rewrite post processor; refactoring; tests
diff --git a/.gitignore b/.gitignore
index 97c429a..3e67cec 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 .*
 !/.gitignore
+**/*.*
\ No newline at end of file
diff --git a/dependency-reduced-pom.xml b/dependency-reduced-pom.xml
index 47cef40..c90977b 100644
--- a/dependency-reduced-pom.xml
+++ b/dependency-reduced-pom.xml
@@ -17,6 +17,7 @@
           <include>**/*.xml</include>

           <include>**/*.conf</include>

           <include>**/*.properties</include>

+          <include>**/*.sql</include>

         </includes>

       </resource>

     </resources>

diff --git a/src/main/.DS_Store b/src/main/.DS_Store
deleted file mode 100644
index 4f51b81..0000000
--- a/src/main/.DS_Store
+++ /dev/null
Binary files differ
diff --git a/src/main/java/.DS_Store b/src/main/java/.DS_Store
deleted file mode 100644
index 175efa1..0000000
--- a/src/main/java/.DS_Store
+++ /dev/null
Binary files differ
diff --git a/src/main/java/de/.DS_Store b/src/main/java/de/.DS_Store
deleted file mode 100644
index dcbce40..0000000
--- a/src/main/java/de/.DS_Store
+++ /dev/null
Binary files differ
diff --git a/src/main/java/de/ids_mannheim/.DS_Store b/src/main/java/de/ids_mannheim/.DS_Store
deleted file mode 100644
index f61ad44..0000000
--- a/src/main/java/de/ids_mannheim/.DS_Store
+++ /dev/null
Binary files differ
diff --git a/src/main/java/de/ids_mannheim/korap/.DS_Store b/src/main/java/de/ids_mannheim/korap/.DS_Store
deleted file mode 100644
index f8811c7..0000000
--- a/src/main/java/de/ids_mannheim/korap/.DS_Store
+++ /dev/null
Binary files differ
diff --git a/src/main/java/de/ids_mannheim/korap/config/BeanConfiguration.java b/src/main/java/de/ids_mannheim/korap/config/BeanConfiguration.java
index af98785..ae5aeac 100644
--- a/src/main/java/de/ids_mannheim/korap/config/BeanConfiguration.java
+++ b/src/main/java/de/ids_mannheim/korap/config/BeanConfiguration.java
@@ -10,6 +10,7 @@
 import org.springframework.context.support.ClassPathXmlApplicationContext;
 import org.springframework.context.support.FileSystemXmlApplicationContext;
 
+import java.util.Arrays;
 import java.util.HashSet;
 import java.util.Set;
 
@@ -20,7 +21,7 @@
  */
 public class BeanConfiguration {
 
-    private static final String config_file = "light-config.xml";
+    private static final String CONFIG_FILE = "light-config.xml";
     public static final String KUSTVAKT_DB = "kustvakt_db";
 
     public static final String KUSTVAKT_ENCRYPTION = "kustvakt_encryption";
@@ -71,14 +72,25 @@
         if (!hasContext()) {
             ApplicationContext context;
             if (files.length == 0)
-                context = new ClassPathXmlApplicationContext(config_file);
+                context = new ClassPathXmlApplicationContext(CONFIG_FILE);
             else
                 context = new ClassPathXmlApplicationContext(files);
 
             BeanConfiguration.beans = new BeanHolderHelper(context);
+            setManualBeans();
         }
     }
 
+    private static void setManualBeans() {
+        if (getBeans().getPolicyDbProvider() != null
+                && getBeans().getEncryption() != null
+                && getBeans().getResourceProvider() != null)
+            de.ids_mannheim.korap.security.ac.SecurityManager
+                    .setProviders(getBeans().getPolicyDbProvider(),
+                            getBeans().getEncryption(),
+                            Arrays.asList(getBeans().getResourceProvider()));
+    }
+
     public static void loadFileContext(String filepath) {
         if (!hasContext()) {
             ApplicationContext context = new FileSystemXmlApplicationContext(
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/DocumentDao.java b/src/main/java/de/ids_mannheim/korap/handlers/DocumentDao.java
index 1cef65f..fe192db 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/DocumentDao.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/DocumentDao.java
@@ -49,7 +49,7 @@
                         public Document extractData(ResultSet rs)
                                 throws SQLException, DataAccessException {
                             Document doc = new Document(
-                                    rs.getString("persistentID"));
+                                    rs.getString("persistent_id"));
                             doc.setId(rs.getInt("id"));
                             doc.setCreated(
                                     rs.getTimestamp("created").getTime());
@@ -67,7 +67,7 @@
     public Document findbyId(String id, User user) throws KustvaktException {
         MapSqlParameterSource s = new MapSqlParameterSource();
         s.addValue("id", id);
-        String sql = "select * from doc_store where persistentID=:id";
+        String sql = "select id, persistent_id, strftime('%s', created) as created from doc_store where persistent_id=:id";
 
         try {
             return this.jdbcTemplate
@@ -76,15 +76,15 @@
                         public Document extractData(ResultSet rs)
                                 throws SQLException, DataAccessException {
                             Document doc = new Document(
-                                    rs.getString("persistentID"));
+                                    rs.getString("persistent_id"));
                             doc.setId(rs.getInt("id"));
-                            doc.setCreated(
-                                    rs.getTimestamp("created").getTime());
+                            doc.setCreated(rs.getLong("created"));
                             doc.setDisabled(rs.getBoolean("disabled"));
                             return doc;
                         }
                     });
         }catch (DataAccessException e) {
+            e.printStackTrace();
             throw new KustvaktException(StatusCodes.CONNECTION_ERROR);
         }
     }
@@ -101,7 +101,7 @@
         MapSqlParameterSource source = new MapSqlParameterSource();
         source.addValue("pid", document.getPersistentID());
         source.addValue("dis", BooleanUtils.getBoolean(document.isDisabled()));
-        final String sql = "UPDATE doc_store set disabled=:dis where persistentID=:pid;";
+        final String sql = "UPDATE doc_store set disabled=:dis where persistent_id=:pid;";
         return this.jdbcTemplate.update(sql, source);
     }
 
@@ -117,7 +117,7 @@
         source.addValue("corpus", corpus + "%");
         source.addValue("offset", (offset * index));
         source.addValue("limit", offset);
-        final String sql = "select * from doc_store where (persistentID like :corpus) limit :offset, :limit";
+        final String sql = "select id, persistent_id, disabled, strftime('%s', created) as created from doc_store where (persistent_id like :corpus) limit :offset, :limit";
         try {
             return this.jdbcTemplate
                     .query(sql, source, new RowMapper<Document>() {
@@ -125,8 +125,9 @@
                         public Document mapRow(ResultSet rs, int rowNum)
                                 throws SQLException {
                             Document doc = new Document(
-                                    rs.getString("persistentID"));
+                                    rs.getString("persistent_id"));
                             doc.setId(rs.getInt("id"));
+                            doc.setCreated(rs.getLong("created"));
                             doc.setDisabled(rs.getBoolean("disabled"));
                             return doc;
                         }
@@ -141,11 +142,10 @@
         MapSqlParameterSource s = new MapSqlParameterSource();
         s.addValue("corpus", corpus + "%");
         s.addValue("dis", BooleanUtils.getBoolean(disabled));
-        String sql = "SELECT persistentID FROM doc_store WHERE (persistentID like :corpus) AND disabled=:dis;";
+        String sql = "SELECT persistent_id FROM doc_store WHERE (persistent_id like :corpus) AND disabled=:dis;";
         try {
             return this.jdbcTemplate.queryForList(sql, s, String.class);
         }catch (DataAccessException e) {
-            e.printStackTrace();
             throw new KustvaktException(StatusCodes.CONNECTION_ERROR);
         }
     }
@@ -159,10 +159,11 @@
         s.addValue("corpus", resource.getCorpus());
         s.addValue("dis", BooleanUtils.getBoolean(resource.isDisabled()));
 
-        String sql = "INSERT INTO doc_store (persistentID, disabled) VALUES (:id, :dis)";
+        String sql = "INSERT INTO doc_store (persistent_id, disabled) VALUES (:id, :dis)";
         try {
             return this.jdbcTemplate.update(sql, s);
         }catch (DataAccessException e) {
+            e.printStackTrace();
             throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
                     "illegal argument given", resource.getPersistentID());
         }
@@ -172,7 +173,7 @@
     public int deleteResource(String id, User user) throws KustvaktException {
         MapSqlParameterSource s = new MapSqlParameterSource();
         s.addValue("id", id);
-        String sql = "delete from doc_store where persistentID=:id;";
+        String sql = "delete from doc_store where persistent_id=:id;";
         try {
             return this.jdbcTemplate.update(sql, s);
         }catch (DataAccessException e) {
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/CollectionCleanupFilter.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/CollectionCleanupFilter.java
index c243f73..74a5d06 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/CollectionCleanupFilter.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/CollectionCleanupFilter.java
@@ -12,8 +12,8 @@
  * @author hanl
  * @date 28/07/2015
  */
-//todo: 21.10.15
-public class CollectionCleanupFilter extends RewriteTask.RewriteQuery {
+
+public class CollectionCleanupFilter implements RewriteTask.RewriteQuery {
 
     // track path to operand
     @Deprecated
@@ -24,7 +24,7 @@
     }
 
     @Override
-    public JsonNode rewrite(KoralNode node, KustvaktConfiguration config,
+    public JsonNode preProcess(KoralNode node, KustvaktConfiguration config,
             User user) {
         if (node.has("collection")) {
             JsonNode coll = node.rawNode().path("collection");
@@ -84,4 +84,9 @@
         }
         return JsonUtils.createArrayNode();
     }
+
+    @Override
+    public JsonNode postProcess(KoralNode node) {
+        return null;
+    }
 }
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/CollectionConstraint.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/CollectionConstraint.java
index 4b753cb..4e5edf2 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/CollectionConstraint.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/CollectionConstraint.java
@@ -13,35 +13,42 @@
  * @date 03/07/2015
  */
 // todo: test
-public class CollectionConstraint extends RewriteTask.RewriteNode {
+public class CollectionConstraint implements RewriteTask.RewriteNode {
 
     @Override
-    public JsonNode rewrite(KoralNode koralnode, KustvaktConfiguration config,
+    public JsonNode preProcess(KoralNode node, KustvaktConfiguration config,
             User user) {
-        JsonNode node = koralnode.rawNode();
-        if (node.at("/@type").asText().equals("koral:doc")) {
-            if (node.at("/key").asText().equals("corpusID") && !check(koralnode,
-                    user)) {
-                koralnode.removeNode();
+
+        if (node.get("@type").equals("koral:doc")) {
+            if (node.get("key").equals("corpusID") && !check(node, user)) {
+                node.removeNode();
                 // todo: add message that node was removed!
             }
         }
-        return node;
+        return node.rawNode();
     }
 
+    /**
+     * @param node
+     * @param user
+     * @return boolean if true access granted
+     */
     private boolean check(KoralNode node, User user) {
+        // todo: can be used to circumvent access control!
         if (user == null)
             return true;
 
-        String id = node.rawNode().at("/value").asText();
+        String id = node.get("value");
         KustvaktResource corpus;
         try {
             SecurityManager m = SecurityManager
                     .findbyId(id, user, Corpus.class);
             corpus = m.getResource();
-        }catch (KustvaktException e) {
+        }catch (RuntimeException | KustvaktException e) {
+            e.printStackTrace();
             return false;
         }
+
         return corpus != null;
     }
 
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/FoundryInject.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/FoundryInject.java
index d44606e..14482d1 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/FoundryInject.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/FoundryInject.java
@@ -9,14 +9,14 @@
  * @author hanl
  * @date 30/06/2015
  */
-public class FoundryInject extends RewriteTask.RewriteNode {
+public class FoundryInject implements RewriteTask.RewriteNode {
 
     public FoundryInject() {
         super();
     }
 
     @Override
-    public JsonNode rewrite(KoralNode node, KustvaktConfiguration config,
+    public JsonNode preProcess(KoralNode node, KustvaktConfiguration config,
             User user) {
         LayerMapper mapper;
         if (user != null)
@@ -24,15 +24,14 @@
         else
             mapper = new LayerMapper(config);
 
-        if (node.rawNode().path("@type").asText().equals("koral:term") && !node
-                .rawNode().has("foundry")) {
+        if (node.get("@type").equals("koral:term") && !node.has("foundry")) {
             String layer;
-            if (node.rawNode().has("layer"))
-                layer = node.rawNode().path("layer").asText();
+            if (node.has("layer"))
+                layer = node.get("layer");
             else
-                layer = node.rawNode().path("key").asText();
+                layer = node.get("key");
             String foundry = mapper.findFoundry(layer);
-            node.set("foundry", foundry);
+            node.put("foundry", foundry);
         }
         return node.rawNode();
     }
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/IdWriter.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/IdWriter.java
index 5e4bece..f35597f 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/IdWriter.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/IdWriter.java
@@ -9,8 +9,7 @@
  * @author hanl
  * @date 25/09/2015
  */
-// todo: 20.10.15
-public class IdWriter extends RewriteTask.RewriteNode {
+public class IdWriter implements RewriteTask.RewriteKoralToken {
 
     private int counter;
 
@@ -21,14 +20,18 @@
     }
 
     @Override
-    public JsonNode rewrite(KoralNode node, KustvaktConfiguration config,
+    public JsonNode preProcess(KoralNode node, KustvaktConfiguration config,
             User user) {
-        JsonNode result = node.rawNode();
-        if (result.path("@type").asText().equals("koral:token"))
-            addId(result);
-        return result;
+        if (node.get("@type").equals("koral:token")) {
+            String s = extractToken(node.rawNode());
+            if (s != null && !s.isEmpty())
+                node.put("idn", s + "_" + counter++);
+        }
+
+        return node.rawNode();
     }
 
+    @Deprecated
     private JsonNode addId(JsonNode node) {
         if (node.isObject()) {
             ObjectNode o = (ObjectNode) node;
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/KoralNode.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/KoralNode.java
index f4580ad..017de70 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/KoralNode.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/KoralNode.java
@@ -17,12 +17,12 @@
 public abstract class KoralNode {
     private JsonNode node;
     private KoralRewriteBuilder builder;
-    private boolean toRemove;
+    private boolean remove;
 
     private KoralNode(JsonNode node) {
         this.node = node;
         this.builder = new KoralRewriteBuilder();
-        this.toRemove = false;
+        this.remove = false;
     }
 
     public static KoralNode wrapNode(JsonNode node) {
@@ -30,7 +30,21 @@
         };
     }
 
-    public void set(String name, Object value) {
+    public boolean setNode(Object path) {
+        JsonNode n = null;
+        if (this.node.isObject() && this.node.has((String) path))
+            n = this.node.path((String) path);
+        else if (this.node.isArray() && this.node.has((int) path))
+            n = this.node.path((int) path);
+
+        if (n != null) {
+            this.node = n;
+            return true;
+        }
+        return false;
+    }
+
+    public void put(String name, Object value) {
 
         if (this.node.isObject() && this.node.path(name).isMissingNode()) {
             ObjectNode node = (ObjectNode) this.node;
@@ -71,26 +85,30 @@
         }
     }
 
+    public String get(String name) {
+        if (this.node.isObject())
+            return this.node.path(name).asText();
+        return null;
+    }
+
     public boolean has(Object ident) {
         if (ident instanceof String)
             return this.node.has((String) ident);
-        if (ident instanceof Integer)
+        else if (ident instanceof Integer)
             return this.node.has((int) ident);
         return false;
     }
 
-
-
     public JsonNode rawNode() {
         return this.node;
     }
 
     public void removeNode() {
-        this.toRemove = true;
+        this.remove = true;
     }
 
     public boolean toRemove() {
-        return this.toRemove;
+        return this.remove;
     }
 
     //todo: 21.10.15 -- redo with better return policies!
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/MetaConstraint.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/MetaConstraint.java
index bf6f2e1..8dddf4f 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/MetaConstraint.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/MetaConstraint.java
@@ -8,14 +8,14 @@
  * @author hanl
  * @date 04/07/2015
  */
-public class MetaConstraint extends RewriteTask.RewriteQuery {
+public class MetaConstraint implements RewriteTask.RewriteQuery {
 
     public MetaConstraint() {
         super();
     }
 
     @Override
-    public JsonNode rewrite(KoralNode node, KustvaktConfiguration config,
+    public JsonNode preProcess(KoralNode node, KustvaktConfiguration config,
             User user) {
         if (node.rawNode().has("meta")) {
             JsonNode meta = node.rawNode().path("meta");
@@ -24,4 +24,9 @@
         }
         return node.rawNode();
     }
+
+    @Override
+    public JsonNode postProcess(KoralNode node) {
+        return null;
+    }
 }
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/PublicCollection.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/PublicCollection.java
index d8a35dc..350bebc 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/PublicCollection.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/PublicCollection.java
@@ -14,7 +14,8 @@
  * @author hanl
  * @date 04/07/2015
  */
-public class PublicCollection extends RewriteTask.RewriteQuery {
+// todo: 11.11.15
+public class PublicCollection implements RewriteTask.RewriteQuery {
 
     public PublicCollection() {
         super();
@@ -22,7 +23,7 @@
 
     // todo: where to inject the array node into? --> super group with and relation plus subgroup with ids and or operation
     @Override
-    public JsonNode rewrite(KoralNode node, KustvaktConfiguration config,
+    public JsonNode preProcess(KoralNode node, KustvaktConfiguration config,
             User user) {
         JsonNode subnode = node.rawNode();
         if (!subnode.at("/collection").findValuesAsText("key")
@@ -48,4 +49,9 @@
         JsonNode node = CollectionQueryBuilder3.Utils.buildDocGroup();
         return node;
     }
+
+    @Override
+    public JsonNode postProcess(KoralNode node) {
+        return null;
+    }
 }
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteHandler.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteHandler.java
index 8af6eae..49cef0c 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteHandler.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteHandler.java
@@ -1,7 +1,6 @@
 package de.ids_mannheim.korap.resource.rewrite;
 
 import com.fasterxml.jackson.databind.JsonNode;
-import de.ids_mannheim.korap.config.KustvaktClassLoader;
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
@@ -18,36 +17,60 @@
  * @author hanl
  * @date 30/06/2015
  */
+// todo: do post processing!
 //todo: load rewritenode and rewritequery automatically from classpath by default, but namespaced from package
 public class RewriteHandler {
 
-    private static Logger jlog = KustvaktLogger.initiate(RewriteHandler.class);
-    private Collection<RewriteTask.RewriteNode> node_processors;
+    private static Logger jlog = KustvaktLogger.getLogger(RewriteHandler.class);
+    private Collection<RewriteTask> node_processors;
+    private Collection<RewriteTask.RewriteKoralToken> token_node_processors;
     private Collection<RewriteTask.RewriteQuery> query_processors;
+
     private KustvaktConfiguration config;
 
     // fixme: make default constructor with configuration!
     public RewriteHandler(KustvaktConfiguration config) {
         this.config = config;
         this.node_processors = new HashSet<>();
+        this.token_node_processors = new HashSet<>();
         this.query_processors = new HashSet<>();
-        KustvaktClassLoader.loadSubTypes(RewriteTask.RewriteNode.class);
     }
 
-    public void add(RewriteTask.RewriteNode rewriter) {
-        this.node_processors.add(rewriter);
+    public boolean addProcessor(RewriteTask rewriter) {
+        if (rewriter instanceof RewriteTask.RewriteKoralToken)
+            return this.token_node_processors
+                    .add((RewriteTask.RewriteKoralToken) rewriter);
+        else if (rewriter instanceof RewriteTask.RewriteQuery)
+            return this.query_processors
+                    .add((RewriteTask.RewriteQuery) rewriter);
+        else if (rewriter instanceof RewriteTask.RewriteBefore
+                | rewriter instanceof RewriteTask.RewriteAfter)
+            return this.node_processors.add(rewriter);
+        //        else if (rewriter instanceof RewriteTask.RewriteAfter)
+        //            return this.node_post_processors
+        //                    .add((RewriteTask.RewriteAfter) rewriter);
+        return false;
     }
 
-    public void add(RewriteTask.RewriteQuery rewriter) {
-        this.query_processors.add(rewriter);
+    @Override
+    public String toString() {
+        StringBuilder b = new StringBuilder();
+        b.append("--------------------------");
+        b.append("pre/post: " + this.node_processors.toString()).append("\n")
+                .append("\n")
+                .append("query: " + this.query_processors.toString())
+                .append("\n")
+                .append("koraltoken: " + this.token_node_processors.toString());
+        b.append("---------------------------");
+        return b.toString();
     }
 
     /**
-     * expects extended RewriteNode/Query class with default config constructor
+     * expects extended RewriteNode/Query class with empty default constructor
      *
      * @param rewriter
+     * @return boolean if rewriter class was successfully added to rewrite handler!
      */
-    //todo: 21.10.15
     public boolean add(Class<? extends RewriteTask> rewriter) {
         RewriteTask task;
         try {
@@ -57,69 +80,98 @@
                 | IllegalAccessException | InstantiationException e) {
             return false;
         }
-
-        if (task instanceof RewriteTask.RewriteNode) {
-            this.node_processors.add((RewriteTask.RewriteNode) task);
-            return true;
-        }
-
-        if (task instanceof RewriteTask.RewriteQuery) {
-            this.query_processors.add((RewriteTask.RewriteQuery) task);
-            return true;
-        }
-        return false;
+        return addProcessor(task);
     }
 
     public void clear() {
         this.node_processors.clear();
         this.query_processors.clear();
+        this.token_node_processors.clear();
     }
 
-    private boolean process(JsonNode root, User user) {
+    private boolean process(JsonNode root, User user, boolean post) {
         if (root.isObject()) {
             if (root.has("operands")) {
-                JsonNode node = root.at("/operands");
-                Iterator<JsonNode> it = node.elements();
+                JsonNode ops = root.at("/operands");
+                Iterator<JsonNode> it = ops.elements();
                 while (it.hasNext()) {
                     JsonNode n = it.next();
-                    if (!process(n, user))
+                    if (process(n, user, post)) {
                         it.remove();
+                    }
                 }
-            }else if (root.has("wrap")) {
-                JsonNode node = root.at("/wrap");
-                //todo: remove object nodes as well
-                process(node, user);
-            }else
-                return processNode(root, user, this.node_processors);
+
+            }else if (root.path("@type").asText().equals("koral:token")) {
+                // todo: koral:token nodes cannot be flagged for deletion --> creates the possibility for empty koral:token nodes
+                processNode(KoralNode.wrapNode(root), user,
+                        this.token_node_processors, post);
+                return process(root.path("wrap"), user, post);
+            }else {
+                return processNode(KoralNode.wrapNode(root), user,
+                        this.node_processors, post);
+            }
+        }else if (root.isArray()) {
+            //todo: test!
+            Iterator<JsonNode> it = root.elements();
+            while (it.hasNext()) {
+                JsonNode n = it.next();
+                if (process(n, user, post)) {
+                    it.remove();
+                }
+            }
         }
-        return true;
+        return false;
     }
 
-    public JsonNode apply(JsonNode root, User user) {
+    public JsonNode preProcess(JsonNode root, User user) {
+        boolean post = false;
         for (JsonNode n : root)
-            process(n, user);
-        processNode(root, user, this.query_processors);
+            process(n, user, post);
+        processNode(KoralNode.wrapNode(root), user, this.query_processors,
+                post);
         return root;
     }
 
-    public String apply(String json, User user) {
-        return JsonUtils.toJSON(apply(JsonUtils.readTree(json), user));
+    public String preProcess(String json, User user) {
+        return JsonUtils.toJSON(preProcess(JsonUtils.readTree(json), user));
     }
 
+    public JsonNode postProcess(JsonNode root, User user) {
+        boolean post = true;
+        for (JsonNode n : root)
+            process(n, user, post);
+        processNode(KoralNode.wrapNode(root), user, this.query_processors,
+                post);
+        return root;
+    }
+
+    public String postProcess(String json, User user) {
+        return JsonUtils.toJSON(postProcess(JsonUtils.readTree(json), user));
+    }
+
+    /**
+     * @param node
+     * @param user
+     * @param tasks
+     * @return boolean true if node is to be removed from parent! Only applies if parent is an array node
+     */
     // todo: integrate notifications into system!
-    private boolean processNode(JsonNode node, User user,
-            Collection<? extends RewriteTask> tasks) {
-        KoralNode knode = KoralNode.wrapNode(node);
+    private boolean processNode(KoralNode node, User user,
+            Collection<? extends RewriteTask> tasks, boolean post) {
         for (RewriteTask task : tasks) {
             if (jlog.isDebugEnabled()) {
-                jlog.debug("running node in processor " + node);
+                jlog.debug("running processor on node " + node);
                 jlog.debug("on processor " + task.getClass().toString());
             }
-            task.rewrite(knode, this.config, user);
-            if (knode.toRemove())
+            if (task instanceof RewriteTask.RewriteBefore)
+                ((RewriteTask.RewriteBefore) task)
+                        .preProcess(node, this.config, user);
+            if (post && task instanceof RewriteTask.RewriteAfter)
+                ((RewriteTask.RewriteAfter) task).postProcess(node);
+            if (node.toRemove())
                 break;
         }
-        return !knode.toRemove();
+        return node.toRemove();
     }
 
 }
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteTask.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteTask.java
index 07bebc4..17683ce 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteTask.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteTask.java
@@ -3,54 +3,51 @@
 import com.fasterxml.jackson.databind.JsonNode;
 import de.ids_mannheim.korap.config.KustvaktConfiguration;
 import de.ids_mannheim.korap.user.User;
-import lombok.Getter;
 
 /**
  * @author hanl
  * @date 30/06/2015
  */
-@Getter
-public abstract class RewriteTask {
+public interface RewriteTask {
 
-    private RewriteTask() {
+    interface RewriteBefore extends RewriteTask {
+        /**
+         * @param node   Json node in KoralNode wrapper
+         * @param config {@link KustvaktConfiguration} singleton instance to use default configuration parameters
+         * @param user   injected by rewrite handler if available. Might cause {@link NullPointerException} if not checked properly
+         * @return
+         */
+        JsonNode preProcess(KoralNode node, KustvaktConfiguration config,
+                User user);
     }
 
-    /**
-     * @param node   Json node in KoralNode wrapper
-     * @param config {@link KustvaktConfiguration} singleton instance to use default configuration parameters
-     * @param user   injected by rewrite handler if available. Might cause {@link NullPointerException} if not checked properly
-     * @return
-     */
-    public abstract JsonNode rewrite(KoralNode node,
-            KustvaktConfiguration config, User user);
+    interface RewriteAfter extends RewriteTask {
+        JsonNode postProcess(KoralNode node);
+    }
 
     /**
      * query rewrites get injected the entire query from root containing all child nodes
      * <p/>
-     * {@link de.ids_mannheim.korap.resource.rewrite.RewriteTask.RewriteQuery} does not allow the deletion of the root node or subnode through KoralNode.
+     * {@link RewriteQuery} does not allow the deletion of the root node or subnode through KoralNode.
      * The {@link de.ids_mannheim.korap.resource.rewrite.RewriteHandler} will igonore respecitve invalid requests
-     *
-     * @author hanl
-     * @date 03/07/2015
      */
-    public static abstract class RewriteQuery extends RewriteTask {
-        public RewriteQuery() {
-            super();
-        }
+    interface RewriteQuery extends RewriteBefore, RewriteAfter {
     }
 
     /**
-     * node rewrites get injected typically object nodes that are subject to altering.
+     * Koral term nodes that are subject to rewrites
      * Be aware that node rewrites are processed before query rewrites. Thus query rewrite may override previous node rewrites
      * <p/>
-     * {@link de.ids_mannheim.korap.resource.rewrite.RewriteTask.RewriteNode} rewrite support the deletion of the respective node by simply setting the node invalid in KoralNode
-     *
-     * @author hanl
-     * @date 03/07/2015
+     * {@link RewriteNode} rewrite supports the deletion of the respective node by simply setting the node invalid in KoralNode
      */
-    public static abstract class RewriteNode extends RewriteTask {
-        public RewriteNode() {
-            super();
-        }
+    interface RewriteNode extends RewriteBefore {
+    }
+
+    /**
+     * koral token nodes that are subject to rewrites
+     * Be aware that node rewrites are processed before query rewrites. Thus query rewrite may override previous node rewrites
+     * {@link RewriteKoralToken} rewrite DOES NOT support the deletion of the respective node
+     */
+    interface RewriteKoralToken extends RewriteBefore {
     }
 }
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/TreeConstraint.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/TreeConstraint.java
index 245e787..e96b3fe 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/TreeConstraint.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/TreeConstraint.java
@@ -42,7 +42,7 @@
  * @author hanl
  * @date 02/07/2015
  */
-public class TreeConstraint extends RewriteTask.RewriteQuery {
+public class TreeConstraint implements RewriteTask.RewriteQuery {
 
     private String pointer;
 
@@ -51,10 +51,15 @@
     }
 
     @Override
-    public JsonNode rewrite(KoralNode node, KustvaktConfiguration config,
+    public JsonNode preProcess(KoralNode node, KustvaktConfiguration config,
             User user) {
         System.out.println("FIND PATH " + node.rawNode().findParent(pointer));
 
         return node.rawNode();
     }
+
+    @Override
+    public JsonNode postProcess(KoralNode node) {
+        return null;
+    }
 }
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
index 4cd79d5..5a311da 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyEvaluator.java
@@ -8,7 +8,9 @@
 import de.ids_mannheim.korap.security.SecurityPolicy;
 import de.ids_mannheim.korap.user.KorAPUser;
 import de.ids_mannheim.korap.user.User;
+import de.ids_mannheim.korap.utils.KustvaktLogger;
 import edu.emory.mathcs.backport.java.util.Collections;
+import org.slf4j.Logger;
 
 import java.util.HashMap;
 import java.util.List;
@@ -19,6 +21,9 @@
  */
 public class PolicyEvaluator {
 
+    private static final Logger jlog = KustvaktLogger
+            .getLogger(PolicyEvaluator.class);
+
     private final User user;
     private final List<SecurityPolicy>[] policies;
     private String resourceID;
@@ -27,7 +32,6 @@
     private int relationError = -1;
     private Map<String, Object> flags;
 
-
     public PolicyEvaluator(User user, List<SecurityPolicy>[] policies) {
         this.user = user;
         this.policies = policies;
@@ -50,25 +54,30 @@
         return this.resourceID;
     }
 
-
+    // todo: test benchmarks
     private List<SecurityPolicy> evaluate(List<SecurityPolicy>[] policies,
-                                          Permissions.PERMISSIONS perm) throws NotAuthorizedException {
+            Permissions.PERMISSIONS perm) throws NotAuthorizedException {
         //fixme: what happens in case a parent relation does not allow changing a resource, but the owner of child per default
-        // receives all rights? --> test casing
-        if (isOwner()) return policies[0];
+        //todo: receives all rights? --> test casing
+        if (isOwner()) {
+            jlog.debug("Resource is owned by the user!");
+            return policies[0];
+        }
         if (!processed && policies != null) {
             for (int i = policies.length - 1; i >= 0; i--) {
                 int idx = 0;
                 if (policies[i] != null) {
                     int ow = getOwner(policies[i]);
-                    for (int internal = 0; internal < policies[i].size(); internal++) {
+                    for (int internal = 0;
+                         internal < policies[i].size(); internal++) {
                         SecurityPolicy s = policies[i].get(internal);
                         if (i == policies.length - 1) {
                             if (ow == user.getId())
                                 this.permissions.addPermission(127);
                             else if (!(s instanceof SecurityPolicy.OwnerPolicy))
-                                this.permissions.addPermission(s.getPermissionByte());
-                        } else {
+                                this.permissions
+                                        .addPermission(s.getPermissionByte());
+                        }else {
                             if (ow == user.getId())
                                 this.permissions.retain(127);
                             else if (!(s instanceof SecurityPolicy.OwnerPolicy))
@@ -79,16 +88,22 @@
                 }
                 if (idx == 0) {
                     relationError = i;
-                    throw new NotAuthorizedException(StatusCodes.PERMISSION_DENIED, this.getResourceID());
+                    throw new NotAuthorizedException(
+                            StatusCodes.PERMISSION_DENIED,
+                            this.getResourceID());
                 }
             }
             this.processed = true;
             System.out.println("FINAL BYTE :" + this.permissions.getPbyte());
             if (this.permissions.containsPermission(perm))
                 return policies[0];
-        } else if (processed && relationError == -1
-                && this.permissions.containsPermission(perm))
+        }else if (processed && relationError == -1 && this.permissions
+                .containsPermission(perm)) {
+            jlog.debug("Done processing resource policies");
+            jlog.debug("Will return policies to security manager: "
+                    + this.policies[0]);
             return this.policies[0];
+        }
 
         return Collections.emptyList();
     }
@@ -104,25 +119,29 @@
 
     public boolean isAllowed(Permissions.PERMISSIONS perm) {
         try {
+            System.out.println("THESE POLICIES " + this.policies[0]);
             return !evaluate(this.policies, perm).isEmpty();
-        } catch (NotAuthorizedException e) {
+        }catch (NotAuthorizedException e) {
             return false;
         }
     }
 
     public boolean isOwner() {
-        return policies != null && this.user.getId() != null && getOwner(this.policies[0]) == this.user.getId();
+        return policies != null && this.user.getId() != null
+                && getOwner(this.policies[0]) == this.user.getId();
     }
 
     private int getOwner(List<SecurityPolicy> policies) {
-        if (policies != null && policies.get(0) != null
-                && policies.get(0) instanceof SecurityPolicy.OwnerPolicy) {
+        if (policies != null && policies.get(0) != null && policies
+                .get(0) instanceof SecurityPolicy.OwnerPolicy) {
             return ((SecurityPolicy.OwnerPolicy) policies.get(0)).getOwner();
         }
         return -1;
     }
 
-    public static PolicyEvaluator setFlags(User user, KustvaktResource resource) {
+    // todo: what is this supposed to do?
+    public static PolicyEvaluator setFlags(User user,
+            KustvaktResource resource) {
         PolicyEvaluator e = new PolicyEvaluator(user, resource);
         e.setFlag("managed", resource.getOwner() == KorAPUser.ADMINISTRATOR_ID);
         e.setFlag("shared", false);
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
index 3ed9843..bd465b5 100755
--- a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
@@ -18,7 +18,8 @@
  */
 public class ResourceFinder {
 
-    private static final Logger log = KustvaktLogger.initiate(ResourceFinder.class);
+    private static final Logger log = KustvaktLogger.getLogger(
+            ResourceFinder.class);
     private static PolicyHandlerIface policydao;
 
     private List<KustvaktResource.Container> containers;
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceHandler.java b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceHandler.java
index 9e4b152..78d0a44 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceHandler.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceHandler.java
@@ -23,7 +23,7 @@
 @SuppressWarnings("all")
 public class ResourceHandler {
 
-    private static Logger log = KustvaktLogger.initiate(ResourceHandler.class);
+    private static Logger log = KustvaktLogger.getLogger(ResourceHandler.class);
 
     public ResourceHandler() {
     }
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
index 2317190..ee89118 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
@@ -43,15 +43,21 @@
     private List<SecurityPolicy>[] policies;
     private User user;
 
-    private boolean wException;
+    private boolean silent;
     private PolicyEvaluator evaluator;
     private T resource;
 
     private SecurityManager(User user) {
         this.policies = new List[1];
         this.policies[0] = new ArrayList<>();
-        this.wException = true;
+        this.silent = true;
         this.user = user;
+        checkProviders();
+    }
+
+    private static void checkProviders() {
+        if (policydao == null && crypto == null && handlers == null)
+            throw new RuntimeException("providers not set!");
     }
 
     public static final void setProviders(PolicyHandlerIface policyHandler,
@@ -79,10 +85,9 @@
      * @throws EmptyResultException
      * @throws KustvaktException
      */
+    //todo: implement a fall back that throws an exception when the user NULL, but the resource has restrictions!
     public static SecurityManager findbyId(String id, User user, Class type,
-            Permissions.PERMISSIONS... perms)
-            throws EmptyResultException, KustvaktException,
-            NotAuthorizedException {
+            Permissions.PERMISSIONS... perms) throws KustvaktException {
         SecurityManager p = new SecurityManager(user);
         p.findPolicies(id, false, perms);
         p.resource = p.findResource(type);
@@ -90,9 +95,7 @@
     }
 
     public static SecurityManager findbyId(String id, User user,
-            Permissions.PERMISSIONS... perms)
-            throws NotAuthorizedException, KustvaktException,
-            EmptyResultException {
+            Permissions.PERMISSIONS... perms) throws KustvaktException {
         SecurityManager p = new SecurityManager(user);
         p.findPolicies(id, false, perms);
         p.resource = p.findResource(null);
@@ -100,9 +103,7 @@
     }
 
     public static SecurityManager findbyId(Integer id, User user,
-            Permissions.PERMISSIONS... perms)
-            throws EmptyResultException, KustvaktException,
-            NotAuthorizedException {
+            Permissions.PERMISSIONS... perms) throws KustvaktException {
         SecurityManager p = new SecurityManager(user);
         p.findPolicies(id, false, perms);
         p.resource = p.findResource(null);
@@ -132,7 +133,7 @@
      * @return
      * @throws NotAuthorizedException
      */
-    public T getResource() throws NotAuthorizedException {
+    public final T getResource() throws NotAuthorizedException {
         if (evaluator.isAllowed(Permissions.PERMISSIONS.READ)) {
             return this.resource;
         }else {
@@ -170,8 +171,8 @@
      * @throws KustvaktException
      */
     // todo: delete only works with find, not with init constructor!resource
-    public void deleteResource() throws NotAuthorizedException,
-            KustvaktException {
+    public void deleteResource()
+            throws NotAuthorizedException, KustvaktException {
         if (evaluator.isAllowed(Permissions.PERMISSIONS.DELETE)) {
             ResourceOperationIface iface = handlers
                     .get(this.resource.getClass());
@@ -187,11 +188,9 @@
                     this.evaluator.getResourceID());
     }
 
-
     // todo: type should be deprecated and return type of policies should be containers!
     private boolean findPolicies(Object id, boolean path,
-            Permissions.PERMISSIONS... perms)
-            throws NotAuthorizedException, EmptyResultException {
+            Permissions.PERMISSIONS... perms) throws EmptyResultException {
         PermissionsBuffer b = new PermissionsBuffer();
         if (perms.length == 0)
             b.addPermission(Permissions.READ);
@@ -302,7 +301,8 @@
                 KustvaktLogger.SECURITY_LOGGER
                         .error("No policies found for '{}' for user '{}'",
                                 resource.getPersistentID(), user.getId());
-                throw new KustvaktException(user.getId(),StatusCodes.POLICY_CREATE_ERROR,
+                throw new KustvaktException(user.getId(),
+                        StatusCodes.POLICY_CREATE_ERROR,
                         "Resource could not be registered",
                         resource.toString());
             }
@@ -368,7 +368,7 @@
 
         if (evaluator.isAllowed(Permissions.PERMISSIONS.CREATE_POLICY)) {
             policydao.createPolicy(policy, this.user);
-        }else if (wException) {
+        }else if (silent) {
             KustvaktLogger.SECURITY_LOGGER
                     .error("Permission Denied (CREATE_POLICY) on '{}' for user '{}'",
                             this.evaluator.getResourceID(), this.user.getId());
@@ -385,8 +385,8 @@
         this.policies[0].add(policy);
     }
 
-    public void deletePolicies() throws NotAuthorizedException,
-            KustvaktException {
+    public void deletePolicies()
+            throws NotAuthorizedException, KustvaktException {
         for (SecurityPolicy p : new ArrayList<>(this.policies[0]))
             deletePolicy(p);
     }
@@ -411,14 +411,14 @@
             KustvaktLogger.SECURITY_LOGGER
                     .error("No policies found (DELETE_POLICY) on '{}' for '{}'",
                             this.evaluator.getResourceID(), this.user.getId());
-            throw new KustvaktException(user.getId(),StatusCodes.NO_POLICIES,
+            throw new KustvaktException(user.getId(), StatusCodes.NO_POLICIES,
                     "no policy desicion possible",
                     this.evaluator.getResourceID());
         }
         if (contains(policy) && (evaluator
                 .isAllowed(Permissions.PERMISSIONS.DELETE_POLICY))) {
             policydao.deletePolicy(policy, this.user);
-        }else if (wException) {
+        }else if (silent) {
             KustvaktLogger.SECURITY_LOGGER
                     .error("Permission Denied (DELETE_POLICY) on '{}' for '{}'",
                             this.evaluator.getResourceID(), this.user.getId());
@@ -440,7 +440,7 @@
             KustvaktLogger.SECURITY_LOGGER
                     .error("Operation not possible (MODIFY_POLICY) on '{}' for '{}'",
                             this.evaluator.getResourceID(), this.user.getId());
-            throw new KustvaktException(user.getId(),StatusCodes.NO_POLICIES,
+            throw new KustvaktException(user.getId(), StatusCodes.NO_POLICIES,
                     "no policy desicion possible",
                     this.evaluator.getResourceID());
         }
@@ -448,7 +448,7 @@
         if (contains(policy) && (evaluator
                 .isAllowed(Permissions.PERMISSIONS.MODIFY_POLICY))) {
             policydao.updatePolicy(policy, this.user);
-        }else if (wException) {
+        }else if (silent) {
             KustvaktLogger.SECURITY_LOGGER
                     .error("Permission Denied (DELETE_POLICY) on '{}' for '{}'",
                             this.evaluator.getResourceID(), this.user.getId());
diff --git a/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java b/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
index 8b55099..e11447d 100644
--- a/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
+++ b/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
@@ -29,7 +29,7 @@
     private EntityHandlerIface iface;
     private EncryptionIface crypto;
     private static Logger jlog = KustvaktLogger
-            .initiate(UserPropertyReader.class);
+            .getLogger(UserPropertyReader.class);
 
     public UserPropertyReader(String path) {
         this.path = path;
diff --git a/src/main/java/de/ids_mannheim/korap/web/SearchKrill.java b/src/main/java/de/ids_mannheim/korap/web/SearchKrill.java
index ec3dd54..d917afb 100644
--- a/src/main/java/de/ids_mannheim/korap/web/SearchKrill.java
+++ b/src/main/java/de/ids_mannheim/korap/web/SearchKrill.java
@@ -22,9 +22,9 @@
  * @author Nils Diewald
  */
 public class SearchKrill {
-    private final static Logger qlog = KustvaktLogger.initiate("queryLogger");
+    private final static Logger qlog = KustvaktLogger.getLogger("queryLogger");
     private final static Logger log = KustvaktLogger
-            .initiate(SearchKrill.class);
+            .getLogger(SearchKrill.class);
     // Temporary
     String indexDir = "/data/prep_corpus/index/";
     String i = "/Users/hanl/Projects/prep_corpus";
diff --git a/src/main/resources/db/sqlite/V1__Initial_version.sql b/src/main/resources/db/sqlite/V1__Initial_version.sql
index 912e699..ee32961 100644
--- a/src/main/resources/db/sqlite/V1__Initial_version.sql
+++ b/src/main/resources/db/sqlite/V1__Initial_version.sql
@@ -125,7 +125,7 @@
 CREATE TABLE IF NOT EXISTS doc_store (
 id INTEGER PRIMARY KEY AUTOINCREMENT,
 persistent_id VARCHAR(265) UNIQUE,
-created TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+created DATE DEFAULT CURRENT_TIMESTAMP,
 disabled BOOLEAN default true
 );
 
diff --git a/src/main/resources/default-config.xml b/src/main/resources/default-config.xml
index 7d21bdd..db14aab 100644
--- a/src/main/resources/default-config.xml
+++ b/src/main/resources/default-config.xml
@@ -60,20 +60,21 @@
         <property name="properties" ref="props"/>
     </bean>
 
+    <!--class="org.apache.commons.dbcp2.BasicDataSource"-->
     <bean id="dataSource"
-          class="org.apache.commons.dbcp2.BasicDataSource"
+          class="org.springframework.jdbc.datasource.SingleConnectionDataSource"
           lazy-init="true">
         <property name="driverClassName" value="${jdbc.driverClassName}"/>
         <property name="url" value="${jdbc.url}"/>
         <property name="username" value="${jdbc.username}"/>
         <property name="password" value="${jdbc.password}"/>
         <!-- relevant for single connection datasource and sqlite -->
-        <!--<property name="suppressClose">-->
-        <!--<value>true</value>-->
-        <!--</property>-->
-        <property name="initialSize" value="1"/>
-        <property name="maxIdle" value="1"/>
-        <property name="poolPreparedStatements" value="true"/>
+        <property name="suppressClose">
+            <value>true</value>
+        </property>
+        <!--<property name="initialSize" value="1"/>-->
+        <!--<property name="maxIdle" value="1"/>-->
+        <!--<property name="poolPreparedStatements" value="true"/>-->
     </bean>
 
     <!-- to configure database for sqlite, mysql, etc. migrations -->
diff --git a/src/main/resources/log4j.properties b/src/main/resources/log4j.properties
index 602c496..ff5d34c 100644
--- a/src/main/resources/log4j.properties
+++ b/src/main/resources/log4j.properties
@@ -1,7 +1,7 @@
 
 # Root logger option
 #log4j.threshold=ALL
-log4j.rootLogger=INFO, stdout, debugLog
+log4j.rootLogger=DEBUG, stdout, debugLog
 log4j.logger.log=ERROR, errorLog
 
 # Direct log messages to stdout
diff --git a/src/test/java/CollectionRewriteTest.java b/src/test/java/CollectionRewriteTest.java
index 2649d1e..995cdf7 100644
--- a/src/test/java/CollectionRewriteTest.java
+++ b/src/test/java/CollectionRewriteTest.java
@@ -5,9 +5,14 @@
 import de.ids_mannheim.korap.resource.rewrite.CollectionCleanupFilter;
 import de.ids_mannheim.korap.resource.rewrite.CollectionConstraint;
 import de.ids_mannheim.korap.resource.rewrite.RewriteHandler;
+import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
+import org.junit.Test;
+
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
 
 /**
  * @author hanl
@@ -22,7 +27,7 @@
 
     @BeforeClass
     public static void init() {
-        BeanConfiguration.loadClasspathContext();
+        BeanConfiguration.loadClasspathContext("default-config.xml");
         config = BeanConfiguration.getBeans().getConfiguration();
     }
 
@@ -31,8 +36,19 @@
         BeanConfiguration.closeApplication();
     }
 
+    @Test
+    public void test2() {
+        Pattern p = Pattern.compile("([\\.\\w]+)\\((.+)\\)");
+        String cl = de.ids_mannheim.korap.security.ac.SecurityManager.class
+                .getCanonicalName();
+        Matcher m = p.matcher(cl);
+        System.out.println("FOUND SOMETHING?! " + m.find());
+        while (m.find())
+            System.out.println("group 1 " + m.group(1));
 
-    //    @Test
+    }
+
+    @Test
     public void testCollectionNodeRemoveCorpusIdNoErrors() {
         RewriteHandler handler = new RewriteHandler(config);
         handler.add(CollectionConstraint.class);
@@ -40,12 +56,13 @@
         s.setQuery(simple_add_query, "poliqarp");
         s.setCollection("textClass=politik & corpusID=WPD");
         String result = s.toJSON();
-        JsonNode node = JsonUtils.readTree(handler.apply(result, null));
+        JsonNode node = JsonUtils.readTree(
+                handler.preProcess(result, User.UserFactory.getUser("test_user")));
         assert node != null;
         assert node.at("/collection/operands").size() == 1;
     }
 
-    //@Test
+    @Test
     public void testCollectionNodeRemoveAllCorpusIdNoErrors() {
         RewriteHandler handler = new RewriteHandler(config);
         handler.add(CollectionConstraint.class);
@@ -53,13 +70,14 @@
         s.setQuery(simple_add_query, "poliqarp");
         s.setCollection("corpusID=BRZ13 & corpusID=WPD");
         String result = s.toJSON();
-        JsonNode node = JsonUtils.readTree(handler.apply(result, null));
-
+        JsonNode node = JsonUtils.readTree(
+                handler.preProcess(result, User.UserFactory.getUser("test_user")));
+        System.out.println("RESULTING REWR NODE " + node);
         assert node != null;
         assert node.at("/collection/operands").size() == 0;
     }
 
-    //@Test
+    @Test
     public void testCollectionNodeRemoveGroupedCorpusIdNoErrors() {
         RewriteHandler handler = new RewriteHandler(config);
         handler.add(CollectionConstraint.class);
@@ -68,8 +86,10 @@
         s.setCollection(
                 "(corpusID=BRZ13 & textClass=Wissenschaft) & corpusID=WPD");
         String result = s.toJSON();
-        JsonNode node = JsonUtils.readTree(handler.apply(result, null));
+        JsonNode node = JsonUtils.readTree(
+                handler.preProcess(result, User.UserFactory.getUser("test_user")));
 
+        System.out.println("COLLECTION NODE " + result);
         assert node != null;
         assert node.at("/collection/operands/0/@type").asText()
                 .equals("koral:docGroup");
@@ -78,7 +98,7 @@
     }
 
     //fixme: will probably fail when one doc groups are being refactored
-    //@Test
+    @Test
     public void testCollectionCleanEmptyDocGroupNoErrors() {
         RewriteHandler handler = new RewriteHandler(config);
         handler.add(CollectionConstraint.class);
@@ -88,7 +108,8 @@
         s.setCollection(
                 "(corpusID=BRZ13 & corpusID=WPD) & textClass=Wissenschaft & textClass=Sport");
         String result = s.toJSON();
-        JsonNode node = JsonUtils.readTree(handler.apply(result, null));
+        JsonNode node = JsonUtils.readTree(
+                handler.preProcess(result, User.UserFactory.getUser("test_user")));
         assert node != null;
         assert node.at("/collection/@type").asText().equals("koral:docGroup");
         assert node.at("/collection/operands").size() == 2;
@@ -98,7 +119,7 @@
                 .equals("textClass");
     }
 
-    //@Test
+    @Test
     public void testCollectionCleanMoveOneDocFromGroupUpNoErrors() {
         RewriteHandler handler = new RewriteHandler(config);
         handler.add(CollectionConstraint.class);
@@ -107,12 +128,13 @@
         s.setQuery(simple_add_query, "poliqarp");
         s.setCollection("(corpusID=BRZ13 & textClass=Wissenschaft)");
         String result = s.toJSON();
-        JsonNode node = JsonUtils.readTree(handler.apply(result, null));
+        JsonNode node = JsonUtils.readTree(
+                handler.preProcess(result, User.UserFactory.getUser("test_user")));
         assert node != null;
         assert node.at("/collection/@type").asText().equals("koral:doc");
     }
 
-    //@Test
+    @Test
     public void testCollectionCleanEmptyGroupAndMoveOneFromGroupUpNoErrors() {
         RewriteHandler handler = new RewriteHandler(config);
         handler.add(CollectionConstraint.class);
@@ -122,13 +144,15 @@
         s.setCollection(
                 "(corpusID=BRZ13 & corpusID=WPD) & textClass=Wissenschaft");
         String result = s.toJSON();
-        JsonNode node = JsonUtils.readTree(handler.apply(result, null));
+        JsonNode node = JsonUtils.readTree(
+                handler.preProcess(result, User.UserFactory.getUser("test_user")));
+
         assert node != null;
         assert node.at("/collection/@type").asText().equals("koral:doc");
         assert node.at("/collection/key").asText().equals("textClass");
     }
 
-    //@Test
+    @Test
     public void testCollectionRemoveAndMoveOneFromGroupUpNoErrors() {
         RewriteHandler handler = new RewriteHandler(config);
         handler.add(CollectionConstraint.class);
@@ -138,7 +162,8 @@
         s.setCollection(
                 "(docID=random & textClass=Wissenschaft) & corpusID=WPD");
         String result = s.toJSON();
-        JsonNode node = JsonUtils.readTree(handler.apply(result, null));
+        JsonNode node = JsonUtils.readTree(
+                handler.preProcess(result, User.UserFactory.getUser("test_user")));
         System.out.println("original node " + result);
         System.out.println("result node " + node);
         assert node != null;
diff --git a/src/test/java/FoundryRewriteTest.java b/src/test/java/FoundryRewriteTest.java
index 6d23964..1a477d9 100644
--- a/src/test/java/FoundryRewriteTest.java
+++ b/src/test/java/FoundryRewriteTest.java
@@ -42,7 +42,7 @@
         processor.add(FoundryInject.class);
         QuerySerializer s = new QuerySerializer();
         s.setQuery(simple_add_query, "poliqarp");
-        String result = processor.apply(s.toJSON(), null);
+        String result = processor.preProcess(s.toJSON(), null);
         JsonNode node = JsonUtils.readTree(result);
 
         assert node != null;
@@ -66,7 +66,7 @@
         RewriteHandler handler = new RewriteHandler(config);
         s.setQuery("[pos=ADJA]", "poliqarp");
         assert handler.add(FoundryInject.class);
-        String result = handler.apply(s.toJSON(), null);
+        String result = handler.preProcess(s.toJSON(), null);
         JsonNode node = JsonUtils.readTree(result);
 
         assert node != null;
@@ -82,7 +82,7 @@
         RewriteHandler handler = new RewriteHandler(config);
         s.setQuery("[orth=laufe/i & base!=Lauf]", "poliqarp");
         assert handler.add(FoundryInject.class);
-        String result = handler.apply(s.toJSON(), null);
+        String result = handler.preProcess(s.toJSON(), null);
         JsonNode node = JsonUtils.readTree(result);
 
         assert node != null;
@@ -99,7 +99,7 @@
         RewriteHandler handler = new RewriteHandler(config);
         s.setQuery("[(base=laufen | base=gehen) & tt/pos=VVFIN]", "poliqarp");
         assert handler.add(FoundryInject.class);
-        String result = handler.apply(s.toJSON(), null);
+        String result = handler.preProcess(s.toJSON(), null);
         JsonNode node = JsonUtils.readTree(result);
 
         assert node != null;
diff --git a/src/test/java/IdRewriteTest.java b/src/test/java/IdRewriteTest.java
index be37b7c..8415c2c 100644
--- a/src/test/java/IdRewriteTest.java
+++ b/src/test/java/IdRewriteTest.java
@@ -1,6 +1,9 @@
+import com.fasterxml.jackson.databind.JsonNode;
 import de.ids_mannheim.korap.config.BeanConfiguration;
+import de.ids_mannheim.korap.query.serialize.QuerySerializer;
 import de.ids_mannheim.korap.resource.rewrite.IdWriter;
 import de.ids_mannheim.korap.resource.rewrite.RewriteHandler;
+import de.ids_mannheim.korap.utils.JsonUtils;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -27,6 +30,15 @@
                 BeanConfiguration.getBeans().getConfiguration());
         assert handler.add(IdWriter.class);
 
+        String query = "[surface=Wort]";
+        QuerySerializer s = new QuerySerializer();
+        s.setQuery(query, "poliqarp");
+
+        String value = handler.preProcess(s.toJSON(), null);
+        JsonNode result = JsonUtils.readTree(value);
+
+        assert result != null;
+        assert result.path("query").has("idn");
 
     }
 
diff --git a/src/test/java/de/ids_mannheim/korap/web/service/KustvaktCoreRestTest.java b/src/test/java/de/ids_mannheim/korap/web/service/KustvaktCoreRestTest.java
index 1661263..7af97ea 100644
--- a/src/test/java/de/ids_mannheim/korap/web/service/KustvaktCoreRestTest.java
+++ b/src/test/java/de/ids_mannheim/korap/web/service/KustvaktCoreRestTest.java
@@ -37,6 +37,7 @@
                 .queryParam("q", "[base=Wort]").queryParam("ql", "poliqarp")
                 .get(ClientResponse.class);
         assert ClientResponse.Status.OK.getStatusCode() == response.getStatus();
+        System.out.println("RESPONSE IS " + response.getEntity(String.class));
     }
 
     @Test