refactoring and test run without errors
diff --git a/src/main/.DS_Store b/src/main/.DS_Store
index 6f2c378..16a3460 100644
--- a/src/main/.DS_Store
+++ b/src/main/.DS_Store
Binary files differ
diff --git a/src/main/java/de/ids_mannheim/korap/config/BeanConfiguration.java b/src/main/java/de/ids_mannheim/korap/config/BeanConfiguration.java
index c308e34..af98785 100644
--- a/src/main/java/de/ids_mannheim/korap/config/BeanConfiguration.java
+++ b/src/main/java/de/ids_mannheim/korap/config/BeanConfiguration.java
@@ -1,6 +1,9 @@
 package de.ids_mannheim.korap.config;
 
-import de.ids_mannheim.korap.interfaces.*;
+import de.ids_mannheim.korap.interfaces.AuthenticationIface;
+import de.ids_mannheim.korap.interfaces.AuthenticationManagerIface;
+import de.ids_mannheim.korap.interfaces.EncryptionIface;
+import de.ids_mannheim.korap.interfaces.db.*;
 import de.ids_mannheim.korap.web.utils.KustvaktResponseHandler;
 import org.springframework.beans.factory.NoSuchBeanDefinitionException;
 import org.springframework.context.ApplicationContext;
@@ -61,22 +64,23 @@
     }
 
     public static boolean hasContext() {
-        return beans != null;
+        return beans != null && beans.context != null;
     }
 
     public static void loadClasspathContext(String... files) {
-        if (beans == null) {
+        if (!hasContext()) {
             ApplicationContext context;
             if (files.length == 0)
                 context = new ClassPathXmlApplicationContext(config_file);
             else
                 context = new ClassPathXmlApplicationContext(files);
+
             BeanConfiguration.beans = new BeanHolderHelper(context);
         }
     }
 
     public static void loadFileContext(String filepath) {
-        if (beans == null) {
+        if (!hasContext()) {
             ApplicationContext context = new FileSystemXmlApplicationContext(
                     "file:" + filepath);
             BeanConfiguration.beans = new BeanHolderHelper(context);
@@ -84,7 +88,9 @@
     }
 
     public static void closeApplication() {
-        beans.finish();
+        if (hasContext())
+            beans.finish();
+        beans = null;
     }
 
     //todo: set response handler
@@ -98,13 +104,11 @@
         private ApplicationContext context = null;
         private DefaultHandler handler;
 
-        public BeanHolderHelper() {
-            this.handler = new DefaultHandler();
-        }
-
         private BeanHolderHelper(ApplicationContext context) {
-            this();
+            this.handler = new DefaultHandler();
             this.context = context;
+            // todo: better method?!
+            KustvaktResponseHandler.init(getAuditingProvider());
         }
 
         protected <T> T getBean(Class<T> clazz) {
@@ -130,7 +134,7 @@
         }
 
         public AuditingIface getAuditingProvider() {
-            return (AuditingIface) context.getBean(KUSTVAKT_AUDITING);
+            return (AuditingIface) getBean(KUSTVAKT_AUDITING);
         }
 
         public <T extends KustvaktConfiguration> T getConfiguration() {
@@ -165,14 +169,13 @@
             return getBean(KUSTVAKT_POLICIES);
         }
 
+        // todo: !!!!!!!!!!!!!!!!!!!!!!!!!!
         // todo: more specific --> collection provider, document provider, etc.
         public ResourceOperationIface getResourceProvider() {
             return getBean("resourceProvider");
         }
 
-
-
-        public void finish() {
+        private void finish() {
             this.getAuditingProvider().finish();
             context = null;
         }
diff --git a/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java b/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
index 36f5bb2..1564e77 100644
--- a/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
+++ b/src/main/java/de/ids_mannheim/korap/config/KustvaktConfiguration.java
@@ -63,7 +63,7 @@
 
     private String default_pos;
     private String default_lemma;
-    private String default_surface;
+    private String default_token;
     private String default_dep;
     private String default_const;
 
@@ -99,8 +99,8 @@
         default_dep = properties.getProperty("kustvakt.default.dep", "mate");
         default_lemma = properties.getProperty("kustvakt.default.lemma", "tt");
         default_pos = properties.getProperty("kustvakt.default.pos", "tt");
-        default_surface = properties
-                .getProperty("kustvakt.default.opennlp", "opennlp");
+        default_token = properties
+                .getProperty("kustvakt.default.token", "opennlp");
 
         // security configuration
         expiration = TimeUtils.convertTimeToSeconds(properties
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/CollectionDao.java b/src/main/java/de/ids_mannheim/korap/handlers/CollectionDao.java
index fceaf89..c961813 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/CollectionDao.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/CollectionDao.java
@@ -2,8 +2,8 @@
 
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
-import de.ids_mannheim.korap.interfaces.ResourceOperationIface;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
 import de.ids_mannheim.korap.resources.KustvaktResource;
 import de.ids_mannheim.korap.resources.VirtualCollection;
 import de.ids_mannheim.korap.user.User;
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/DocumentDao.java b/src/main/java/de/ids_mannheim/korap/handlers/DocumentDao.java
index ce0475e..1cef65f 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/DocumentDao.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/DocumentDao.java
@@ -2,8 +2,8 @@
 
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
-import de.ids_mannheim.korap.interfaces.ResourceOperationIface;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
 import de.ids_mannheim.korap.resources.Document;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.BooleanUtils;
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java b/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
index fa29e59..b81dc3d 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/EntityDao.java
@@ -6,8 +6,8 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.exceptions.dbException;
-import de.ids_mannheim.korap.interfaces.EntityHandlerIface;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.EntityHandlerIface;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
 import de.ids_mannheim.korap.user.*;
 import de.ids_mannheim.korap.utils.BooleanUtils;
 import de.ids_mannheim.korap.utils.KustvaktLogger;
@@ -382,7 +382,6 @@
             this.createSettings(user.getSettings());
             return r;
         }catch (DataAccessException e) {
-            e.printStackTrace();
             jlog.error("Could not create user account with username: {}",
                     user.getUsername());
             throw new dbException(user.getUsername(), "korap_users",
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/JDBCAuditing.java b/src/main/java/de/ids_mannheim/korap/handlers/JDBCAuditing.java
index 9cfbb3d..4dca815 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/JDBCAuditing.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/JDBCAuditing.java
@@ -1,8 +1,8 @@
 package de.ids_mannheim.korap.handlers;
 
 import de.ids_mannheim.korap.auditing.AuditRecord;
-import de.ids_mannheim.korap.interfaces.AuditingIface;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.AuditingIface;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
 import de.ids_mannheim.korap.user.User;
 import org.joda.time.DateTime;
 import org.joda.time.LocalDate;
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/JDBCClient.java b/src/main/java/de/ids_mannheim/korap/handlers/JDBCClient.java
index 1b277d6..4f6b9e3 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/JDBCClient.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/JDBCClient.java
@@ -1,6 +1,6 @@
 package de.ids_mannheim.korap.handlers;
 
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
 import de.ids_mannheim.korap.utils.BooleanUtils;
 import lombok.AccessLevel;
 import lombok.Data;
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/OAuth2Handler.java b/src/main/java/de/ids_mannheim/korap/handlers/OAuth2Handler.java
index c8d8281..1d571ae 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/OAuth2Handler.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/OAuth2Handler.java
@@ -2,7 +2,7 @@
 
 import de.ids_mannheim.korap.config.AuthCodeInfo;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
 import de.ids_mannheim.korap.user.User;
 import net.sf.ehcache.Cache;
 import net.sf.ehcache.CacheManager;
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java b/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
index 63485c9..1473782 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/OAuthDb.java
@@ -4,7 +4,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.exceptions.dbException;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
 import de.ids_mannheim.korap.user.Attributes;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
@@ -26,6 +26,8 @@
 import java.util.List;
 
 /**
+ *
+ *
  * Created by hanl on 7/14/14.
  */
 public class OAuthDb {
diff --git a/src/main/java/de/ids_mannheim/korap/handlers/ResourceDao.java b/src/main/java/de/ids_mannheim/korap/handlers/ResourceDao.java
index 3b51f5c..0d0183e 100644
--- a/src/main/java/de/ids_mannheim/korap/handlers/ResourceDao.java
+++ b/src/main/java/de/ids_mannheim/korap/handlers/ResourceDao.java
@@ -3,8 +3,8 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.exceptions.dbException;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
-import de.ids_mannheim.korap.interfaces.ResourceOperationIface;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
 import de.ids_mannheim.korap.resources.KustvaktResource;
 import de.ids_mannheim.korap.resources.ResourceFactory;
 import de.ids_mannheim.korap.user.User;
diff --git a/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java b/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
index 1dc864c..b591911 100644
--- a/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
+++ b/src/main/java/de/ids_mannheim/korap/interfaces/EncryptionIface.java
@@ -30,7 +30,9 @@
             throws NoSuchAlgorithmException, UnsupportedEncodingException,
             KustvaktException;
 
-    public String hash(String value);
+    public String hash(String text, String salt) throws Exception;
+
+    public String hash(String text) throws Exception;
 
     /**
      * @param plain
diff --git a/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultAuditing.java b/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultAuditing.java
index 9f5a453..bbf895a 100644
--- a/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultAuditing.java
+++ b/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultAuditing.java
@@ -3,7 +3,7 @@
 import de.ids_mannheim.korap.auditing.AuditRecord;
 import de.ids_mannheim.korap.config.BeanConfiguration;
 import de.ids_mannheim.korap.config.Configurable;
-import de.ids_mannheim.korap.interfaces.AuditingIface;
+import de.ids_mannheim.korap.interfaces.db.AuditingIface;
 import de.ids_mannheim.korap.user.User;
 import org.joda.time.DateTime;
 import org.joda.time.LocalDate;
diff --git a/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java b/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java
index 1465c06..9f412b1 100644
--- a/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java
+++ b/src/main/java/de/ids_mannheim/korap/interfaces/defaults/DefaultEncryption.java
@@ -40,6 +40,11 @@
     }
 
     @Override
+    public String hash(String text, String salt) throws Exception {
+        return null;
+    }
+
+    @Override
     public String hash(String value) {
         return null;
     }
diff --git a/src/main/java/de/ids_mannheim/korap/resource/LayerMapper.java b/src/main/java/de/ids_mannheim/korap/resource/LayerMapper.java
index b51229c..e59f849 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/LayerMapper.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/LayerMapper.java
@@ -59,7 +59,7 @@
                 case "lemma":
                     return config.getDefault_lemma();
                 case "surface":
-                    return config.getDefault_surface();
+                    return config.getDefault_token();
                 // refers to "structure" and is used for paragraphs or sentence boundaries
                 case "s":
                     return "base";
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/IdWriter.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/IdWriter.java
index 0c91ac0..86999a5 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/IdWriter.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/IdWriter.java
@@ -4,5 +4,5 @@
  * @author hanl
  * @date 25/09/2015
  */
-public class IdWriter {
+public class IdWriter  {
 }
diff --git a/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteHandler.java b/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteHandler.java
index 6c613ca..d9eb391 100644
--- a/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteHandler.java
+++ b/src/main/java/de/ids_mannheim/korap/resource/rewrite/RewriteHandler.java
@@ -1,6 +1,7 @@
 package de.ids_mannheim.korap.resource.rewrite;
 
 import com.fasterxml.jackson.databind.JsonNode;
+import de.ids_mannheim.korap.config.KustvaktClassLoader;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.JsonUtils;
 import de.ids_mannheim.korap.utils.KustvaktLogger;
@@ -14,7 +15,7 @@
  * @author hanl
  * @date 30/06/2015
  */
-//todo: load rewritenode and rewritequery automatically from classpath, but namespaced from package
+//todo: load rewritenode and rewritequery automatically from classpath by default, but namespaced from package
 public class RewriteHandler {
 
     private static Logger jlog = KustvaktLogger.initiate(RewriteHandler.class);
@@ -24,7 +25,7 @@
     public RewriteHandler() {
         this.node_processors = new HashSet<>();
         this.query_processors = new HashSet<>();
-        // add defaults?!
+        KustvaktClassLoader.loadSubTypes(RewriteTask.RewriteNode.class);
     }
 
     public void add(RewriteTask.RewriteNode node) {
diff --git a/src/main/java/de/ids_mannheim/korap/security/Parameter.java b/src/main/java/de/ids_mannheim/korap/security/Parameter.java
index 4c21542..7eab421 100644
--- a/src/main/java/de/ids_mannheim/korap/security/Parameter.java
+++ b/src/main/java/de/ids_mannheim/korap/security/Parameter.java
@@ -13,14 +13,15 @@
 
     private String value;
     private SecurityPolicy policy;
-    private boolean equality;
+    // todo: what is this supposed to do?
+    private boolean equal;
 
-    public Parameter(String identifier, String value, boolean equality,
+    public Parameter(String identifier, String value, boolean equal,
             User user) {
         super();
         super.setName(identifier.toLowerCase());
         this.value = value;
-        this.equality = equality;
+        this.equal = equal;
         super.setOwner(user.getId());
     }
 
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/ConditionManagement.java b/src/main/java/de/ids_mannheim/korap/security/ac/ConditionManagement.java
index d403b69..1e8dafc 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/ConditionManagement.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/ConditionManagement.java
@@ -4,7 +4,7 @@
 import de.ids_mannheim.korap.exceptions.EmptyResultException;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.NotAuthorizedException;
-import de.ids_mannheim.korap.interfaces.PolicyHandlerIface;
+import de.ids_mannheim.korap.interfaces.db.PolicyHandlerIface;
 import de.ids_mannheim.korap.resources.KustvaktResource;
 import de.ids_mannheim.korap.resources.Permissions;
 import de.ids_mannheim.korap.security.PolicyCondition;
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyDao.java b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyDao.java
index d260b65..4524696 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/PolicyDao.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/PolicyDao.java
@@ -3,13 +3,13 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.exceptions.dbException;
-import de.ids_mannheim.korap.ext.interfaces.PolicyHandlerIface;
-import de.ids_mannheim.korap.ext.resource.KorAPResource;
-import de.ids_mannheim.korap.ext.resource.ResourceFactory;
-import de.ids_mannheim.korap.ext.security.types.Parameter;
-import de.ids_mannheim.korap.ext.security.types.PolicyCondition;
-import de.ids_mannheim.korap.ext.security.types.SecurityPolicy;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.PolicyHandlerIface;
+import de.ids_mannheim.korap.resources.KustvaktResource;
+import de.ids_mannheim.korap.resources.ResourceFactory;
+import de.ids_mannheim.korap.security.Parameter;
+import de.ids_mannheim.korap.security.PolicyCondition;
+import de.ids_mannheim.korap.security.SecurityPolicy;
 import de.ids_mannheim.korap.user.Attributes;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.BooleanUtils;
@@ -330,8 +330,8 @@
     //todo: not working yet!
     // todo: does not concern itsself with location matching, ever!
     @Override
-    public List<KorAPResource.Container> getDescending(String path,
-            final User user, Byte b, final Class<? extends KorAPResource> clazz)
+    public List<KustvaktResource.Container> getDescending(String path,
+            final User user, Byte b, final Class<? extends KustvaktResource> clazz)
             throws KustvaktException {
         final MapSqlParameterSource param = new MapSqlParameterSource();
         param.addValue("userid", user.getId());
@@ -402,8 +402,8 @@
     }
 
     @Override
-    public List<KorAPResource.Container> getAscending(String name, User user,
-            Byte b, Class<? extends KorAPResource> clazz)
+    public List<KustvaktResource.Container> getAscending(String name, User user,
+            Byte b, Class<? extends KustvaktResource> clazz)
             throws KustvaktException {
         final MapSqlParameterSource param = new MapSqlParameterSource();
         param.addValue("userid", user.getId());
@@ -734,7 +734,7 @@
         source.addValue("key", param.getName());
         source.addValue("policy", param.getPolicy().getID());
         source.addValue("value", param.getValue());
-        source.addValue("flag", param.isEquality());
+        source.addValue("flag", param.isEqual());
 
         if (!parameterExists(param.getName()))
             createParameter(param.getName(), "", param.getOwner());
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
index ed0462b..3ed9843 100755
--- a/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/ResourceFinder.java
@@ -1,8 +1,8 @@
 package de.ids_mannheim.korap.security.ac;
 
 import de.ids_mannheim.korap.exceptions.KustvaktException;
-import de.ids_mannheim.korap.interfaces.PolicyHandlerIface;
-import de.ids_mannheim.korap.interfaces.ResourceOperationIface;
+import de.ids_mannheim.korap.interfaces.db.PolicyHandlerIface;
+import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
 import de.ids_mannheim.korap.resources.KustvaktResource;
 import de.ids_mannheim.korap.resources.Permissions;
 import de.ids_mannheim.korap.resources.ResourceFactory;
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
index 6dd88a3..2317190 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityManager.java
@@ -5,8 +5,8 @@
 import de.ids_mannheim.korap.exceptions.NotAuthorizedException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.interfaces.PolicyHandlerIface;
-import de.ids_mannheim.korap.interfaces.ResourceOperationIface;
+import de.ids_mannheim.korap.interfaces.db.PolicyHandlerIface;
+import de.ids_mannheim.korap.interfaces.db.ResourceOperationIface;
 import de.ids_mannheim.korap.resources.KustvaktResource;
 import de.ids_mannheim.korap.resources.Permissions;
 import de.ids_mannheim.korap.security.Parameter;
diff --git a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityRowMappers.java b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityRowMappers.java
index bf2de64..372b7b3 100644
--- a/src/main/java/de/ids_mannheim/korap/security/ac/SecurityRowMappers.java
+++ b/src/main/java/de/ids_mannheim/korap/security/ac/SecurityRowMappers.java
@@ -1,10 +1,10 @@
 package de.ids_mannheim.korap.security.ac;
 
-import de.ids_mannheim.korap.ext.resource.KorAPResource;
-import de.ids_mannheim.korap.ext.resource.ResourceFactory;
-import de.ids_mannheim.korap.ext.security.types.PolicyCondition;
-import de.ids_mannheim.korap.ext.security.types.PolicyContext;
-import de.ids_mannheim.korap.ext.security.types.SecurityPolicy;
+import de.ids_mannheim.korap.resources.KustvaktResource;
+import de.ids_mannheim.korap.resources.ResourceFactory;
+import de.ids_mannheim.korap.security.PolicyCondition;
+import de.ids_mannheim.korap.security.PolicyContext;
+import de.ids_mannheim.korap.security.SecurityPolicy;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.utils.PrefixTreeMap;
 import lombok.Data;
@@ -102,7 +102,8 @@
             if (index == -1) {
                 if (pid == -1 && grouping.equalsIgnoreCase("self")) {
                     policy = new SecurityPolicy.OwnerPolicy(
-                            rs.getString("persistent_id"), rs.getInt("creator"));
+                            rs.getString("persistent_id"),
+                            rs.getInt("creator"));
                     policyArray[depth].add(0, policy);
                     idx[depth].add(0, pid);
                 }else {
@@ -172,7 +173,7 @@
     }
 
     public static class HierarchicalResultExtractor
-            implements ResultSetExtractor<List<KorAPResource.Container>> {
+            implements ResultSetExtractor<List<KustvaktResource.Container>> {
 
         private boolean _withpid;
 
@@ -181,14 +182,14 @@
         //        }
 
         // todo: in order for this to work, all parent flags need to be matched in sql!
-        public List<KorAPResource.Container> extractData(ResultSet rs)
+        public List<KustvaktResource.Container> extractData(ResultSet rs)
                 throws SQLException, DataAccessException {
             // contains the container with the highest available name_path to retrieve partial matches!
-            PrefixTreeMap<KorAPResource.Container[]> containerMap = new PrefixTreeMap<>();
+            PrefixTreeMap<KustvaktResource.Container[]> containerMap = new PrefixTreeMap<>();
             Map<Integer, SecurityPolicy> trace = new HashMap<>();
 
             while (rs.next()) {
-                KorAPResource.Container[] cursor;
+                KustvaktResource.Container[] cursor;
                 Integer pid = rs.getInt("pid");
 
                 SecurityPolicy policy = trace.get(pid);
@@ -204,20 +205,20 @@
                     trace.put(pid, policy);
 
                     //fixme: since leaves are mentioned first, maybe retrieve
-                    SortedMap<String, KorAPResource.Container[]> submatch;
+                    SortedMap<String, KustvaktResource.Container[]> submatch;
                     if ((submatch = containerMap.getPrefixSubMap(namePath))
                             == null) {
 
-                        cursor = new KorAPResource.Container[depth + 1];
-                        cursor[depth] = new KorAPResource.Container(
+                        cursor = new KustvaktResource.Container[depth + 1];
+                        cursor[depth] = new KustvaktResource.Container(
                                 persistentId,
                                 ResourceFactory.getResource(rs.getInt("type"))
                                         .getClass());
                         containerMap.put(namePath, cursor);
                     }else {
-                        KorAPResource.Container[] values = submatch
+                        KustvaktResource.Container[] values = submatch
                                 .get(submatch.firstKey());
-                        values[depth] = new KorAPResource.Container(
+                        values[depth] = new KustvaktResource.Container(
                                 persistentId,
                                 ResourceFactory.getResource(rs.getInt("type"))
                                         .getClass());
@@ -225,9 +226,9 @@
                 }
             }
 
-            List<KorAPResource.Container> result = new ArrayList<>();
-            for (KorAPResource.Container[] values : containerMap.values()) {
-                for (KorAPResource.Container container : values)
+            List<KustvaktResource.Container> result = new ArrayList<>();
+            for (KustvaktResource.Container[] values : containerMap.values()) {
+                for (KustvaktResource.Container container : values)
                     if (container == null)
                         containerMap.remove(values);
                 result.add(values[values.length - 1]);
diff --git a/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java b/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
index d5e22da..50c208c 100644
--- a/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
+++ b/src/main/java/de/ids_mannheim/korap/security/auth/KustvaktAuthenticationManager.java
@@ -6,6 +6,8 @@
 import de.ids_mannheim.korap.config.URIParam;
 import de.ids_mannheim.korap.exceptions.*;
 import de.ids_mannheim.korap.interfaces.*;
+import de.ids_mannheim.korap.interfaces.db.AuditingIface;
+import de.ids_mannheim.korap.interfaces.db.EntityHandlerIface;
 import de.ids_mannheim.korap.user.*;
 import de.ids_mannheim.korap.utils.KustvaktLogger;
 import de.ids_mannheim.korap.utils.StringUtils;
@@ -684,7 +686,13 @@
         return user.getSettings();
     }
 
-    private String cache_key(String input) {
-        return crypto.hash(KEY + "@" + input);
+    private String cache_key(String input) throws KustvaktException {
+        try {
+            return crypto.hash(KEY + "@" + input);
+        }catch (Exception e) {
+            jlog.error("illegal cache key input '{}'", input);
+            throw new KustvaktException(StatusCodes.ILLEGAL_ARGUMENT,
+                    "missing or illegal cache key", input);
+        }
     }
 }
diff --git a/src/main/java/de/ids_mannheim/korap/security/auth/OpenIDconnectAuthentication.java b/src/main/java/de/ids_mannheim/korap/security/auth/OpenIDconnectAuthentication.java
index 0a23e72..eb0bb32 100644
--- a/src/main/java/de/ids_mannheim/korap/security/auth/OpenIDconnectAuthentication.java
+++ b/src/main/java/de/ids_mannheim/korap/security/auth/OpenIDconnectAuthentication.java
@@ -7,7 +7,7 @@
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.handlers.OAuthDb;
 import de.ids_mannheim.korap.interfaces.AuthenticationIface;
-import de.ids_mannheim.korap.interfaces.PersistenceClient;
+import de.ids_mannheim.korap.interfaces.db.PersistenceClient;
 import de.ids_mannheim.korap.user.Attributes;
 import de.ids_mannheim.korap.user.TokenContext;
 import de.ids_mannheim.korap.user.User;
diff --git a/src/main/java/de/ids_mannheim/korap/user/User.java b/src/main/java/de/ids_mannheim/korap/user/User.java
index 7de02b4..e33502a 100644
--- a/src/main/java/de/ids_mannheim/korap/user/User.java
+++ b/src/main/java/de/ids_mannheim/korap/user/User.java
@@ -150,6 +150,12 @@
             return new KorAPUser(username);
         }
 
+        public static KorAPUser getUser(String username, String password) {
+            KorAPUser user = new KorAPUser(username);
+            user.setPassword(password);
+            return user;
+        }
+
         public static KorAPUser getAdmin() {
             return new KorAPUser(ADMINISTRATOR_ID, ADMINISTRATOR_NAME);
         }
diff --git a/src/main/java/de/ids_mannheim/korap/utils/BooleanUtils.java b/src/main/java/de/ids_mannheim/korap/utils/BooleanUtils.java
index 2e767ed..02d8cc3 100644
--- a/src/main/java/de/ids_mannheim/korap/utils/BooleanUtils.java
+++ b/src/main/java/de/ids_mannheim/korap/utils/BooleanUtils.java
@@ -9,12 +9,12 @@
     public static String dbname;
 
     public static Object getBoolean(Object val) {
-        if (val == null) val = false;
-        if (dbname != null
-                && dbname.equalsIgnoreCase("sqlite")) {
+        if (val == null)
+            val = false;
+        if (dbname != null && dbname.equalsIgnoreCase("sqlite")) {
             if (val instanceof Boolean) {
-                return (val == true) ? 1 : 0;
-            } else if (val instanceof Integer) {
+                return ((boolean) val) ? 1 : 0;
+            }else if (val instanceof Integer) {
                 return ((Integer) val == 1);
             }
         }
diff --git a/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java b/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
index b506d22..8b55099 100644
--- a/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
+++ b/src/main/java/de/ids_mannheim/korap/utils/UserPropertyReader.java
@@ -4,7 +4,7 @@
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
 import de.ids_mannheim.korap.interfaces.EncryptionIface;
-import de.ids_mannheim.korap.interfaces.EntityHandlerIface;
+import de.ids_mannheim.korap.interfaces.db.EntityHandlerIface;
 import de.ids_mannheim.korap.user.KorAPUser;
 import de.ids_mannheim.korap.user.User;
 import de.ids_mannheim.korap.user.UserDetails;
diff --git a/src/main/java/de/ids_mannheim/korap/web/KustvaktBaseServer.java b/src/main/java/de/ids_mannheim/korap/web/KustvaktBaseServer.java
index c8961932..8686d73 100644
--- a/src/main/java/de/ids_mannheim/korap/web/KustvaktBaseServer.java
+++ b/src/main/java/de/ids_mannheim/korap/web/KustvaktBaseServer.java
@@ -14,6 +14,8 @@
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 
+import java.io.FileInputStream;
+
 /**
  * @author hanl
  * @date 01/06/2015
@@ -28,6 +30,9 @@
         else
             BeanConfiguration.loadClasspathContext();
 
+        BeanConfiguration.getBeans().getConfiguration().setPropertiesAsStream(
+                new FileInputStream(kargs.getProperties()));
+
         kargs.setRootPackages(
                 new String[] { "de.ids_mannheim.korap.web.service.light" });
         startServer(kargs);
@@ -46,6 +51,20 @@
                 case "--port":
                     kargs.setPort(Integer.valueOf(args[i + 1]));
                     break;
+                case "--props":
+                    kargs.setProperties(args[+1]);
+                    break;
+                case "--help":
+                    StringBuffer b = new StringBuffer();
+
+                    b.append("Parameter description: \n")
+                            .append("--config  <Path to spring configuration file> : Configuration file\n")
+                            .append("--port  <Server port> : Port under which the server is accessible \n")
+                            .append("--props  <Path to kustvakt properties> : list of configuration properties\n")
+                            .append("--help : This help menu\n");
+                    System.out.println(b.toString());
+                    System.out.println();
+                    break;
             }
         }
         return kargs;
@@ -104,6 +123,8 @@
         private boolean debug;
         @Getter
         private String config;
+        @Getter
+        private String properties;
         private int port;
         private SslContextFactory sslContext;
         private String[] rootPackages;
diff --git a/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java b/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
index 1a52c3d..89ad245 100644
--- a/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
+++ b/src/main/java/de/ids_mannheim/korap/web/utils/KustvaktResponseHandler.java
@@ -3,7 +3,7 @@
 import de.ids_mannheim.korap.auditing.AuditRecord;
 import de.ids_mannheim.korap.exceptions.KustvaktException;
 import de.ids_mannheim.korap.exceptions.StatusCodes;
-import de.ids_mannheim.korap.interfaces.AuditingIface;
+import de.ids_mannheim.korap.interfaces.db.AuditingIface;
 import de.ids_mannheim.korap.response.Notifications;
 
 import javax.ws.rs.WebApplicationException;
diff --git a/src/main/resources/default-config.xml b/src/main/resources/default-config.xml
index 4f7d23b..983a69c 100644
--- a/src/main/resources/default-config.xml
+++ b/src/main/resources/default-config.xml
@@ -38,21 +38,24 @@
 
     <!-- props are injected from default-config.xml -->
     <bean id="kustvakt_config"
-          class="de.ids_mannheim.korap.ext.config.ExtConfiguration">
+          class="de.ids_mannheim.korap.config.KustvaktConfiguration">
         <property name="properties" ref="props"/>
     </bean>
 
     <bean id="dataSource"
-          class="org.springframework.jdbc.datasource.SingleConnectionDataSource"
+          class="org.apache.commons.dbcp2.BasicDataSource"
           lazy-init="true">
         <property name="driverClassName" value="${jdbc.driverClassName}"/>
         <property name="url" value="${jdbc.url}"/>
         <property name="username" value="${jdbc.username}"/>
         <property name="password" value="${jdbc.password}"/>
         <!-- relevant for single connection datasource and sqlite -->
-        <property name="suppressClose">
-            <value>true</value>
-        </property>
+        <!--<property name="suppressClose">-->
+            <!--<value>true</value>-->
+        <!--</property>-->
+        <property name="initialSize" value="1"/>
+        <property name="maxIdle" value="1"/>
+        <property name="poolPreparedStatements" value="true"/>
     </bean>
 
     <!-- to configure database for sqlite, mysql, etc. migrations -->
@@ -93,39 +96,39 @@
     </bean>
 
     <bean id="kustvakt_policies"
-          class="de.ids_mannheim.korap.ext.security.dataAccess.PolicyDao">
+          class="de.ids_mannheim.korap.security.ac.PolicyDao">
         <constructor-arg ref="kustvakt_db"/>
     </bean>
 
     <bean name="kustvakt_encryption"
-          class="de.ids_mannheim.korap.ext.security.encryption.KorAPEncryption">
+          class="de.ids_mannheim.korap.interfaces.defaults.KustvaktEncryption">
         <constructor-arg ref="kustvakt_config"/>
     </bean>
 
     <!-- authentication providers to use -->
     <bean id="api_auth"
-          class="de.ids_mannheim.korap.ext.security.authentication.APIAuthentication">
+          class="de.ids_mannheim.korap.security.auth.APIAuthentication">
         <constructor-arg
                 type="de.ids_mannheim.korap.config.KustvaktConfiguration"
                 ref="kustvakt_config"/>
     </bean>
 
     <bean id="openid_auth"
-          class="de.ids_mannheim.korap.ext.security.authentication.OpenIDconnectAuthentication">
+          class="de.ids_mannheim.korap.security.auth.OpenIDconnectAuthentication">
         <constructor-arg
                 type="de.ids_mannheim.korap.config.KustvaktConfiguration"
                 ref="kustvakt_config"/>
         <constructor-arg
-                type="de.ids_mannheim.korap.interfaces.PersistenceClient"
+                type="de.ids_mannheim.korap.interfaces.db.PersistenceClient"
                 ref="kustvakt_db"/>
     </bean>
 
     <bean id="basic_auth"
-          class="de.ids_mannheim.korap.ext.security.authentication.BasicHttpAuth"/>
+          class="de.ids_mannheim.korap.security.auth.BasicHttpAuth"/>
 
 
     <bean id="session_auth"
-          class="de.ids_mannheim.korap.ext.security.authentication.SessionAuthentication">
+          class="de.ids_mannheim.korap.security.auth.SessionAuthentication">
         <constructor-arg
                 type="de.ids_mannheim.korap.config.KustvaktConfiguration"
                 ref="kustvakt_config"/>
@@ -144,15 +147,16 @@
 
     <!-- specify type for constructor argument -->
     <bean id="kustvakt_authenticationmanager"
-          class="de.ids_mannheim.korap.ext.security.authentication.KustvaktAuthenticationManager">
+          class="de.ids_mannheim.korap.security.auth.KustvaktAuthenticationManager">
         <constructor-arg
-                type="de.ids_mannheim.korap.interfaces.EntityHandlerIface"
+                type="de.ids_mannheim.korap.interfaces.db.EntityHandlerIface"
                 ref="kustvakt_userdb"/>
         <constructor-arg type="de.ids_mannheim.korap.interfaces.EncryptionIface"
                          ref="kustvakt_encryption"/>
         <constructor-arg ref="kustvakt_config"/>
-        <constructor-arg type="de.ids_mannheim.korap.interfaces.AuditingIface"
-                         ref="kustvakt_auditing"/>
+        <constructor-arg
+                type="de.ids_mannheim.korap.interfaces.db.AuditingIface"
+                ref="kustvakt_auditing"/>
         <!-- inject authentication providers to use -->
         <property name="providers" ref="auth_providers"/>
     </bean>
@@ -174,7 +178,7 @@
         of an operation defined by the service interface -->
     <aop:config>
         <aop:pointcut id="service"
-                      expression="execution(* de.ids_mannheim.korap.interfaces.*.*(..))"/>
+                      expression="execution(* de.ids_mannheim.korap.interfaces.db.*.*(..))"/>
         <aop:advisor advice-ref="txAdvice" pointcut-ref="service"/>
     </aop:config>
 
diff --git a/src/main/resources/log4j.properties b/src/main/resources/log4j.properties
index 602c496..ff5d34c 100644
--- a/src/main/resources/log4j.properties
+++ b/src/main/resources/log4j.properties
@@ -1,7 +1,7 @@
 
 # Root logger option
 #log4j.threshold=ALL
-log4j.rootLogger=INFO, stdout, debugLog
+log4j.rootLogger=DEBUG, stdout, debugLog
 log4j.logger.log=ERROR, errorLog
 
 # Direct log messages to stdout