Execption messages in API responses is disabled by default because they
can contain sensitive data. The config property
`api.expose-exception-messages` has been added and is described in the
developer documentation.

Error responses now expose exception details.

Exeption handling was broken by
56fe085e (GH-27).

Readd an empty constructor for deserialization with Jackson. It was
accidentally removed a part of a code clean up in commit
685695a6.

Additionally, removed unused empty constructor

Additionally, made first use of it in CouchDBDao.

Additionally, remove unused loggers.

Robin Drangmeister authored 8 years ago and Daniel Gerhardt committed 8 years ago

This fixes WebSocket communication for course sessions. (dg)

Refs GH-40.

Changed `security.facebook.enabled-roles` to
`security.facebook.allowed-roles`.

* Remove unused code
* Optimize imports (group 10+ and static imports)
* Remove redundant variable assignments
* Replace explicit type parameters with <>
* Remove redundant catch blocks
* Use varargs instead of explicit array instantiation
* Weaken visibility of methods and fields
* Simplify conditions
* Do not use StringBuilder for simple concatenations
* Fix code style
* Remove invalid Javadoc

Bulk deletes run by periodic clean ups might fail when run for the first
time or after and there are a lot of documents accumulated

Lists of documents for deletion are now partitioned into sub lists with
a maximum of 500 elements using Google Guava.

Stagemonitor and its dependencies are no longer included in builds. To
enable Stagemonitor in production, the libraries must be provided by the
host system. Additionally, the Java Servlet container needs to be setup
to load these additional dependencies for the web app.

For Tomcat 8 this is done by setting up a context config file in
conf/Catalina/localhost/<context path>.xml with the following content:

    <Context>
      <Resources className="org.apache.catalina.webresources.StandardRoot">
        <JarResources className="org.apache.catalina.webresources.DirResourceSet"
            base="<path to Stagemonitor JARs>"
            webAppMount="/WEB-INF/lib">
        </JarResources>
      </Resources>
    </Context>

See https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html for
more configuration options.

Questions and answers of affected sessions are now deleted.

Lists of visited sessions for guest users which have not been active for
a fixed amount of time are now automatically deleted.

The cleanup is now disabled by default and can be set up by uncommenting
the configuration parameter `session.guest-session.cleanup-days`.

This reverts commit 3e969181.

This reverts commit 5f5699c5.

The backend wrongly trusted user input allowing the circumvention of
access control checks.