Disabled basic authentication in default config & added comments.

Change-Id: If49fe931f3f88667e525354ede9fc8cb1ac3e472
diff --git a/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java b/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
index f88b724..260dcda 100644
--- a/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
+++ b/core/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
@@ -114,7 +114,7 @@
         queryLanguages = new ArrayList<>();
         for (String querylang : qls)
             queryLanguages.add(querylang.trim().toUpperCase());
-        String is = properties.getProperty("kustvakt.security.jwt.issuer", "");
+        String is = properties.getProperty("security.jwt.issuer", "");
 
         if (!is.startsWith("http"))
             is = "http://" + is;
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
index 96b5800..c353884 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/BasicAuthentication.java
@@ -7,15 +7,13 @@
 import de.ids_mannheim.korap.authentication.http.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.authentication.http.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
-import de.ids_mannheim.korap.config.TokenType;
-import de.ids_mannheim.korap.config.KustvaktConfiguration;
+import de.ids_mannheim.korap.config.FullConfiguration;
 import de.ids_mannheim.korap.config.Scopes;
+import de.ids_mannheim.korap.config.TokenType;
 import de.ids_mannheim.korap.dao.UserDao;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.interfaces.AuthenticationIface;
-import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.user.KorAPUser;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.StringUtils;
@@ -30,10 +28,17 @@
  * Basic authentication is intended to be used with a database. It is 
  * currently only used for testing using a dummy DAO (@see {@link UserDao}) 
  * without passwords.
- *   
+ * 
+ * <br /><br />
+ * Latest changes:
+ * <ul>
+ * <li>Added userdao check
+ * </li>
+ * </ul>
+ * 
  * 
  * @author margaretha
- * @date 15/11/2017
+ * @date 01/03/2018
  * 
  * @author hanl
  * @date 28/04/2015
@@ -43,21 +48,19 @@
     @Autowired
     private TransferEncoding transferEncoding;
     @Autowired
-    private KustvaktConfiguration config;
-    @Autowired
-    private EncryptionIface crypto;
+    private FullConfiguration config;
+//    @Autowired
+//    private EncryptionIface crypto;
     @Autowired
     private UserDao dao;
 
-    public BasicAuthentication (KustvaktConfiguration config) {
-        this.config = config;
-    }
-
     @Override
     public TokenContext getTokenContext (String authToken)
             throws KustvaktException {
         String[] values = transferEncoding.decodeBase64(authToken);
-        if (values != null) {
+        User user = dao.getAccount(values[0]);
+        
+        if (user != null) {
             TokenContext c = new TokenContext();
             c.setUsername(values[0]);
             c.setExpirationTime(TimeUtils.plusSeconds(this.config.getTokenTTL())
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
index 8a8ac3d..13e5f78 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/KustvaktAuthenticationManager.java
@@ -103,11 +103,12 @@
 
 		AuthenticationIface provider = getProvider(type , null);
 
-		if (provider == null)
-			// throw exception for missing type parameter
+		if (provider == null){
 			throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT, 
-			        "token type not defined or found", "token_type");
-
+			        "Authentication provider for token type "+type
+			        +" is not found.", type.displayName());
+		}
+		
 		TokenContext context = provider.getTokenContext(token);
 		// if (!matchStatus(host, useragent, context))
 		// provider.removeUserSession(token);
diff --git a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
index aee009b..f5f04ad 100644
--- a/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
+++ b/full/src/main/java/de/ids_mannheim/korap/config/FullConfiguration.java
@@ -19,9 +19,9 @@
     private String testEmail;
     private String noReply;
     private String emailAddressRetrieval;
-    
+
     private String groupInvitationTemplate;
-    
+
     private String ldapConfig;
 
     private String freeOnlyRegex;
@@ -62,13 +62,17 @@
     }
 
     private void setMailConfiguration (Properties properties) {
-        setMailEnabled(Boolean.valueOf(properties.getProperty("mail.enabled", "false")));
-        if (isMailEnabled){
+        setMailEnabled(Boolean
+                .valueOf(properties.getProperty("mail.enabled", "false")));
+        if (isMailEnabled) {
             // other properties must be set in the kustvakt.conf
-            setTestEmail(properties.getProperty("mail.receiver","test@localhost"));
+            setTestEmail(
+                    properties.getProperty("mail.receiver", "test@localhost"));
             setNoReply(properties.getProperty("mail.sender"));
-            setGroupInvitationTemplate(properties.getProperty("template.group.invitation"));
-            setEmailAddressRetrieval(properties.getProperty("mail.address.retrieval","test"));
+            setGroupInvitationTemplate(
+                    properties.getProperty("template.group.invitation"));
+            setEmailAddressRetrieval(
+                    properties.getProperty("mail.address.retrieval", "test"));
         }
     }
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/dto/converter/ResourceConverter.java b/full/src/main/java/de/ids_mannheim/korap/dto/converter/ResourceConverter.java
index 03f00b3..bfd610d 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dto/converter/ResourceConverter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dto/converter/ResourceConverter.java
@@ -11,38 +11,47 @@
 import de.ids_mannheim.korap.entity.AnnotationPair;
 import de.ids_mannheim.korap.entity.Resource;
 
+/**
+ * ResourceConverter prepares data transfer objects (DTOs) from {@link Resource}
+ * entities. DTO structure defines controllers output, namely the structure of 
+ * JSON objects in HTTP responses.
+ * 
+ * @author margaretha
+ *
+ */
 @Component
 public class ResourceConverter {
 
     public List<ResourceDto> convertToResourcesDto (List<Resource> resources) {
-        List<ResourceDto> resourceDtoList = new ArrayList<ResourceDto>(resources.size());
+        List<ResourceDto> resourceDtoList =
+                new ArrayList<ResourceDto>(resources.size());
         ResourceDto dto;
         Map<String, String> titles;
         HashMap<Integer, String> layers;
-        for (Resource r: resources){
+        for (Resource r : resources) {
             dto = new ResourceDto();
             dto.setDescription(r.getEnglishDescription());
             dto.setResourceId(r.getId());
-            dto.setLanguages(new String[]{"deu"});
-            
+            dto.setLanguages(new String[] { "deu" });
+
             titles = new HashMap<String, String>();
             titles.put("en", r.getEnglishTitle());
             titles.put("de", r.getGermanTitle());
             dto.setTitles(titles);
-            
+
             layers = new HashMap<Integer, String>();
             String foundry, layer, code;
-            for (AnnotationPair annotationPair : r.getLayers()){
+            for (AnnotationPair annotationPair : r.getLayers()) {
                 foundry = annotationPair.getAnnotation1().getCode();
                 layer = annotationPair.getAnnotation2().getCode();
-                code = foundry +"/"+layer;
+                code = foundry + "/" + layer;
                 layers.put(annotationPair.getId(), code);
             }
             dto.setLayers(layers);
-            
+
             resourceDtoList.add(dto);
         }
-        
+
         return resourceDtoList;
     }
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusAccessConverter.java b/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusAccessConverter.java
index 3d9e3de..abd2dab 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusAccessConverter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusAccessConverter.java
@@ -7,7 +7,14 @@
 
 import de.ids_mannheim.korap.dto.VirtualCorpusAccessDto;
 import de.ids_mannheim.korap.entity.VirtualCorpusAccess;
-
+/**
+ * VirtualCorpusAccessConverter prepares data transfer objects (DTOs) from {@link VirtualCorpusAccess}
+ * entities. DTO structure defines controllers output, namely the structure of 
+ * JSON objects in HTTP responses.
+ * 
+ * @author margaretha
+ *
+ */
 @Component
 public class VirtualCorpusAccessConverter {
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusConverter.java b/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusConverter.java
index 66a74a5..52cbfe6 100644
--- a/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusConverter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/dto/converter/VirtualCorpusConverter.java
@@ -9,6 +9,14 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
 
+/**
+ * VirtualCorpusConverter prepares data transfer objects (DTOs) from {@link VirtualCorpus}
+ * entities. DTO structure defines controllers output, namely the structure of 
+ * JSON objects in HTTP responses.
+ * 
+ * @author margaretha
+ *
+ */
 @Component
 public class VirtualCorpusConverter {
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/entity/UserGroupMember.java b/full/src/main/java/de/ids_mannheim/korap/entity/UserGroupMember.java
index f148959..bcbd100 100644
--- a/full/src/main/java/de/ids_mannheim/korap/entity/UserGroupMember.java
+++ b/full/src/main/java/de/ids_mannheim/korap/entity/UserGroupMember.java
@@ -1,7 +1,6 @@
 package de.ids_mannheim.korap.entity;
 
 import java.time.ZonedDateTime;
-import java.util.Date;
 import java.util.List;
 
 import javax.persistence.Column;
diff --git a/full/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java b/full/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
index f968b61..cf37422 100644
--- a/full/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
+++ b/full/src/main/java/de/ids_mannheim/korap/interfaces/AuthenticationManagerIface.java
@@ -6,10 +6,9 @@
 
 import javax.ws.rs.core.HttpHeaders;
 
-import de.ids_mannheim.korap.config.TokenType;
 import de.ids_mannheim.korap.config.AuthenticationMethod;
-import de.ids_mannheim.korap.config.AuthenticationScheme;
 import de.ids_mannheim.korap.config.KustvaktCacheable;
+import de.ids_mannheim.korap.config.TokenType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
diff --git a/full/src/main/java/de/ids_mannheim/korap/rewrite/CollectionConstraint.java b/full/src/main/java/de/ids_mannheim/korap/rewrite/CollectionConstraint.java
index 5d212dd..3228f76 100644
--- a/full/src/main/java/de/ids_mannheim/korap/rewrite/CollectionConstraint.java
+++ b/full/src/main/java/de/ids_mannheim/korap/rewrite/CollectionConstraint.java
@@ -1,15 +1,11 @@
 package de.ids_mannheim.korap.rewrite;
 
 import com.fasterxml.jackson.databind.JsonNode;
+
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
-import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.resource.rewrite.KoralNode;
 import de.ids_mannheim.korap.resource.rewrite.RewriteTask;
-import de.ids_mannheim.korap.resource.rewrite.KoralNode.RewriteIdentifier;
-import de.ids_mannheim.korap.resource.rewrite.RewriteTask.IterableRewritePath;
-import de.ids_mannheim.korap.resources.Corpus;
-import de.ids_mannheim.korap.resources.KustvaktResource;
 import de.ids_mannheim.korap.user.User;
 
 /**
@@ -18,8 +14,6 @@
  */
 public class CollectionConstraint implements RewriteTask.IterableRewritePath {
 
-
-
     @Override
     public JsonNode rewriteQuery (KoralNode node, KustvaktConfiguration config,
             User user) {
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/MailAuthenticator.java b/full/src/main/java/de/ids_mannheim/korap/service/MailAuthenticator.java
index 28e7660..a15d890 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/MailAuthenticator.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/MailAuthenticator.java
@@ -3,6 +3,13 @@
 import javax.mail.Authenticator;
 import javax.mail.PasswordAuthentication;
 
+/** Defines Authenticator for creating javax.mail.Session.
+ * 
+ * @see src/main/resources/default-config.xml
+ * 
+ * @author margaretha
+ *
+ */
 public class MailAuthenticator extends Authenticator {
 
     private PasswordAuthentication passwordAuthentication;
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/MailService.java b/full/src/main/java/de/ids_mannheim/korap/service/MailService.java
index 5051815..556d7b7 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/MailService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/MailService.java
@@ -21,6 +21,12 @@
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
 import de.ids_mannheim.korap.user.User;
 
+/** Manages mail related services, such as sending group member invitations 
+ * per email.  
+ * 
+ * @author margaretha
+ *
+ */
 @Service
 public class MailService {
 
diff --git a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
index 4e0214b..9706cfc 100644
--- a/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
+++ b/full/src/main/java/de/ids_mannheim/korap/service/VirtualCorpusService.java
@@ -296,20 +296,20 @@
         return false;
     }
 
-    public void editVCAccess (VirtualCorpusAccess access, String username)
-            throws KustvaktException {
-
-        // get all the VCA admins
-        UserGroup userGroup = access.getUserGroup();
-        List<UserGroupMember> accessAdmins =
-                userGroupService.retrieveVCAccessAdmins(userGroup);
-
-        User user = authManager.getUser(username);
-        if (!user.isSystemAdmin()) {
-            throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
-                    "Unauthorized operation for user: " + username, username);
-        }
-    }
+//    public void editVCAccess (VirtualCorpusAccess access, String username)
+//            throws KustvaktException {
+//
+//        // get all the VCA admins
+//        UserGroup userGroup = access.getUserGroup();
+//        List<UserGroupMember> accessAdmins =
+//                userGroupService.retrieveVCAccessAdmins(userGroup);
+//
+//        User user = authManager.getUser(username);
+//        if (!user.isSystemAdmin()) {
+//            throw new KustvaktException(StatusCodes.AUTHORIZATION_FAILED,
+//                    "Unauthorized operation for user: " + username, username);
+//        }
+//    }
 
     public List<VirtualCorpusAccessDto> listVCAccessByVC (String username,
             int vcId) throws KustvaktException {
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
index 9e15d33..72a875b 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserGroupController.java
@@ -51,9 +51,6 @@
         PiwikFilter.class })
 public class UserGroupController {
 
-    private static Logger jlog =
-            LoggerFactory.getLogger(UserGroupController.class);
-
     @Autowired
     private FullResponseHandler responseHandler;
     @Autowired
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/input/UserGroupJson.java b/full/src/main/java/de/ids_mannheim/korap/web/input/UserGroupJson.java
index e3c25bd..b08e85f 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/input/UserGroupJson.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/input/UserGroupJson.java
@@ -1,8 +1,15 @@
 package de.ids_mannheim.korap.web.input;
 
+import de.ids_mannheim.korap.web.controller.UserGroupController;
 import lombok.Getter;
 import lombok.Setter;
 
+/** Java POJO of JSON input used in the user group controller for 
+ * creating user group and managing group members.
+ * 
+ * @author margaretha
+ * @see UserGroupController
+ */
 @Getter
 @Setter
 public class UserGroupJson {
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/input/VirtualCorpusJson.java b/full/src/main/java/de/ids_mannheim/korap/web/input/VirtualCorpusJson.java
index 2c8b35a..ac09516 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/input/VirtualCorpusJson.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/input/VirtualCorpusJson.java
@@ -8,7 +8,7 @@
 import lombok.Getter;
 import lombok.Setter;
 
-/** Java POJO of JSON input of the virtual corpus service for 
+/** Java POJO of JSON input of the virtual corpus controller for 
  * creating and editing virtual corpora.
  * 
  * @author margaretha
diff --git a/full/src/main/resources/default-config.xml b/full/src/main/resources/default-config.xml
index 594084a..64fbe6a 100644
--- a/full/src/main/resources/default-config.xml
+++ b/full/src/main/resources/default-config.xml
@@ -223,9 +223,6 @@
 			type="de.ids_mannheim.korap.interfaces.db.PersistenceClient" ref="kustvakt_db" />
 	</bean>
 
-	<bean id="basic_auth" class="de.ids_mannheim.korap.authentication.BasicAuthentication" />
-
-
 	<bean id="session_auth"
 		class="de.ids_mannheim.korap.authentication.SessionAuthentication">
 		<constructor-arg type="de.ids_mannheim.korap.config.KustvaktConfiguration"
@@ -236,7 +233,6 @@
 
 	<util:list id="kustvakt_authproviders"
 		value-type="de.ids_mannheim.korap.interfaces.AuthenticationIface">
-		<ref bean="basic_auth" />
 		<ref bean="ldap_auth" />
 		<ref bean="session_auth" />
 		<!-- <ref bean="api_auth" /> -->
diff --git a/full/src/main/resources/kustvakt.conf b/full/src/main/resources/kustvakt.conf
index ab20bad..a6b2c1d 100644
--- a/full/src/main/resources/kustvakt.conf
+++ b/full/src/main/resources/kustvakt.conf
@@ -41,8 +41,6 @@
 availability.regex.public = ACA.* | QAO.NC
 availability.regex.all = QAO.*
 
-kustvakt.management.registration=enable
-
 ## options referring to the security module!
 
 ## token expiration time in minutes!
@@ -50,7 +48,7 @@
 security.tokenTTL=72H
 security.shortTokenTTL=45M
 
-kustvakt.security.jwt.issuer=korap.ids-mannheim.de
+security.jwt.issuer=korap.ids-mannheim.de
 
 ## specifies the user data field that is used to salt user passwords
 security.passcode.salt=salt
diff --git a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
index c907338..e79195a 100644
--- a/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
+++ b/full/src/test/java/de/ids_mannheim/korap/web/controller/UserGroupControllerTest.java
@@ -58,8 +58,9 @@
                 .header(HttpHeaders.X_FORWARDED_FOR, "149.27.0.32")
                 .get(ClientResponse.class);
         String entity = response.getEntity(String.class);
+        System.out.println(entity);
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
-        //        System.out.println(entity);
+      
         JsonNode node = JsonUtils.readTree(entity);
 
         JsonNode group = node.get(1);
diff --git a/full/src/test/resources/kustvakt-test.conf b/full/src/test/resources/kustvakt-test.conf
index 1de6cb1..8a9f170 100644
--- a/full/src/test/resources/kustvakt-test.conf
+++ b/full/src/test/resources/kustvakt-test.conf
@@ -41,8 +41,6 @@
 availability.regex.public = ACA.* | QAO-NC
 availability.regex.all = QAO.*
 
-kustvakt.management.registration=enable
-
 ## options referring to the security module!
 
 ## token expiration time in minutes!
@@ -50,7 +48,7 @@
 security.tokenTTL = 9S
 security.shortTokenTTL = 5S
 
-kustvakt.security.jwt.issuer=korap.ids-mannheim.de
+security.jwt.issuer=korap.ids-mannheim.de
 
 ## specifies the user data field that is used to salt user passwords
 security.passcode.salt=salt