> namedParameters = Collections.singletonMap(
diff --git a/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java b/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
index ec9d036..816297d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
+++ b/full/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
@@ -275,7 +275,7 @@
             jlog.error("registering client '{}' failed", info.getClient_id());
             throw new DatabaseException(new KustvaktException(user.getId(),
                     StatusCodes.ILLEGAL_ARGUMENT, "arguments given not valid",
-                    info.toJSON()), StatusCodes.CLIENT_REGISTRATION_FAILURE,
+                    info.toJSON()), StatusCodes.CLIENT_REGISTRATION_FAILED,
                     info.toJSON());
         }
     }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
index bed0d5d..bc4f0c9 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
@@ -27,7 +27,9 @@
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.sun.jersey.spi.container.ResourceFilters;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.BeansFactory;
@@ -58,8 +60,14 @@
 public class AuthenticationController {
 
     @Autowired
-    KustvaktResponseHandler kustvaktResponseHandler;
+    private KustvaktResponseHandler kustvaktResponseHandler;
+    
+    @Autowired
+    private HttpAuthorizationHandler authorizationHandler;
 
+    @Autowired
+    private TransferEncoding transferEncoding;
+    
     private static Boolean DEBUG_LOG = true;
 
     //todo: bootstrap function to transmit certain default configuration settings and examples (example user queries,
@@ -138,14 +146,22 @@
                             "Authorization header is missing.",
                             "Authorization header"));
         }
-
-        String[] values = BasicHttpAuth.decode(auth.get(0));
+        
+        String[] values;
+        try {
+            AuthorizationData authorizationData = authorizationHandler.
+                    parseAuthorizationHeader(auth.get(0));
+            values = transferEncoding.decodeBase64(authorizationData.getToken());
+           
+        }
+        catch (KustvaktException e) {
+            throw kustvaktResponseHandler.throwit(e);
+        }
 
         if (DEBUG_LOG == true) {
             System.out.printf("Debug: AuthService.requestAPIToken...:\n");
             System.out.printf("Debug: auth.size=%d\n", auth.size());
             System.out.printf("auth.get(0)='%s'\n", auth.get(0));
-            System.out.printf("Debug: values.length=%d\n", values.length);
             /* hide password etc. - FB
              if( auth.size() > 0 )
             	{
@@ -168,13 +184,13 @@
                 while (it.hasNext()) {
                     String key = (String) it.next();
                     List<String> vals = headerMap.get(key);
-                    System.out.printf("Debug: requestAPIToken: '%s' = '%s'\n",
-                            key, vals);
+//                    System.out.printf("Debug: requestAPIToken: '%s' = '%s'\n",
+//                            key, vals);
                 }
 
             }
-            System.out.printf("Debug: requestAPIToken: isSecure = %s.\n",
-                    secCtx.isSecure() ? "yes" : "no");
+//            System.out.printf("Debug: requestAPIToken: isSecure = %s.\n",
+//                    secCtx.isSecure() ? "yes" : "no");
         } // DEBUG_LOG        
 
         // "Invalid syntax for username and password"
@@ -253,15 +269,22 @@
         List<String> auth =
                 headers.getRequestHeader(ContainerRequest.AUTHORIZATION);
 
-        String[] values = BasicHttpAuth.decode(auth.get(0));
+        String[] values;
+        try {
+            AuthorizationData authorizationData = authorizationHandler.
+                    parseAuthorizationHeader(auth.get(0));
+            values = transferEncoding.decodeBase64(authorizationData.getToken());
+           
+        }
+        catch (KustvaktException e) {
+            throw kustvaktResponseHandler.throwit(e);
+        }
         //        authentication = StringUtils.stripTokenType(authentication);
         //        String[] values = new String(
         //                DatatypeConverter.parseBase64Binary(authentication)).split(":");
         //        String[] values = Base64.base64Decode(authentication).split(":");
 
         // "Invalid syntax for username and password"
-        if (values == null)
-            throw kustvaktResponseHandler.throwit(StatusCodes.BAD_CREDENTIALS);
 
         // Implementation Hanl mit '|'. 16.02.17/FB
         //if (values[0].equalsIgnoreCase("null")
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index 16840f1..67ff04a 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -6,20 +6,22 @@
 import javax.ws.rs.ext.Provider;
 
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
 
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.sun.jersey.spi.container.ContainerRequestFilter;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
 import com.sun.jersey.spi.container.ResourceFilter;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
-import de.ids_mannheim.korap.utils.StringUtils;
 import de.ids_mannheim.korap.web.utils.KustvaktContext;
 import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
 
@@ -27,70 +29,76 @@
  * @author hanl, margaretha
  * @date 04/2017
  */
+@Component
 @Provider
 public class AdminFilter implements ContainerRequestFilter, ResourceFilter {
 
     @Autowired
-	private AuthenticationManagerIface authManager;
+    private AuthenticationManagerIface authManager;
+
+    @Autowired
+    private KustvaktResponseHandler kustvaktResponseHandler;
     
     @Autowired
-    KustvaktResponseHandler kustvaktResponseHandler;
+    private TransferEncoding transferEncoding;
+    
+    @Autowired
+    private HttpAuthorizationHandler authorizationHandler;
+    
+    @Override
+    public ContainerRequest filter (ContainerRequest cr) {
+        String authorization =
+                cr.getHeaderValue(ContainerRequest.AUTHORIZATION);
+        
+        AuthorizationData data;
+        String[] userData;
+        try {
+            data = authorizationHandler.parseAuthorizationHeader(authorization);
+            userData = transferEncoding.decodeBase64(data.getToken());
+        }
+        catch (KustvaktException e) {
+            throw kustvaktResponseHandler.throwAuthenticationException(e);
+        }
+        
+        String host = cr.getHeaderValue(ContainerRequest.HOST);
+        String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
+        Map<String, Object> attributes = new HashMap<>();
+        attributes.put(Attributes.HOST, host);
+        attributes.put(Attributes.USER_AGENT, agent);
+        try {
+            // EM: fix me: AuthenticationType based on header value
+            User user = authManager.authenticate(data.getAuthenticationType(),
+                    userData[0], userData[0], attributes);
+            if (!user.isAdmin()) {
+                throw kustvaktResponseHandler.throwAuthenticationException(
+                        "Admin authentication failed.");
+            }
+            Map<String, Object> properties = cr.getProperties();
+            properties.put("user", user);
+        }
+        catch (KustvaktException e) {
+            throw kustvaktResponseHandler.throwAuthenticationException(e);
+        }
 
-	@Override
-	public ContainerRequest filter(ContainerRequest cr) {
-		String authentication = cr.getHeaderValue(ContainerRequest.AUTHORIZATION);
-		if (authentication == null) {
-			throw kustvaktResponseHandler.throwAuthenticationException("The authorization header value is missing.");
-		}
-		
-		// EM: fix me: authentication header format
-		// decode password
-		AuthenticationType authenticationType = AuthenticationType.valueOf(StringUtils.getTokenType(authentication));
-		String authenticationCode = StringUtils.stripTokenType(authentication);
-		String username = null, token = null;
-		// String tokenType = 0;
-		
-		if (authenticationType.equals(AuthenticationType.DATABASE)) {
-			String[] authContent = BasicHttpAuth.decode(authenticationCode);
-			username = authContent[0];
-			token = authContent[1];
-		}
-		
-		String host = cr.getHeaderValue(ContainerRequest.HOST);
-		String agent = cr.getHeaderValue(ContainerRequest.USER_AGENT);
-		Map<String, Object> attributes = new HashMap<>();
-		attributes.put(Attributes.HOST, host);
-		attributes.put(Attributes.USER_AGENT, agent);
-		try {
-		    // EM: fix me: AuthenticationType based on header value
-			User user = authManager.authenticate(AuthenticationType.LDAP, username, token, attributes);
-			if (!user.isAdmin()){
-				throw kustvaktResponseHandler.throwAuthenticationException("Admin authentication failed.");
-			}
-			Map<String, Object> properties = cr.getProperties();
-			properties.put("user", user);
-		} catch (KustvaktException e) {
-			throw kustvaktResponseHandler.throwAuthenticationException("User authentication failed.");
-		}
+        TokenContext c = new TokenContext();
+        c.setUsername(userData[0]);
+        c.setAuthenticationType(data.getAuthenticationType());
+        // EM: is this secure? Is token context not sent outside Kustvakt?
+        c.setToken(data.getToken());
+        c.setHostAddress(host);
+        c.setUserAgent(agent);
+        cr.setSecurityContext(new KustvaktContext(c));
 
-		TokenContext c = new TokenContext();
-		c.setUsername(username);
-		c.setAuthenticationType(authenticationType);
-		c.setToken(token);
-		c.setHostAddress(host);
-		c.setUserAgent(agent);
-		cr.setSecurityContext(new KustvaktContext(c));
+        return cr;
+    }
 
-		return cr;
-	}
+    @Override
+    public ContainerRequestFilter getRequestFilter () {
+        return this;
+    }
 
-	@Override
-	public ContainerRequestFilter getRequestFilter() {
-		return this;
-	}
-
-	@Override
-	public ContainerResponseFilter getResponseFilter() {
-		return null;
-	}
+    @Override
+    public ContainerResponseFilter getResponseFilter () {
+        return null;
+    }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index 5f92c1b..61f92e7 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -1,39 +1,45 @@
 package de.ids_mannheim.korap.web.filter;
 
+import javax.ws.rs.ext.Provider;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.sun.jersey.spi.container.ContainerRequestFilter;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
 import com.sun.jersey.spi.container.ResourceFilter;
-import de.ids_mannheim.korap.config.BeansFactory;
+
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.web.utils.KustvaktContext;
 import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
 
-import javax.ws.rs.ext.Provider;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-
 /**
  * @author hanl
  * @date 28/01/2014
  */
 @Component
 @Provider
-public class AuthenticationFilter implements ContainerRequestFilter, ResourceFilter {
+public class AuthenticationFilter
+        implements ContainerRequestFilter, ResourceFilter {
+
+    @Autowired
+    private HttpAuthorizationHandler authorizationHandler;
 
     @Autowired
     private AuthenticationManagerIface userController;
 
     @Autowired
-    KustvaktResponseHandler kustvaktResponseHandler;
+    private KustvaktResponseHandler kustvaktResponseHandler;
 
-//    public AuthFilter () {
-//        this.userController = BeansFactory.getKustvaktContext()
-//                .getAuthenticationManager();
-//    }
+    //    public AuthFilter () {
+    //        this.userController = BeansFactory.getKustvaktContext()
+    //                .getAuthenticationManager();
+    //    }
 
 
     @Override
@@ -41,22 +47,27 @@
         String host = request.getHeaderValue(ContainerRequest.HOST);
         String ua = request.getHeaderValue(ContainerRequest.USER_AGENT);
 
-        String authentication = request
-                .getHeaderValue(ContainerRequest.AUTHORIZATION);
-        if (authentication != null && !authentication.isEmpty()) {
+        String authorization =
+                request.getHeaderValue(ContainerRequest.AUTHORIZATION);
+
+
+        if (authorization != null && !authorization.isEmpty()) {
             TokenContext context;
             try {
-                context = userController.getTokenStatus(authentication, host,
+                AuthorizationData data = authorizationHandler
+                        .parseAuthorizationHeader(authorization);
+                context = userController.getTokenStatus(
+                        data.getAuthenticationType(), data.getToken(), host,
                         ua);
             }
             catch (KustvaktException e) {
-                throw kustvaktResponseHandler.throwAuthenticationException(authentication);
+                throw kustvaktResponseHandler
+                        .throwAuthenticationException(authorization);
             }
             // fixme: give reason why access is not granted?
-            if (context != null
-                    && context.isValid()
-                    && ((context.isSecureRequired() && request.isSecure()) | !context
-                            .isSecureRequired()))
+            if (context != null && context.isValid()
+                    && ((context.isSecureRequired() && request.isSecure())
+                            | !context.isSecureRequired()))
                 request.setSecurityContext(new KustvaktContext(context));
             else
                 throw kustvaktResponseHandler.throwAuthenticationException("");
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
index ee6a24f..a30d589 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/DemoFilter.java
@@ -1,19 +1,21 @@
 package de.ids_mannheim.korap.web.filter;
 
+import javax.ws.rs.core.SecurityContext;
+import javax.ws.rs.ext.Provider;
+
+import org.springframework.beans.factory.annotation.Autowired;
+
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.sun.jersey.spi.container.ContainerRequestFilter;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
 import com.sun.jersey.spi.container.ResourceFilter;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
-import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.web.utils.KustvaktContext;
 
-import javax.ws.rs.core.SecurityContext;
-import javax.ws.rs.ext.Provider;
-
 /**
  * @author hanl
  * @date 08/02/2016
@@ -21,6 +23,9 @@
 @Provider
 public class DemoFilter implements ContainerRequestFilter, ResourceFilter {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     @Override
     public ContainerRequest filter (ContainerRequest request) {
         String authentication = request
@@ -39,7 +44,13 @@
 
     private SecurityContext createContext () {
         TokenContext context = new TokenContext();
-        String token = BasicHttpAuth.encode("demo", "demo2015");
+        String token = null;
+        try {
+            token = handler.createAuthorizationHeader(AuthenticationType.BASIC,"demo", "demo2015");
+        }
+        catch (KustvaktException e) {
+            e.printStackTrace();
+        }
         context.setToken(token);
         context.setAuthenticationType(AuthenticationType.LDAP);
         context.setUsername("demo");
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 5fb4896..c81bff5 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -213,7 +213,7 @@
 			type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
 	</bean>
 
-	<bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicHttpAuth" />
+	<bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicAuthentication" />
 
 
 	<bean id="session_auth"
diff --git a/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java b/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
index aa213d2..aea4968 100644
--- a/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/config/StringUtilsTest.java
@@ -1,21 +1,25 @@
 package de.ids_mannheim.korap.config;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
-import de.ids_mannheim.korap.utils.StringUtils;
-import org.apache.commons.codec.binary.Base64;
-import org.junit.Test;
-
-import java.util.Arrays;
-
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertNull;
+
+import org.apache.commons.codec.binary.Base64;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import de.ids_mannheim.korap.authentication.BasicAuthentication;
+import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.utils.StringUtils;
 
 /**
  * Created by hanl on 29.05.16.
  */
 public class StringUtilsTest {
 
+
     @Test
     public void testTextIToDoc () {
         String textSigle = "WPD_AAA.02439";
@@ -26,17 +30,19 @@
 
 
     @Test
-    public void testBasicHttpSplit() {
-            String s1 = "basic " + new String(Base64.encodeBase64("test:testPass".getBytes()));
-            String s2 = new String(Base64.encodeBase64("test:testPass".getBytes()));
-            String[] f1 = BasicHttpAuth.decode(s1);
-            String[] f2 = BasicHttpAuth.decode(s2);
-            assertNotNull(f1);
-            assertNotNull(f2);
-            assertEquals("test", f1[0]);
-            assertEquals("testPass", f1[1]);
-            assertEquals("test", f2[0]);
-            assertEquals("testPass", f2[1]);
+    public void testBasicHttpSplit () throws KustvaktException {
+        TransferEncoding transferEncoding = new TransferEncoding();
+        String s2 = new String(Base64.encodeBase64("test:testPass".getBytes()));
+        String[] f2 = transferEncoding.decodeBase64(s2);
+        assertEquals("test", f2[0]);
+        assertEquals("testPass", f2[1]);
+
+
+        HttpAuthorizationHandler handler = new HttpAuthorizationHandler();
+        String s1 = "basic "
+                + new String(Base64.encodeBase64("test:testPass".getBytes()));
+        AuthorizationData f1 = handler.parseAuthorizationHeader(s1);
+        assertEquals(s2, f1.getToken());
     }
 
 }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
index a314d7f..1acf4c2 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/AuthServiceTest.java
@@ -9,12 +9,15 @@
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.TestHelper;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
@@ -31,8 +34,12 @@
 @Ignore
 public class AuthServiceTest extends FastJerseyTest {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     private static String[] credentials;
-
+    
+    
     @BeforeClass
     public static void configure () throws Exception {
         credentials = new String[2];
@@ -54,7 +61,8 @@
 
     @Test
     public void testSessionToken() throws KustvaktException {
-        String auth = BasicHttpAuth.encode(credentials[0], credentials[1]);
+        String auth = handler.createAuthorizationHeader(AuthenticationType.SESSION, 
+                credentials[0], credentials[1]);
         ClientResponse response = resource().path("auth")
                 .path("sessionToken").header(Attributes.AUTHORIZATION, auth)
                 .get(ClientResponse.class);
@@ -90,7 +98,8 @@
 
     @Test
     public void testSessionTokenExpire() throws KustvaktException {
-        String auth = BasicHttpAuth.encode(credentials[0], credentials[1]);
+        String auth = handler.createAuthorizationHeader(AuthenticationType.SESSION,
+                credentials[0], credentials[1]);
         ClientResponse response = resource().path("auth")
                 .path("sessionToken").header(Attributes.AUTHORIZATION, auth)
                 .get(ClientResponse.class);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
index ed1eec6..765deb8 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/FilterTest.java
@@ -1,18 +1,22 @@
 package de.ids_mannheim.korap.web.service.full;
 
-import com.sun.jersey.api.client.ClientResponse;
-import de.ids_mannheim.korap.config.TestHelper;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
-import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.web.service.FastJerseyTest;
+import static org.junit.Assert.assertEquals;
+
 import org.eclipse.jetty.server.Response;
-import org.junit.Assert;
-import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
-import static org.junit.Assert.assertEquals;
+import com.sun.jersey.api.client.ClientHandlerException;
+import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.UniformInterfaceException;
+
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
+import de.ids_mannheim.korap.config.TestHelper;
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.web.service.FastJerseyTest;
 
 /** EM: fix tests. new DB does not save users.
  * @author hanl
@@ -21,13 +25,19 @@
 @Ignore
 public class FilterTest extends FastJerseyTest {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+
+
     @Test
-    public void testTestUserAuth () {
+    public void testTestUserAuth () throws UniformInterfaceException, ClientHandlerException, 
+        KustvaktException {
+        
         ClientResponse resp = resource()
                 
                 .path("user/info")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode(
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,
                                 (String) TestHelper.getUserCredentials().get(Attributes.USERNAME),
                                 (String) TestHelper.getUserCredentials().get(Attributes.PASSWORD)))
                 .get(ClientResponse.class);
@@ -45,12 +55,14 @@
 
 
     @Test
-    public void testUnauthorizedAuth () {
+    public void testUnauthorizedAuth () throws UniformInterfaceException, 
+        ClientHandlerException, KustvaktException {
+        
         ClientResponse resp = resource()
-                
                 .path("user/info")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,
+                                "kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         String entity = resp.getEntity(String.class);
         System.out.println(entity);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
index a265cfa..31248d8 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/KustvaktServerTest.java
@@ -27,14 +27,17 @@
 import org.junit.Assert;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.core.util.MultivaluedMapImpl;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.BeanConfigTest;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.handlers.ResourceDao;
@@ -60,6 +63,8 @@
 @Deprecated
 public class KustvaktServerTest extends BeanConfigTest {
     private static ObjectMapper mapper = new ObjectMapper();
+    @Autowired
+    private HttpAuthorizationHandler handler;
 
 
     @Test
@@ -170,7 +175,7 @@
 
 
     @Test
-    public void testCreatePolicy () throws IOException, URISyntaxException {
+    public void testCreatePolicy () throws IOException, URISyntaxException, KustvaktException {
 
         HttpClient httpClient = HttpClients.createDefault();
 
@@ -189,7 +194,7 @@
         HttpPost httppost = new HttpPost(uri);
 
         httppost.addHeader(Attributes.AUTHORIZATION,
-                BasicHttpAuth.encode("kustvakt", "kustvakt2015"));
+                handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"));
         HttpResponse response = httpClient.execute(httppost);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatusLine().getStatusCode());
@@ -199,7 +204,7 @@
 
     @Test
     public void testCreatePolicyForFoundry ()
-            throws IOException, URISyntaxException {
+            throws IOException, URISyntaxException, KustvaktException {
 
         HttpClient httpClient = HttpClients.createDefault();
 
@@ -219,7 +224,7 @@
         HttpPost httppost = new HttpPost(uri);
 
         httppost.addHeader(Attributes.AUTHORIZATION,
-                BasicHttpAuth.encode("kustvakt", "kustvakt2015"));
+                handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"));
         HttpResponse response = httpClient.execute(httppost);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatusLine().getStatusCode());
@@ -229,7 +234,7 @@
 
     @Test
     public void testCreatePolicyWithMultiplePermissions ()
-            throws IOException, URISyntaxException {
+            throws IOException, URISyntaxException, KustvaktException {
 
         HttpClient httpClient = HttpClients.createDefault();
 
@@ -250,7 +255,7 @@
         HttpPost httppost = new HttpPost(uri);
 
         httppost.addHeader(Attributes.AUTHORIZATION,
-                BasicHttpAuth.encode("kustvakt", "kustvakt2015"));
+                handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"));
         HttpResponse response = httpClient.execute(httppost);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatusLine().getStatusCode());
@@ -260,7 +265,7 @@
 
     @Test
     public void testWrongAuthorization ()
-            throws IOException, URISyntaxException {
+            throws IOException, URISyntaxException, KustvaktException {
         HttpResponse response = testResourceStore("wezrowerowj");
         assertEquals(ClientResponse.Status.UNAUTHORIZED.getStatusCode(),
                 response.getStatusLine().getStatusCode());
@@ -297,7 +302,7 @@
 
 
     public HttpResponse testResourceStore (String password)
-            throws IOException, URISyntaxException {
+            throws IOException, URISyntaxException, KustvaktException {
 
         HttpClient httpclient = HttpClients.createDefault();
         URIBuilder builder = new URIBuilder();
@@ -309,14 +314,14 @@
         URI uri = builder.build();
         HttpPost httppost = new HttpPost(uri);
         httppost.addHeader(Attributes.AUTHORIZATION,
-                BasicHttpAuth.encode("kustvakt", password));
+                handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", password));
         return httpclient.execute(httppost);
 
     }
     
     @Test
     public void testResourceUpdate ()
-            throws IOException, URISyntaxException {
+            throws IOException, URISyntaxException, KustvaktException {
 
         HttpClient httpclient = HttpClients.createDefault();
         URIBuilder builder = new URIBuilder();
@@ -328,7 +333,7 @@
         URI uri = builder.build();
         HttpPost httppost = new HttpPost(uri);
         httppost.addHeader(Attributes.AUTHORIZATION,
-                BasicHttpAuth.encode("kustvakt", "kustvakt2015"));
+                handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"));
         HttpResponse response = httpclient.execute(httppost);
         
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
index 66f38fb..28318cf 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/MatchInfoServiceTest.java
@@ -6,18 +6,23 @@
 
 import org.eclipse.jetty.http.HttpHeaders;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
 
 public class MatchInfoServiceTest extends FastJerseyTest {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     @Test
     public void testGetMatchInfoPublicCorpus () throws KustvaktException {
 
@@ -72,7 +77,8 @@
                 .path("p36875-36876").path("matchInfo")
                 .queryParam("foundry", "*")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(
+                                AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
                 .get(ClientResponse.class);
 
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
index d4c8aa1..18bae77 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/OAuth2EndpointTest.java
@@ -6,14 +6,17 @@
 
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientHandlerException;
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.api.client.UniformInterfaceException;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
+import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.TestHelper;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
@@ -26,7 +29,9 @@
 @Ignore
 // todo: in combination with other tests, causes failures!
 public class OAuth2EndpointTest extends FastJerseyTest {
-
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     @Override
     public void initMethod () throws KustvaktException {
 //        helper().setupAccount();
@@ -35,7 +40,8 @@
 
     @Test
     public void testAuthorizeClient () throws ClientHandlerException, UniformInterfaceException, KustvaktException {
-        String auth = BasicHttpAuth.encode(helper().getUser().getUsername(),
+        String auth = handler.createAuthorizationHeader(
+                AuthenticationType.OAUTH2, helper().getUser().getUsername(),
                 (String) TestHelper.getUserCredentials().get(Attributes.PASSWORD));
         ClientResponse response = resource().path(getAPIVersion()).path("oauth2")
                 .path("register")
@@ -72,7 +78,8 @@
     @Ignore
     public void authenticate () throws KustvaktException {
         Map<String, Object> cred = TestHelper.getUserCredentials();
-        String enc = BasicHttpAuth.encode((String) cred.get(Attributes.USERNAME), (String) cred.get(Attributes.PASSWORD));
+        String enc = handler.createAuthorizationHeader(AuthenticationType.OAUTH2, 
+                (String) cred.get(Attributes.USERNAME), (String) cred.get(Attributes.PASSWORD));
         ClientResponse response = resource().path(getAPIVersion()).path("oauth2")
                 .path("register")
                 .queryParam("redirect_url", "korap.ids-mannheim.de/redirect")
@@ -94,7 +101,7 @@
                 .queryParam("response_type", "code")
                 .queryParam("redirect_uri", "korap.ids-mannheim.de/redirect")
                 //                .header(Attributes.AUTHORIZATION, enc)
-                .header("Content-Type", "application/x-www-form-urlencoded")
+                .header("Content-Type", "application/x-www-form-urlencodeBase64d")
                 .post(ClientResponse.class);
 
         e = response.getEntity(String.class);
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
index 7bc7910..58affbf 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/PolicyServiceTest.java
@@ -6,14 +6,15 @@
 import java.util.List;
 import java.util.UUID;
 
-import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.sun.jersey.api.client.ClientResponse;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.interfaces.db.PolicyHandlerIface;
 import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
@@ -35,6 +36,9 @@
 @Ignore
 public class PolicyServiceTest extends FastJerseyTest {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     private User user = UserFactory.getDemoUser();
 
 
@@ -51,7 +55,7 @@
                 .queryParam("perm", Permission.READ.name())
                 .queryParam("expire", "")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -95,7 +99,7 @@
                 .queryParam("loc", "255.255.255.0")
                 .queryParam("expire", "30D")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -133,7 +137,7 @@
                 .queryParam("perm", Permission.DELETE.name())
                 .queryParam("expire", "30D")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
index e12c483..77bad19 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/QuerySerializationServiceTest.java
@@ -12,15 +12,16 @@
 
 import java.util.Iterator;
 
-import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
@@ -30,6 +31,9 @@
 @Ignore
 public class QuerySerializationServiceTest extends FastJerseyTest {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     @Override
     public void initMethod () throws KustvaktException {
         //        helper().runBootInterfaces();
@@ -95,7 +99,7 @@
                 .path("corpus/BRZ10/query").queryParam("q", "[orth=der]")
                 .queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .method("GET", ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -119,7 +123,7 @@
                 .queryParam("name", "Weimarer Werke")
                 .queryParam("description", "Goethe-Werke in Weimar (seit 1775)")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -136,7 +140,7 @@
 
                 .path("collection")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -161,7 +165,7 @@
                 .queryParam("q", "[orth=der]").queryParam("ql", "poliqarp")
                 .queryParam("context", "base/s:s")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .method("GET", ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
index 0209107..b357adb 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceInfoServiceTest.java
@@ -5,15 +5,16 @@
 import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertTrue;
 
-import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
@@ -25,6 +26,9 @@
 @Ignore
 public class ResourceInfoServiceTest extends FastJerseyTest {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     @Override
     public void initMethod () throws KustvaktException {
 //        helper().runBootInterfaces();
@@ -48,7 +52,7 @@
         ClientResponse response = resource().path(getAPIVersion())
                 .path("collection")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
index 8759b33..238e7ba 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/ResourceServiceTest.java
@@ -9,16 +9,17 @@
 
 import org.apache.http.HttpStatus;
 import org.junit.Assert;
-import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.handlers.ResourceDao;
 import de.ids_mannheim.korap.resources.KustvaktResource;
@@ -35,7 +36,9 @@
 @Deprecated
 public class ResourceServiceTest extends FastJerseyTest {
 
-
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     // create a simple test collection for user kustvakt, otherwise test fails
     @Test
     @Ignore
@@ -43,7 +46,7 @@
         ClientResponse response = resource().path(getAPIVersion())
                 .path("collection")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -56,7 +59,7 @@
         response = resource().path(getAPIVersion()).path("collection").path(id)
                 .path("stats")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -76,7 +79,7 @@
                 .path("virtualcollection").path("GOE-VC") // persistent id
                 .queryParam("name", "Goethe collection")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -101,7 +104,7 @@
                 .path("corpus").path("GOE") // persistent id
                 .queryParam("name", "Goethe corpus")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -124,7 +127,7 @@
                 .path("foundry").path("malt") // persistent id
                 .queryParam("name", "malt parser")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -146,7 +149,7 @@
         ClientResponse response = resource().path(getAPIVersion()).path("layer")
                 .path("mate/d").queryParam("name", "Mate dependency")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -169,7 +172,7 @@
                 .path("corpus").path("GOEC") // persistent id
                 .queryParam("name", "Goethe corpus")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
@@ -205,7 +208,7 @@
                 .queryParam("name", "Brown")
                 .queryParam("description", "Brown corpus")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -239,7 +242,7 @@
                 .queryParam("name", "Brown")
                 .queryParam("description", "Brown corpus")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(),
@@ -264,7 +267,7 @@
                 .queryParam("query", "author ~ Asdert")
                 .queryParam("description", "Wikipedia subcorpus from Asdert")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -300,7 +303,7 @@
                 .queryParam("name", "Goethe")
                 .queryParam("description", "Goethe corpus")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -330,7 +333,7 @@
         response = resource().path(getAPIVersion()).path("virtualcollection")
                 .path(id).queryParam("name", "Goethe")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(HttpStatus.SC_BAD_REQUEST, response.getStatus());
@@ -343,7 +346,7 @@
         response = resource().path(getAPIVersion()).path("virtualcollection")
                 .path(id).queryParam("name", "Goethe collection")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .post(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -358,7 +361,7 @@
         response = resource().path(getAPIVersion()).path("virtualcollection")
                 .path(id)
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .delete(ClientResponse.class);
 
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
index 380a316..ba2fb3c 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchServiceTest.java
@@ -11,15 +11,16 @@
 import javax.ws.rs.core.MediaType;
 
 import org.eclipse.jetty.http.HttpHeaders;
-import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.ContextHolder;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.interfaces.db.EntityHandlerIface;
@@ -37,6 +38,9 @@
  */
 public class SearchServiceTest extends FastJerseyTest {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     @Override
     public void initMethod () throws KustvaktException {
 //        helper().runBootInterfaces();
@@ -139,7 +143,7 @@
                 .path("search").queryParam("q", "[orth=die]")
                 .queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -165,7 +169,7 @@
                 .path("search").queryParam("q", "[orth=die]")
                 .queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "172.27.0.32")
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
@@ -197,7 +201,7 @@
                 .queryParam("ql", "poliqarp")
                 .queryParam("cq", "textClass=politik & corpusSigle=BRZ10")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -226,7 +230,7 @@
                 .path("search").queryParam("q", "[orth=die]")
                 .queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -360,7 +364,7 @@
                 .path("corpus").path("GOE").path("search")
                 .queryParam("q", "[orth=das]").queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
@@ -402,7 +406,7 @@
                 .path("corpus").path(id).path("search")
                 .queryParam("q", "[orth=das]").queryParam("ql", "poliqarp")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .get(ClientResponse.class);
         assertEquals(ClientResponse.Status.OK.getStatusCode(),
                 response.getStatus());
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
index 8837d18..7328064 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/SearchWithAvailabilityTest.java
@@ -5,18 +5,24 @@
 
 import org.eclipse.jetty.http.HttpHeaders;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
+import com.sun.jersey.api.client.ClientHandlerException;
 import com.sun.jersey.api.client.ClientResponse;
+import com.sun.jersey.api.client.UniformInterfaceException;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.web.service.FastJerseyTest;
 
 public class SearchWithAvailabilityTest extends FastJerseyTest {
-
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     @Override
     public void initMethod () throws KustvaktException {
         //        helper().runBootInterfaces();
@@ -149,11 +155,11 @@
 
 
     private ClientResponse builtClientResponseWithIP (String collectionQuery,
-            String ip) {
+            String ip) throws UniformInterfaceException, ClientHandlerException, KustvaktException {
         return resource().path("search").queryParam("q", "[orth=das]")
                 .queryParam("ql", "poliqarp").queryParam("cq", collectionQuery)
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, ip)
                 .get(ClientResponse.class);
     }
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
index 733f60d..2c1d3fe 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/UserServiceTest.java
@@ -18,14 +18,16 @@
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.nimbusds.jwt.SignedJWT;
 import com.sun.jersey.api.client.ClientResponse;
 import com.sun.jersey.core.util.MultivaluedMapImpl;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.BeansFactory;
 import de.ids_mannheim.korap.config.JWTSigner;
 import de.ids_mannheim.korap.config.TestHelper;
@@ -45,6 +47,9 @@
 @Ignore
 public class UserServiceTest extends FastJerseyTest {
 
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
 	private static String[] credentials;
 
 	@Override
@@ -79,7 +84,7 @@
 
 		// map.putSingle("address", "Mannheim");
 
-		String enc = BasicHttpAuth.encode("testuser", "testPassword1234");
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,"testuser", "testPassword1234");
 		response = resource().path("user").path("info")
 				.header("Content-Type", MediaType.APPLICATION_JSON).header(Attributes.AUTHORIZATION, enc)
 				.get(ClientResponse.class);
@@ -89,7 +94,7 @@
 
 	// test if user locked and what error message you get back
 	@Test
-	public void testregisterWithoutConfirm() {
+	public void testregisterWithoutConfirm() throws KustvaktException {
 		MultivaluedMap map = new MultivaluedMapImpl();
 		map.putSingle("username", "testuser2");
 		map.putSingle("email", "hanl@ids-mannheim.de");
@@ -104,7 +109,7 @@
 
 		// run login/ status --> exception or information about locked account
 		// should appear
-		String enc = BasicHttpAuth.encode("testuser2", "testPassword1234");
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,"testuser2", "testPassword1234");
 		response = resource().path("user").path("info").header(Attributes.AUTHORIZATION, enc)
 				.get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -137,15 +142,15 @@
 		response = resource().uri(URI.create(conf_uri)).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
 
-		String enc = BasicHttpAuth.encode("testuser", "testPassword1234");
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,"testuser", "testPassword1234");
 		response = resource().path("user").path("info").header(Attributes.AUTHORIZATION, enc)
 				.get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
 	}
 
 	@Test
-	public void loginHTTP() {
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+	public void loginHTTP() throws KustvaktException {
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		ClientResponse response = resource().path("user").path("info")
 				.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -155,7 +160,7 @@
 	@Test
 	@Ignore
 	public void loginJWT() throws KustvaktException{
-		String en = BasicHttpAuth.encode(credentials[0], credentials[1]);
+		String en = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		/* lauffähige Version von Hanl: */
 		ClientResponse response = resource().path("auth").path("apiToken")
 				.header(Attributes.AUTHORIZATION, en).get(ClientResponse.class);
@@ -185,7 +190,7 @@
 
 		assertTrue(BeansFactory.getKustvaktContext().getConfiguration().getTokenTTL() < 10);
 
-		String en = BasicHttpAuth.encode(credentials[0], credentials[1]);
+		String en = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		ClientResponse response = resource().path("auth").path("apiToken")
 				.header(Attributes.AUTHORIZATION, en).get(ClientResponse.class);
 
@@ -212,16 +217,16 @@
 	}
 
 	@Test
-	public void testGetUserDetails() {
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+	public void testGetUserDetails() throws KustvaktException {
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		ClientResponse response = resource().path("user").path("details")
 				.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
 	}
 
 	@Test
-	public void testGetUserDetailsEmbeddedPointer() {
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+	public void testGetUserDetailsEmbeddedPointer() throws KustvaktException {
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		Map m = new LinkedMap();
 		m.put("test", "[100, \"error message\", true, \"another message\"]");
 
@@ -239,7 +244,7 @@
 
 	@Test
 	public void testUpdateUserDetailsMerge() throws KustvaktException{
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		Map m = new LinkedMap();
 		m.put("test", "test value 1");
 
@@ -260,8 +265,8 @@
 	}
 
 	@Test
-	public void testGetUserDetailsPointer() {
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+	public void testGetUserDetailsPointer() throws KustvaktException {
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		ClientResponse response = resource().path("user").path("details")
 				.queryParam("pointer", "email").header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -273,7 +278,7 @@
 	public void testGetUserDetailsNonExistent() throws KustvaktException {
 		helper().setupSimpleAccount("userservicetest", "servicepass");
 
-		String enc = BasicHttpAuth.encode("userservicetest", "servicepass");
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,"userservicetest", "servicepass");
 		ClientResponse response = resource().path("user").path("details")
 				.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.BAD_REQUEST.getStatusCode(), response.getStatus());
@@ -286,8 +291,8 @@
 	}
 
 	@Test
-	public void testGetUserSettings() {
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+	public void testGetUserSettings() throws KustvaktException {
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		ClientResponse response = resource().path("user").path("settings")
 				.header(Attributes.AUTHORIZATION, enc).get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -295,7 +300,7 @@
 
 	@Test
 	public void testUpdateUserDetailsJson() throws KustvaktException{
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		Map m = new LinkedMap();
 		m.put("firstName", "newName");
 		m.put("lastName", "newLastName");
@@ -330,13 +335,13 @@
 	@Test
 	@Ignore
 	public void testUpdateUserSettingsForm() throws IOException, KustvaktException{
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		MultivaluedMap m = new MultivaluedMapImpl();
 		m.putSingle("queryLanguage", "poliqarp_test");
 		m.putSingle("pageLength", "200");
 
 		ClientResponse response = resource().path("user").path("settings")
-				.header(Attributes.AUTHORIZATION, enc).header("Content-Type", "application/x-www-form-urlencoded")
+				.header(Attributes.AUTHORIZATION, enc).header("Content-Type", "application/x-www-form-urlencodeBase64d")
 				.get(ClientResponse.class);
 
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
@@ -350,11 +355,11 @@
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
 
 		response = resource().path("user").path("settings").header(Attributes.AUTHORIZATION, enc)
-				.header("Content-Type", "application/x-www-form-urlencoded").post(ClientResponse.class, m);
+				.header("Content-Type", "application/x-www-form-urlencodeBase64d").post(ClientResponse.class, m);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
 
 		response = resource().path("user").path("settings").header(Attributes.AUTHORIZATION, enc)
-				.header("Content-Type", "application/x-www-form-urlencoded").get(ClientResponse.class);
+				.header("Content-Type", "application/x-www-form-urlencodeBase64d").get(ClientResponse.class);
 		assertEquals(ClientResponse.Status.OK.getStatusCode(), response.getStatus());
 
 		map = JsonUtils.readTree(response.getEntity(String.class));
@@ -368,7 +373,7 @@
 
 	@Test
 	public void testUpdateUserSettingsJson() throws IOException, KustvaktException {
-		String enc = BasicHttpAuth.encode(credentials[0], credentials[1]);
+		String enc = handler.createAuthorizationHeader(AuthenticationType.BASIC,credentials[0], credentials[1]);
 		Map m = new HashMap<>();
 		m.put("queryLanguage", "poliqarp_test");
 		m.put("pageLength", "200");
@@ -410,7 +415,7 @@
 		final String CREDENTIALS_INVALID = "{\"username\":\"testuser2\","
 				+ "\"email\":\"hanl@ids-mannheim.de\",\"password\":\"testpassword\"}";
 		// Response response = given()
-		// .contentType("application/x-www-form-urlencoded").when()
+		// .contentType("application/x-www-form-urlencodeBase64d").when()
 		// .body(CREDENTIALS_INVALID).post("/register");
 		// String body = response.getBody().asString();
 		// Assert.assertEquals("response is in error", true,
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java b/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
index e115d7c..1a26e1c 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/service/full/VirtualCorpusServiceTest.java
@@ -6,19 +6,24 @@
 import org.eclipse.jetty.http.HttpHeaders;
 import org.junit.Ignore;
 import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import com.fasterxml.jackson.databind.JsonNode;
 import com.sun.jersey.api.client.ClientResponse;
 
-import de.ids_mannheim.korap.authentication.BasicHttpAuth;
+import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.config.Attributes;
+import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.SpringJerseyTest;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.utils.JsonUtils;
 
 public class VirtualCorpusServiceTest extends SpringJerseyTest{
-
+    
+    @Autowired
+    HttpAuthorizationHandler handler;
+    
     @Test
     @Ignore
     public void testStoreVC () throws KustvaktException {
@@ -28,7 +33,7 @@
 
         ClientResponse response = resource().path("vc").path("store")
                 .header(Attributes.AUTHORIZATION,
-                        BasicHttpAuth.encode("kustvakt", "kustvakt2015"))
+                        handler.createAuthorizationHeader(AuthenticationType.BASIC,"kustvakt", "kustvakt2015"))
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .entity(json)
                 .post(ClientResponse.class);
diff --git a/full/src/test/resources/test-config.xml b/full/src/test/resources/test-config.xml
index 7b85090..1ca00b0 100644
--- a/full/src/test/resources/test-config.xml
+++ b/full/src/test/resources/test-config.xml
@@ -209,7 +209,7 @@
 			type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
 	</bean>
 
-	<bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicHttpAuth" />
+	<bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicAuthentication" />
 
 
 	<bean id="session_auth"