Move OAuth2 tests.

Change-Id: Ib7cab1d89aa97dfc5438cad77ee22c05ae8f2458
diff --git a/src/test/java/de/ids_mannheim/korap/authentication/APIAuthenticationTest.java b/src/test/java/de/ids_mannheim/korap/authentication/APIAuthenticationTest.java
index 9a22d24..113b4c4 100644
--- a/src/test/java/de/ids_mannheim/korap/authentication/APIAuthenticationTest.java
+++ b/src/test/java/de/ids_mannheim/korap/authentication/APIAuthenticationTest.java
@@ -24,7 +24,7 @@
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.TimeUtils;
-import de.ids_mannheim.korap.web.controller.OAuth2TestBase;
+import de.ids_mannheim.korap.web.controller.oauth2.OAuth2TestBase;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.Response.Status;
 
diff --git a/src/test/java/de/ids_mannheim/korap/authentication/LdapOAuth2Test.java b/src/test/java/de/ids_mannheim/korap/authentication/LdapOAuth2Test.java
index 8fa72e5..810dacd 100644
--- a/src/test/java/de/ids_mannheim/korap/authentication/LdapOAuth2Test.java
+++ b/src/test/java/de/ids_mannheim/korap/authentication/LdapOAuth2Test.java
@@ -29,7 +29,7 @@
 import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;
 import de.ids_mannheim.korap.oauth2.entity.RefreshToken;
 import de.ids_mannheim.korap.utils.JsonUtils;
-import de.ids_mannheim.korap.web.controller.OAuth2TestBase;
+import de.ids_mannheim.korap.web.controller.oauth2.OAuth2TestBase;
 import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
 import jakarta.ws.rs.client.Entity;
 import jakarta.ws.rs.core.Response;
diff --git a/src/test/java/de/ids_mannheim/korap/web/InitialSuperClientTest.java b/src/test/java/de/ids_mannheim/korap/web/InitialSuperClientTest.java
index 1c5374e..afa723d 100644
--- a/src/test/java/de/ids_mannheim/korap/web/InitialSuperClientTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/InitialSuperClientTest.java
@@ -17,7 +17,7 @@
 import de.ids_mannheim.korap.oauth2.entity.OAuth2Client;
 import de.ids_mannheim.korap.oauth2.service.OAuth2InitClientService;
 import de.ids_mannheim.korap.utils.JsonUtils;
-import de.ids_mannheim.korap.web.controller.OAuth2TestBase;
+import de.ids_mannheim.korap.web.controller.oauth2.OAuth2TestBase;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.Response.Status;
 
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/StatisticsControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/StatisticsControllerTest.java
index 065fcd9..97b50c6 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/StatisticsControllerTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/StatisticsControllerTest.java
@@ -13,6 +13,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.utils.JsonUtils;
+import de.ids_mannheim.korap.web.controller.oauth2.OAuth2TestBase;
 import jakarta.ws.rs.client.Entity;
 import jakarta.ws.rs.core.HttpHeaders;
 import jakarta.ws.rs.core.MediaType;
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/UserControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/UserControllerTest.java
index 3a0c7c4..5598ce9 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/UserControllerTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/UserControllerTest.java
@@ -11,6 +11,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.oauth2.constant.OAuth2ClientType;
 import de.ids_mannheim.korap.utils.JsonUtils;
+import de.ids_mannheim.korap.web.controller.oauth2.OAuth2TestBase;
 import de.ids_mannheim.korap.web.input.OAuth2ClientJson;
 import jakarta.ws.rs.core.Response;
 import jakarta.ws.rs.core.Response.Status;
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AccessTokenTest.java
similarity index 95%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AccessTokenTest.java
index 29c850d..bfe5fff 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AccessTokenTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AccessTokenTest.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -40,7 +40,7 @@
         Response response = requestTokenWithDoryPassword(superClientId,
                 clientSecret);
         JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
-        assertEquals("all", node.at("/scope").asText());
+        assertEquals(node.at("/scope").asText(), "all");
         String accessToken = node.at("/access_token").asText();
         
         createDoryGroup();
@@ -120,8 +120,8 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.AUTHORIZATION_FAILED,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Scope vc_info is not authorized",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Scope vc_info is not authorized");
     }
 
     private void testScopeNotAuthorize2 (String accessToken)
@@ -135,8 +135,8 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.AUTHORIZATION_FAILED,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Scope vc_access_info is not authorized",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Scope vc_access_info is not authorized");
     }
 
     @Test
@@ -149,8 +149,8 @@
         JsonNode node = JsonUtils.readTree(ent);
         assertEquals(StatusCodes.INVALID_ACCESS_TOKEN,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Access token is invalid",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Access token is invalid");
     }
 
     @Test
@@ -222,8 +222,8 @@
         node = JsonUtils.readTree(response.readEntity(String.class));
         assertEquals(StatusCodes.AUTHORIZATION_FAILED,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Scope authorize is not authorized",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Scope authorize is not authorized");
 
         revokeToken(userAuthToken, confidentialClientId, clientSecret,
                 ACCESS_TOKEN_TYPE);
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AdminControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AdminControllerTest.java
similarity index 96%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AdminControllerTest.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AdminControllerTest.java
index 35bfadf..80fe019 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AdminControllerTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AdminControllerTest.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertTrue;
@@ -165,8 +165,8 @@
         node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.AUTHORIZATION_FAILED,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Scope vc_info is not authorized",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Scope vc_info is not authorized");
         // search
         response = searchWithAccessToken(accessToken);
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
@@ -182,7 +182,7 @@
         node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.INVALID_ACCESS_TOKEN,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Access token is invalid",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Access token is invalid");
     }
 }
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AuthorizationPostTest.java
similarity index 98%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AuthorizationPostTest.java
index ff03278..da1deab 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationPostTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AuthorizationPostTest.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AuthorizationTest.java
similarity index 97%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationTest.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AuthorizationTest.java
index fba0ef1..917017e 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2AuthorizationTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2AuthorizationTest.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -88,9 +88,9 @@
                 response.getStatus());
 
         URI redirectUri = response.getLocation();
-        assertEquals("https", redirectUri.getScheme());
-        assertEquals("third.party.com", redirectUri.getHost());
-        assertEquals("/confidential/redirect", redirectUri.getPath());
+        assertEquals(redirectUri.getScheme(), "https");
+        assertEquals(redirectUri.getHost(), "third.party.com");
+        assertEquals(redirectUri.getPath(), "/confidential/redirect");
 
         String[] queryParts = redirectUri.getQuery().split("&");
         assertEquals("error_description=scope+is+required", queryParts[1]);
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2ClientControllerTest.java
similarity index 92%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2ClientControllerTest.java
index 7980bca..ea17d10 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ClientControllerTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2ClientControllerTest.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
@@ -49,8 +49,8 @@
         // public client plugin
         JsonNode clientInfo = retrieveClientInfo(publicClientId, "system");
         assertEquals(publicClientId, clientInfo.at("/client_id").asText());
-        assertEquals("public client plugin with redirect uri",
-            clientInfo.at("/client_name").asText());
+        assertEquals(clientInfo.at("/client_name").asText(),
+                "public client plugin with redirect uri");
         assertNotNull(clientInfo.at("/client_description"));
         assertNotNull(clientInfo.at("/client_url"));
         assertEquals("PUBLIC", clientInfo.at("/client_type").asText());
@@ -59,8 +59,8 @@
         clientInfo = retrieveClientInfo(confidentialClientId, "system");
         assertEquals(confidentialClientId,
                 clientInfo.at("/client_id").asText());
-        assertEquals("non super confidential client",
-            clientInfo.at("/client_name").asText());
+        assertEquals(clientInfo.at("/client_name").asText(),
+                "non super confidential client");
         assertNotNull(clientInfo.at("/client_url"));
         assertNotNull(clientInfo.at("/redirect_uri"));
         assertEquals(false, clientInfo.at("/super").asBoolean());
@@ -102,9 +102,9 @@
         Response response = registerClient(username, clientJson);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("client_name must contain at least 3 characters",
-            node.at("/error_description").asText());
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "client_name must contain at least 3 characters");
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -116,9 +116,9 @@
         Response response = registerClient(username, clientJson);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("client_name must contain at least 3 characters",
-            node.at("/error_description").asText());
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "client_name must contain at least 3 characters");
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -130,9 +130,9 @@
         Response response = registerClient(username, clientJson);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("client_name is null",
-            node.at("/error_description").asText());
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "client_name is null");
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -144,9 +144,9 @@
         Response response = registerClient(username, clientJson);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("client_description is null",
-            node.at("/error_description").asText());
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "client_description is null");
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -158,9 +158,9 @@
         Response response = registerClient(username, clientJson);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("client_type is null",
-            node.at("/error_description").asText());
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "client_type is null");
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -201,7 +201,7 @@
         clientJson.setRefreshTokenExpiry(31535000);
         Response response = registerClient(username, clientJson);
         JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -230,9 +230,9 @@
         clientJson.setRefreshTokenExpiry(31537000);
         Response response = registerClient(username, clientJson);
         JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
-        assertEquals("Maximum refresh token expiry is 31536000 seconds (1 year)",
-            node.at("/error_description").asText());
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Maximum refresh token expiry is 31536000 seconds (1 year)");
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -258,7 +258,7 @@
             throws KustvaktException {
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
-        assertEquals("Invalid URL", node.at("/error_description").asText());
+        assertEquals(node.at("/error_description").asText(), "Invalid URL");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), status);
     }
 
@@ -299,7 +299,7 @@
         Response response = requestTokenWithAuthorizationCodeAndForm(clientId,
                 clientSecret, code);
         JsonNode node = JsonUtils.readTree(response.readEntity(String.class));
-        assertEquals("match_info search", node.at("/scope").asText());
+        assertEquals(node.at("/scope").asText(), "match_info search");
         String accessToken = node.at("/access_token").asText();
         OAuth2ClientJson clientJson = createOAuth2ClientJson("R client",
                 OAuth2ClientType.PUBLIC, null);
@@ -312,8 +312,8 @@
         node = JsonUtils.readTree(entity);
         assertEquals(StatusCodes.AUTHORIZATION_FAILED,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Scope register_client is not authorized",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Scope register_client is not authorized");
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
     }
 
@@ -416,8 +416,8 @@
         node = JsonUtils.readTree(response.readEntity(String.class));
         assertEquals(StatusCodes.INVALID_ACCESS_TOKEN,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Access token is invalid",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Access token is invalid");
     }
 
     private void testDeregisterPublicClientMissingUserAuthentication (
@@ -468,8 +468,8 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
-        assertEquals("Operation is not allowed for public clients",
-            node.at("/error_description").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Operation is not allowed for public clients");
     }
 
     private String testResetConfidentialClientSecret (String clientId,
@@ -513,9 +513,9 @@
         assertEquals(2, node.size());
         assertEquals(confidentialClientId, node.at("/0/client_id").asText());
         assertEquals(publicClientId, node.at("/1/client_id").asText());
-        assertEquals("non super confidential client",
-            node.at("/0/client_name").asText());
-        assertEquals("CONFIDENTIAL", node.at("/0/client_type").asText());
+        assertEquals(node.at("/0/client_name").asText(),
+                "non super confidential client");
+        assertEquals(node.at("/0/client_type").asText(), "CONFIDENTIAL");
         assertFalse(node.at("/0/client_url").isMissingNode());
         assertFalse(node.at("/0/client_description").isMissingNode());
     }
@@ -547,7 +547,7 @@
         JsonNode node = listUserClients(username,"");
         assertEquals(1, node.size());
         assertEquals(clientId, node.at("/0/client_id").asText());
-        assertEquals("OAuth2ClientTest", node.at("/0/client_name").asText());
+        assertEquals(node.at("/0/client_name").asText(), "OAuth2ClientTest");
         assertEquals(OAuth2ClientType.CONFIDENTIAL.name(),
                 node.at("/0/client_type").asText());
         assertNotNull(node.at("/0/client_description"));
@@ -684,12 +684,12 @@
                         ContentType.APPLICATION_FORM_URLENCODED)
                 .post(Entity.form(form));
         assertEquals(Status.OK.getStatusCode(), response.getStatus());
-        assertEquals("SUCCESS", response.readEntity(String.class));
+        assertEquals(response.readEntity(String.class), "SUCCESS");
         response = searchWithAccessToken(accessToken);
         node = JsonUtils.readTree(response.readEntity(String.class));
         assertEquals(StatusCodes.INVALID_ACCESS_TOKEN,
                 node.at("/errors/0/0").asInt());
-        assertEquals("Access token is invalid",
-            node.at("/errors/0/1").asText());
+        assertEquals(node.at("/errors/0/1").asText(),
+                "Access token is invalid");
     }
 }
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2ControllerTest.java
similarity index 97%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2ControllerTest.java
index 5fe4e47..37607b0 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2ControllerTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2ControllerTest.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -98,8 +98,8 @@
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(OAuth2Error.INVALID_GRANT, node.at("/error").asText());
-        assertEquals("Invalid authorization",
-            node.at("/error_description").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Invalid authorization");
     }
 
     @Test
@@ -144,8 +144,8 @@
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(OAuth2Error.INVALID_GRANT, node.at("/error").asText());
-        assertEquals("Missing redirect URI",
-            node.at("/error_description").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Missing redirect URI");
     }
 
     private void testRequestTokenAuthorizationInvalidRedirectUri (String code)
@@ -174,8 +174,8 @@
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(OAuth2Error.INVALID_GRANT, node.at("/error").asText());
-        assertEquals("Invalid authorization",
-            node.at("/error_description").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Invalid authorization");
     }
 
     @Test
@@ -190,13 +190,13 @@
         assertEquals(TokenType.BEARER.displayName(),
                 node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
-        assertEquals("all", node.at("/scope").asText());
+        assertEquals(node.at("/scope").asText(), "all");
         String refresh = node.at("/refresh_token").asText();
         RefreshToken refreshToken = refreshTokenDao
                 .retrieveRefreshToken(refresh);
         Set<AccessScope> scopes = refreshToken.getScopes();
         assertEquals(1, scopes.size());
-        assertEquals("[all]", scopes.toString());
+        assertEquals(scopes.toString(), "[all]");
         testRefreshTokenExpiry(refresh);
     }
 
@@ -237,8 +237,8 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(OAuth2Error.UNAUTHORIZED_CLIENT,
                 node.at("/error").asText());
-        assertEquals("Password grant is not allowed for third party clients",
-            node.at("/error_description").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Password grant is not allowed for third party clients");
     }
 
     @Test
@@ -250,8 +250,8 @@
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(OAuth2Error.UNAUTHORIZED_CLIENT,
                 node.at("/error").asText());
-        assertEquals("Password grant is not allowed for third party clients",
-            node.at("/error_description").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Password grant is not allowed for third party clients");
     }
 
     @Test
@@ -330,8 +330,8 @@
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
         assertEquals(OAuth2Error.INVALID_REQUEST, node.at("/error").asText());
-        assertEquals("Missing parameter: client_secret",
-            node.at("/error_description").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Missing parameter: client_secret");
     }
 
     @Test
@@ -413,7 +413,7 @@
         assertEquals(TokenType.BEARER.displayName(),
                 node.at("/token_type").asText());
         assertNotNull(node.at("/expires_in").asText());
-        assertEquals("client_info", node.at("/scope").asText());
+        assertEquals(node.at("/scope").asText(), "client_info");
     }
 
     @Test
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2PluginTest.java
similarity index 96%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2PluginTest.java
index de4850b..66c5196 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2PluginTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2PluginTest.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertFalse;
@@ -116,7 +116,7 @@
             throws ProcessingException, KustvaktException {
         JsonNode clientInfo = retrieveClientInfo(clientId, "other-user");
         assertEquals(clientId, clientInfo.at("/client_id").asText());
-        assertEquals("Plugin", clientInfo.at("/client_name").asText());
+        assertEquals(clientInfo.at("/client_name").asText(), "Plugin");
         assertEquals(OAuth2ClientType.CONFIDENTIAL.name(),
                 clientInfo.at("/client_type").asText());
         assertNotNull(clientInfo.at("/client_description").asText());
@@ -385,9 +385,9 @@
         Response response = installPlugin(form);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("Unknown client: unknown",
-            node.at("/error_description").asText());
-        assertEquals("invalid_client", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Unknown client: unknown");
+        assertEquals(node.at("/error").asText(), "invalid_client");
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
     }
 
@@ -399,9 +399,9 @@
         Response response = installPlugin(form);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("Missing parameter: super_client_secret",
-            node.at("/error_description").asText());
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Missing parameter: super_client_secret");
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -412,9 +412,9 @@
         Response response = installPlugin(form);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("Missing parameter: super_client_id",
-            node.at("/error_description").asText());
-        assertEquals("invalid_request", node.at("/error").asText());
+        assertEquals(node.at("/error_description").asText(),
+                "Missing parameter: super_client_id");
+        assertEquals(node.at("/error").asText(), "invalid_request");
         assertEquals(Status.BAD_REQUEST.getStatusCode(), response.getStatus());
     }
 
@@ -427,7 +427,7 @@
         Response response = installPlugin(form);
         String entity = response.readEntity(String.class);
         JsonNode node = JsonUtils.readTree(entity);
-        assertEquals("unauthorized_client", node.at("/error").asText());
+        assertEquals(node.at("/error").asText(), "unauthorized_client");
         assertEquals(Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
     }
 
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2RClientTest.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2RClientTest.java
similarity index 94%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2RClientTest.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2RClientTest.java
index 72232ff..022521b 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2RClientTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2RClientTest.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
@@ -71,8 +71,8 @@
         assertEquals(Status.TEMPORARY_REDIRECT.getStatusCode(),
                 response.getStatus());
         URI redirectUri = response.getLocation();
-        assertEquals("http", redirectUri.getScheme());
-        assertEquals("localhost", redirectUri.getHost());
+        assertEquals(redirectUri.getScheme(), "http");
+        assertEquals(redirectUri.getHost(), "localhost");
         assertEquals(1410, redirectUri.getPort());
         MultiValueMap<String, String> params = UriComponentsBuilder
                 .fromUri(redirectUri).build().getQueryParams();
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2TestBase.java
similarity index 99%
rename from src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
rename to src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2TestBase.java
index 01a9f4e..e8d5b94 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/OAuth2TestBase.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/oauth2/OAuth2TestBase.java
@@ -1,4 +1,4 @@
-package de.ids_mannheim.korap.web.controller;
+package de.ids_mannheim.korap.web.controller.oauth2;
 
 import static org.junit.jupiter.api.Assertions.assertEquals;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
diff --git a/src/test/java/de/ids_mannheim/korap/web/controller/usergroup/UserGroupTestBase.java b/src/test/java/de/ids_mannheim/korap/web/controller/usergroup/UserGroupTestBase.java
index d63a681..126c89c 100644
--- a/src/test/java/de/ids_mannheim/korap/web/controller/usergroup/UserGroupTestBase.java
+++ b/src/test/java/de/ids_mannheim/korap/web/controller/usergroup/UserGroupTestBase.java
@@ -10,7 +10,7 @@
 import de.ids_mannheim.korap.constant.PredefinedRole;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.utils.JsonUtils;
-import de.ids_mannheim.korap.web.controller.OAuth2TestBase;
+import de.ids_mannheim.korap.web.controller.oauth2.OAuth2TestBase;
 import jakarta.ws.rs.client.Entity;
 import jakarta.ws.rs.core.Form;
 import jakarta.ws.rs.core.MediaType;