Having content negotiation with more than just JSON content
might follow REST principles.

All entities annotated with e.g. @XmlRootElement can be send as XML data.
This requires client to send Accept header with value "application/json"
to fetch JSON responses.
Default Accept header send by client is something like:
"text/html,application/xhtml+xml,application/xml"
which requests an XML document, not JSON document but JSON is expected.

This should enable annotation based cache-control header values.
Added a cache max age of 60 seconds to statistics resource. Proxy-Servers
should cache a statistics resource for about 60 seconds.

With this patch all feedbacks will be stored in memory without any
interaction with CouchDB. Due to in memory storage, all feedbacks will
be removed if server gets restartet.

Depending on new requests, feedbacks will be deleted after some time. 

add type of user account
adjust test for new user account type
UserServiceTest which test persistence of the maps

Use this method to implement further checks on session membership.
The old HTTP code assert should never be reached because an
UnauthroizedException should have been thrown first.

This checks if there is a user in current security context. If not, an
UnauthorizedException is thrown which will result in HTTP - 401.

This patch uses AbstractController class to add exception handlers
into controllers. These handlers are used to detect some runtime exceptions
which can be thrown in any layer e.g. DAO or service layer.
They recognize NotFoundException and ForbiddenException. Test classes are
able to check if any of these exceptions are thrown during runtime.

If a session was not found in database this will result in http 404,
if the session is not accessable for the current user the request will
result in http 403.

The old behavior was to check for null. This was the response if the
session was not found or the current user could not access this session
(not owner and inactive sessions). Both ended up with http 404 - not found.

Old tests are ignored because they allways fail with unknown reason.
The new tests are very simple and there is a lot of work to be done to
have a fully tested application.