Improved AuthenticationException.

Change-Id: I5c621a1da2df73b3dfb864771d2e9c03bf64942f
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
index 8f310a6..13715a7 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/AuthorizationData.java
@@ -10,5 +10,7 @@
 
     private String token;
     private AuthenticationType authenticationType;
+    private String username;
+    private String password;
 
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
index b5851e3..22bd096 100644
--- a/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
+++ b/full/src/main/java/de/ids_mannheim/korap/authentication/framework/HttpAuthorizationHandler.java
@@ -3,8 +3,6 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
-import com.sun.jersey.api.client.ClientResponse.Status;
-
 import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
@@ -53,7 +51,13 @@
         return data;
     }
 
-    public void parseToken (AuthorizationData data) throws KustvaktException {
-        String[] credentials = transferEncoding.decodeBase64(data.getToken());        
+    public AuthorizationData parseToken (AuthorizationData data) throws KustvaktException {
+        String[] credentials = transferEncoding.decodeBase64(data.getToken());
+        data.setUsername(credentials[0]);
+        data.setPassword(credentials[1]);
+        return data;
     }
+    
+    
+    
 }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
index bc4f0c9..802a5b2 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/AuthenticationController.java
@@ -29,7 +29,6 @@
 
 import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
 import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
-import de.ids_mannheim.korap.authentication.framework.TransferEncoding;
 import de.ids_mannheim.korap.config.Attributes;
 import de.ids_mannheim.korap.config.AuthenticationType;
 import de.ids_mannheim.korap.config.BeansFactory;
@@ -65,9 +64,6 @@
     @Autowired
     private HttpAuthorizationHandler authorizationHandler;
 
-    @Autowired
-    private TransferEncoding transferEncoding;
-    
     private static Boolean DEBUG_LOG = true;
 
     //todo: bootstrap function to transmit certain default configuration settings and examples (example user queries,
@@ -147,11 +143,11 @@
                             "Authorization header"));
         }
         
-        String[] values;
+        AuthorizationData authorizationData;
         try {
-            AuthorizationData authorizationData = authorizationHandler.
+            authorizationData = authorizationHandler.
                     parseAuthorizationHeader(auth.get(0));
-            values = transferEncoding.decodeBase64(authorizationData.getToken());
+            authorizationData = authorizationHandler.parseToken(authorizationData);
            
         }
         catch (KustvaktException e) {
@@ -193,12 +189,10 @@
 //                    secCtx.isSecure() ? "yes" : "no");
         } // DEBUG_LOG        
 
-        // "Invalid syntax for username and password"
-        if (values == null)
-            throw kustvaktResponseHandler.throwit(StatusCodes.ACCESS_DENIED);
-
-        if (values[0].equalsIgnoreCase("null")
-                | values[1].equalsIgnoreCase("null"))
+        if (authorizationData.getUsername() == null || 
+                authorizationData.getUsername().isEmpty() || 
+                authorizationData.getPassword()== null || 
+                authorizationData.getPassword().isEmpty())
             // is actual an invalid request
             throw kustvaktResponseHandler.throwit(StatusCodes.REQUEST_INVALID);
 
@@ -212,7 +206,7 @@
         try {
             // User user = controller.authenticate(0, values[0], values[1], attr); Implementation by Hanl
             User user = controller.authenticate(AuthenticationType.LDAP,
-                    values[0], values[1], attr); // Implementation with IdM/LDAP
+                    authorizationData.getUsername(), authorizationData.getPassword(), attr); // Implementation with IdM/LDAP
             // Userdata data = this.controller.getUserData(user, UserDetails.class); // Implem. by Hanl
             // todo: is this necessary?
             //            attr.putAll(data.fields());
@@ -269,28 +263,25 @@
         List<String> auth =
                 headers.getRequestHeader(ContainerRequest.AUTHORIZATION);
 
-        String[] values;
+        AuthorizationData authorizationData;
         try {
-            AuthorizationData authorizationData = authorizationHandler.
+            authorizationData = authorizationHandler.
                     parseAuthorizationHeader(auth.get(0));
-            values = transferEncoding.decodeBase64(authorizationData.getToken());
+            authorizationData = authorizationHandler.parseToken(authorizationData);
            
         }
         catch (KustvaktException e) {
             throw kustvaktResponseHandler.throwit(e);
         }
-        //        authentication = StringUtils.stripTokenType(authentication);
-        //        String[] values = new String(
-        //                DatatypeConverter.parseBase64Binary(authentication)).split(":");
-        //        String[] values = Base64.base64Decode(authentication).split(":");
-
-        // "Invalid syntax for username and password"
 
         // Implementation Hanl mit '|'. 16.02.17/FB
         //if (values[0].equalsIgnoreCase("null")
         //        | values[1].equalsIgnoreCase("null"))
-        if (values[0].equalsIgnoreCase("null")
-                || values[1].equalsIgnoreCase("null"))
+        if (authorizationData.getUsername() == null || 
+                authorizationData.getUsername().isEmpty() || 
+                authorizationData.getPassword()== null || 
+                authorizationData.getPassword().isEmpty())
+            // is actual an invalid request
             throw kustvaktResponseHandler.throwit(StatusCodes.REQUEST_INVALID);
 
         Map<String, Object> attr = new HashMap<>();
@@ -300,7 +291,7 @@
         String contextJson;
         try {
             User user = controller.authenticate(AuthenticationType.SESSION,
-                    values[0], values[1], attr);
+                    authorizationData.getUsername(), authorizationData.getPassword(), attr);
             context = controller.createTokenContext(user, attr,
                     AuthenticationType.SESSION);
             contextJson = context.toJson();
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserController.java b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserController.java
index 34b1875..bffe9d8 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/controller/UserController.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/controller/UserController.java
@@ -279,7 +279,7 @@
         }
         catch (KustvaktException e) {
             throw kustvaktResponseHandler
-                    .throwAuthenticationException(ctx.getUsername());
+                    .throwAuthenticationException(ctx.getUsername(), ctx.getAuthenticationType());
         }
         try {
             return Response.ok(m.toEntity()).build();
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
index 67ff04a..12e24cd 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AdminFilter.java
@@ -8,6 +8,7 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 
+import com.ctc.wstx.util.StringUtil;
 import com.sun.jersey.spi.container.ContainerRequest;
 import com.sun.jersey.spi.container.ContainerRequestFilter;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
@@ -22,6 +23,7 @@
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
+import de.ids_mannheim.korap.utils.StringUtils;
 import de.ids_mannheim.korap.web.utils.KustvaktContext;
 import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
 
@@ -51,13 +53,13 @@
                 cr.getHeaderValue(ContainerRequest.AUTHORIZATION);
         
         AuthorizationData data;
-        String[] userData;
         try {
             data = authorizationHandler.parseAuthorizationHeader(authorization);
-            userData = transferEncoding.decodeBase64(data.getToken());
+            data = authorizationHandler.parseToken(data);
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwAuthenticationException(e);
+            String authType = StringUtils.stripTokenType(authorization);
+            throw kustvaktResponseHandler.throwAuthenticationException(e, authType);
         }
         
         String host = cr.getHeaderValue(ContainerRequest.HOST);
@@ -68,20 +70,20 @@
         try {
             // EM: fix me: AuthenticationType based on header value
             User user = authManager.authenticate(data.getAuthenticationType(),
-                    userData[0], userData[0], attributes);
+                    data.getUsername(), data.getPassword(), attributes);
             if (!user.isAdmin()) {
                 throw kustvaktResponseHandler.throwAuthenticationException(
-                        "Admin authentication failed.");
+                        "Admin authentication failed.", data.getAuthenticationType());
             }
             Map<String, Object> properties = cr.getProperties();
             properties.put("user", user);
         }
         catch (KustvaktException e) {
-            throw kustvaktResponseHandler.throwAuthenticationException(e);
+            throw kustvaktResponseHandler.throwAuthenticationException(e, data.getAuthenticationType());
         }
 
         TokenContext c = new TokenContext();
-        c.setUsername(userData[0]);
+        c.setUsername(data.getUsername());
         c.setAuthenticationType(data.getAuthenticationType());
         // EM: is this secure? Is token context not sent outside Kustvakt?
         c.setToken(data.getToken());
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
index 61f92e7..2f57c6c 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/AuthenticationFilter.java
@@ -13,8 +13,10 @@
 import de.ids_mannheim.korap.authentication.framework.AuthorizationData;
 import de.ids_mannheim.korap.authentication.framework.HttpAuthorizationHandler;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
 import de.ids_mannheim.korap.user.TokenContext;
+import de.ids_mannheim.korap.utils.StringUtils;
 import de.ids_mannheim.korap.web.utils.KustvaktContext;
 import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
 
@@ -53,16 +55,18 @@
 
         if (authorization != null && !authorization.isEmpty()) {
             TokenContext context;
+            AuthorizationData authData;
             try {
-                AuthorizationData data = authorizationHandler
+                authData = authorizationHandler
                         .parseAuthorizationHeader(authorization);
                 context = userController.getTokenStatus(
-                        data.getAuthenticationType(), data.getToken(), host,
+                        authData.getAuthenticationType(), authData.getToken(), host,
                         ua);
             }
             catch (KustvaktException e) {
+                String authType = StringUtils.stripTokenType(authorization);
                 throw kustvaktResponseHandler
-                        .throwAuthenticationException(authorization);
+                        .throwAuthenticationException(e, authType);
             }
             // fixme: give reason why access is not granted?
             if (context != null && context.isValid()
@@ -70,7 +74,9 @@
                             | !context.isSecureRequired()))
                 request.setSecurityContext(new KustvaktContext(context));
             else
-                throw kustvaktResponseHandler.throwAuthenticationException("");
+                throw kustvaktResponseHandler.throwAuthenticationException(
+                        new KustvaktException(StatusCodes.UNAUTHORIZED_OPERATION), 
+                        authData.getAuthenticationType());
         }
         return request;
     }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/BlockingFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/BlockingFilter.java
index b8faf76..e0d1c02 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/BlockingFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/BlockingFilter.java
@@ -4,6 +4,9 @@
 import com.sun.jersey.spi.container.ContainerRequestFilter;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
 import com.sun.jersey.spi.container.ResourceFilter;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
 
@@ -25,19 +28,27 @@
 
     @Autowired
     KustvaktResponseHandler kustvaktResponseHandler;
-    
+
     @Override
     public ContainerRequest filter (ContainerRequest request) {
         TokenContext context;
+
         try {
             context = (TokenContext) request.getUserPrincipal();
         }
         catch (UnsupportedOperationException e) {
-            throw kustvaktResponseHandler.throwAuthenticationException("");
+            throw kustvaktResponseHandler.throwit(new KustvaktException(
+                    StatusCodes.UNAUTHORIZED_OPERATION, e.getMessage(), e));
         }
 
-        if(context == null || context.isDemo())
-            throw kustvaktResponseHandler.throwAuthenticationException("");
+        if (context == null || context.isDemo()) {
+            throw kustvaktResponseHandler.throwit(
+                    new KustvaktException(StatusCodes.UNAUTHORIZED_OPERATION,
+                            "Operation is not permitted for user: "
+                                    + context.getUsername(),
+                            context.getUsername()));
+        }
+
 
         return request;
     }
diff --git a/full/src/main/java/de/ids_mannheim/korap/web/filter/NonDemoBlockingFilter.java b/full/src/main/java/de/ids_mannheim/korap/web/filter/NonDemoBlockingFilter.java
index 95cb077..e5fa7f1 100644
--- a/full/src/main/java/de/ids_mannheim/korap/web/filter/NonDemoBlockingFilter.java
+++ b/full/src/main/java/de/ids_mannheim/korap/web/filter/NonDemoBlockingFilter.java
@@ -4,6 +4,9 @@
 import com.sun.jersey.spi.container.ContainerRequestFilter;
 import com.sun.jersey.spi.container.ContainerResponseFilter;
 import com.sun.jersey.spi.container.ResourceFilter;
+
+import de.ids_mannheim.korap.exceptions.KustvaktException;
+import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
 
@@ -34,13 +37,14 @@
             context = (TokenContext) request.getUserPrincipal();
         }
         catch (UnsupportedOperationException e) {
-            throw kustvaktResponseHandler.throwAuthenticationException("");
+            throw kustvaktResponseHandler.throwit(new KustvaktException(
+                    StatusCodes.UNAUTHORIZED_OPERATION, e.getMessage(), e));
         }
 
-        if (context == null || context.isDemo())
-            throw kustvaktResponseHandler
-                    .throwAuthenticationException("Service not available for non-authenticated "
-                            + "or demo account users!");
+        if (context == null || context.isDemo()){
+            new KustvaktException(StatusCodes.UNAUTHORIZED_OPERATION,
+                    "Operation is not permitted for guest users");
+        }
         return request;
     }
 
diff --git a/full/src/main/resources/log4j.properties b/full/src/main/resources/log4j.properties
index 35aad91..308c9ca 100644
--- a/full/src/main/resources/log4j.properties
+++ b/full/src/main/resources/log4j.properties
@@ -4,8 +4,9 @@
 log4j.rootLogger=ERROR, stdout, debugLog
 log4j.logger.log=ERROR, errorLog
 
-log4j.logger.de.ids_mannheim.korap.service.VirtualCorpusService = error, debugLog
-log4j.logger.de.ids_mannheim.korap.web.SearchKrill = debug, debugLog, stdout
+#log4j.logger.de.ids_mannheim.korap.service.VirtualCorpusService = error, debugLog
+#log4j.logger.de.ids_mannheim.korap.web.controller.AuthenticationController = debug, debugLog, stdout
+
 
 # Direct log messages to stdout
 log4j.appender.stdout=org.apache.log4j.ConsoleAppender