common EGIZ code-style refactoring

1 files changed, 364 insertions, 340 deletions

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
index 4cefcd8d..7a967d3f 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/auth/AbstractAuthenticationManager.java
@@ -1,29 +1,22 @@
-/*******************************************************************************
- * Copyright 2017 Graz University of Technology
- * EAAF-Core Components has been developed in a cooperation between EGIZ,  
- * A-SIT Plus, A-SIT, and Graz University of Technology.
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
  *
- * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
- * the European Commission - subsequent versions of the EUPL (the "Licence");
- * You may not use this work except in compliance with the Licence.
- * You may obtain a copy of the Licence at:
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
  * https://joinup.ec.europa.eu/news/understanding-eupl-v12
  *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the Licence is distributed on an "AS IS" basis,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the Licence for the specific language governing permissions and
- * limitations under the Licence.
- *  
- * This product combines work with different licenses. See the "NOTICE" text
- * file for details on the various modules and licenses.
- * The "NOTICE" text file is part of the distribution. Any derivative works
- * that you distribute must include a readable copy of the "NOTICE" text file.
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
-/*******************************************************************************
- *******************************************************************************/
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
 package at.gv.egiz.eaaf.core.impl.idp.auth;
 
 import java.io.IOException;
@@ -31,340 +24,371 @@ import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Enumeration;
 import java.util.List;
-
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
-import org.apache.commons.lang3.StringUtils;
-import org.apache.commons.text.StringEscapeUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-
 import at.gv.egiz.eaaf.core.api.IRequest;
 import at.gv.egiz.eaaf.core.api.IRequestStorage;
 import at.gv.egiz.eaaf.core.api.data.EAAFConstants;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IspConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.auth.IAuthenticationManager;
-import at.gv.egiz.eaaf.core.api.idp.auth.ISSOManager;
+import at.gv.egiz.eaaf.core.api.idp.auth.ISsoManager;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine;
 import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
-import at.gv.egiz.eaaf.core.exceptions.EAAFException;
-import at.gv.egiz.eaaf.core.exceptions.EAAFSSOException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafSsoException;
 import at.gv.egiz.eaaf.core.exceptions.NoPassivAuthenticationException;
 import at.gv.egiz.eaaf.core.exceptions.ProcessExecutionException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration;
 import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egiz.eaaf.core.impl.utils.TransactionIDUtils;
+import at.gv.egiz.eaaf.core.impl.utils.TransactionIdUtils;
+import org.apache.commons.lang3.StringUtils;
+import org.apache.commons.text.StringEscapeUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
 
 public abstract class AbstractAuthenticationManager implements IAuthenticationManager {
-	private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationManager.class);
-	
-	private static List<String> reqParameterWhiteListeForModules = new ArrayList<String>();
-	private static List<String> reqHeaderWhiteListeForModules = new ArrayList<String>();
-	
-	public static final String MOA_SESSION = "MoaAuthenticationSession";
-	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
-
-	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
-	
-	@Autowired(required=true) protected IConfiguration authConfig;
-	@Autowired(required=true) private ProcessEngine processEngine;	
-	@Autowired(required=true) private IRequestStorage requestStoreage;	
-	@Autowired(required=true) protected IRevisionLogger revisionsLogger;	
-	@Autowired(required=false) protected ISSOManager ssoManager;
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addParameterNameToWhiteList(java.lang.String)
-	 */
-	@Override
-	public final void addParameterNameToWhiteList(String httpReqParam) {
-		if (StringUtils.isNotEmpty(httpReqParam))
-			reqParameterWhiteListeForModules.add(httpReqParam);
-		
-	}
-	
-	/* (non-Javadoc)
-	 * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang.String)
-	 */
-	@Override
-	public final void addHeaderNameToWhiteList(String httpReqParam) {
-		if (StringUtils.isNotEmpty(httpReqParam))
-			reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
-		
-	}
-
-	/* (non-Javadoc)
-	 * @see at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang.String)
-	 */
-	@Override
-	public final boolean doAuthentication(HttpServletRequest httpReq, HttpServletResponse httpResp,
-			IRequest pendingReq) throws EAAFException {
-	
-		if (!(pendingReq instanceof RequestImpl)) {
-			log.error("Requests that need authentication MUST be of type 'RequestImpl'");
-			throw new RuntimeException("Requests that need authentication HAS TO BE of type 'RequestImpl'");
-			
-		}
-		
-		//load OA configuration from pending request
-		final ISPConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
-				
-		//set logging context and log unique OA identifier to revision log 
-		TransactionIDUtils.setServiceProviderId(oaParam.getUniqueIdentifier());
-		revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FOR_SP, pendingReq.getSPEntityId());
-						
-		//generic authentication request validation 
-		if (pendingReq.isPassiv() && pendingReq.forceAuth()) {
-			// conflict!
-			throw new NoPassivAuthenticationException();
-		}
-				
-		
-		//check Single Sign-On functionality if SSOManager is available
-		boolean isValidSSOSession = false; 
-		if (ssoManager != null) {
-			log.trace("SSOManager is loaded. Starting SSO session validation ... ");
-			//check if SSO is allowed for this service provider
-			ssoManager.isSSOAllowedForSP(pendingReq, httpReq);
-	
-			//check if SSO session is active and valid
-			isValidSSOSession = ssoManager.checkAndValidateSSOSession(pendingReq, httpReq, httpResp) &&
-					pendingReq.needSingleSignOnFunctionality();
-
-			
-		}
-				
-		//check if session is already authenticated
-		//boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq, isValidSSOSession);
-		//boolean isSessionAuthenticated = isValidSSOSession && StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier());
-		
-		
-		//force new authentication authentication process
-		if (pendingReq.forceAuth()) {	
-			startAuthenticationProcess(httpReq, httpResp, (RequestImpl) pendingReq);
-			return false;
-				
-		//perform SSO-Consents evaluation if it it required			
-		} else if (isValidSSOSession && pendingReq.isNeedUserConsent()) {						
-			sendSingleSignOnConsentsEvaluation(httpReq, httpResp, (RequestImpl) pendingReq);
-			return false;
-		
-			
-		} else if (pendingReq.isPassiv()) {
-			if (isValidSSOSession && 
-					StringUtils.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier()) ) {
-				// Passive authentication ok! --> Populate pending request from SSO session
-				ssoManager.populatePendingRequestWithSSOInformation(pendingReq);				
-				revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FINISHED);
-				return true;
-				
-			} else {				
-				throw new NoPassivAuthenticationException();
-				
-			}
-			
-		} else {
-			if (isValidSSOSession  && 
-					StringUtils.isNotEmpty(pendingReq.getInternalSSOSessionIdentifier())) {
-				// Is authenticated .. proceed
-				ssoManager.populatePendingRequestWithSSOInformation(pendingReq);
-				revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FINISHED);
-				return true;
-				
-			} else {
-				// Start authentication!
-				startAuthenticationProcess(httpReq, httpResp, (RequestImpl) pendingReq);
-				return false;
-				
-			}
-		}		
-	}
-
-	@Override
-	public final void performOnlyIDPLogOut(HttpServletRequest request, HttpServletResponse response, IRequest pendingReq) {		
-		
-		log.debug("Close session. Remove pending request ... ");
-		requestStoreage.removePendingRequest(pendingReq.getPendingRequestId());
-		
-		
-		if (ssoManager != null) {
-			try {
-				log.trace("'SSOManager' active. Search for active SSO sessions ...  ");						
-				if (ssoManager.destroySSOSessionOnIDPOnly(request, response, pendingReq))
-					log.info("SSO session successfully closed");
-				else
-					log.info("Closing SSO session NOT successfully");
-				
-			} catch (final EAAFSSOException e) {
-				log.warn("Destroying of SSO session FAILED. Reason: " + e.getMessage(), e);
-				
-			}
-						
-		}
-		
-	}
-	
-	/**
-	 * Populate process execution context and start process engine
-	 * 
-	 * @param httpReq
-	 * @param httpResp
-	 * @param pendingReq
-	 * @throws ServletException
-	 * @throws IOException
-	 * @throws EAAFException
-	 */
-	private void startAuthenticationProcess(HttpServletRequest httpReq,
-			HttpServletResponse httpResp, RequestImpl pendingReq)
-			throws EAAFException {
-				
-		log.info("Starting authentication ...");		
-		revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_STARTED);
-
-		//create authentication process execution context
-		final ExecutionContext executionContext = new ExecutionContextImpl();
-		
-		//set oaIdentifeir
-		executionContext.put(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID, 
-				pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());		
-		
-		//add X509 SSL client certificate if exist
-		if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) {
-			log.debug("Find SSL-client-certificate on request --> Add it to context");
-			executionContext.put(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, 
-					((X509Certificate[])httpReq.getAttribute("javax.servlet.request.X509Certificate")));
-			pendingReq.setRawDataToTransaction(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE, 
-					(httpReq.getAttribute("javax.servlet.request.X509Certificate")));
-			
-		}
-				
-		//add additional http request parameter to context
-		if (!reqParameterWhiteListeForModules.isEmpty()) {
-			final Enumeration<String> reqParamNames = httpReq.getParameterNames();
-			while(reqParamNames.hasMoreElements()) {
-				final String paramName = reqParamNames.nextElement();
-				if (StringUtils.isNotEmpty(paramName) &&  reqParameterWhiteListeForModules.contains(paramName) )
-					executionContext.put(paramName, StringEscapeUtils.escapeHtml4(httpReq.getParameter(paramName)));				
-			}			
-		}
-		
-		//add additional http request parameter to context
-		if (!reqHeaderWhiteListeForModules.isEmpty()) {
-			final Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
-			while(reqHeaderNames.hasMoreElements()) { 
-				final String paramName = reqHeaderNames.nextElement();
-				if (StringUtils.isNotEmpty(paramName) 
-						&& at.gv.egiz.eaaf.core.impl.utils.ArrayUtils.containsCaseInsensitive(paramName, reqHeaderWhiteListeForModules) 
-						//reqHeaderWhiteListeForModules.contains(paramName.toLowerCase())
-					)
-					executionContext.put(paramName.toLowerCase(), StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
-					
-			}			
-		}
-		
-
-		
-		//populate more IDP specific information to execution context
-		populateExecutionContext(executionContext, pendingReq, httpReq);
-				
-		//start process engine
-		startProcessEngine(pendingReq, executionContext);
-		
-	}
-	
-	/**
-	 * 
-	 * 
-	 * @throws EAAFException
-	 */
-	abstract protected void populateExecutionContext(ExecutionContext executionContext, 
-			RequestImpl pendingReq, HttpServletRequest httpReq) throws EAAFException;
-	
-	/**
-	 * Starting a user consent evaluation
-	 * 
-	 * @param request
-	 * @param response
-	 * @param pendingReq
-	 * @throws ServletException
-	 * @throws IOException
-	 * @throws EAAFException
-	 */
-	private void sendSingleSignOnConsentsEvaluation(HttpServletRequest request,
-			HttpServletResponse response, RequestImpl pendingReq)
-			throws EAAFException { 
-			
-			log.debug("Starting SSO user-consents evaluation ...");
-		
-			//set authenticated flag to false, because user consents is required
-			pendingReq.setAuthenticated(false);
-			
-			//create execution context
-			final ExecutionContext executionContext = new ExecutionContextImpl();
-			executionContext.put(ISSOManager.PROCESS_ENGINE_SSO_CONSENTS_EVALUATION, true);
-			
-			//start process engine
-			startProcessEngine(pendingReq, executionContext);
-		 
-	}
-	
-	
-	/**
-	 * Select a specific process and starting process engine
-	 * 
-	 * @param pendingReq
-	 * @param executionContext
-	 * @throws EAAFException
-	 */
-	private void startProcessEngine(RequestImpl pendingReq, ExecutionContext executionContext) throws EAAFException {
-		try {
-			//put pending-request ID on execurtionContext
-			executionContext.put(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID, pendingReq.getPendingRequestId());			
-			
-			// create process instance
-			final String processDefinitionId = ModuleRegistration.getInstance().selectProcess(executionContext, pendingReq);
-
-			if (processDefinitionId == null) {
-				log.warn("No suitable process found for PendingReqId " + pendingReq.getPendingRequestId() );
-				throw new EAAFException(
-						"process.02",
-						new Object[] {pendingReq.getPendingRequestId()});
-				
-			}
-
-			final String processInstanceId = processEngine.createProcessInstance(processDefinitionId, executionContext);
-
-			// keep process instance id in protocol pending-request
-			pendingReq.setProcessInstanceId(processInstanceId);
-
-			//store pending-request			
-			requestStoreage.storePendingRequest(pendingReq);
-									
-	    	// start process
-			processEngine.start(pendingReq);
-			
-		} catch (final ProcessExecutionException e) {
-			final Throwable cause = e.getCause();
-			if (cause != null && cause instanceof TaskExecutionException) {
-				final Throwable taskCause = cause.getCause();
-				if (taskCause != null && taskCause instanceof EAAFException) {
-					final EAAFException moaTaskCause = (EAAFException) taskCause;
-					log.warn(taskCause.getMessage(), taskCause);
-					throw moaTaskCause;
-				
-				}									
-			}
-			
-			throw new EAAFException(
-					"process.01", 
-					new Object[] { pendingReq.getProcessInstanceId(), pendingReq.getPendingRequestId() }, e);
-		}
-		
-	}	
+  private static final Logger log = LoggerFactory.getLogger(AbstractAuthenticationManager.class);
+
+  private static List<String> reqParameterWhiteListeForModules = new ArrayList<>();
+  private static List<String> reqHeaderWhiteListeForModules = new ArrayList<>();
+
+  public static final String MOA_SESSION = "MoaAuthenticationSession";
+  public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
+
+  public static final int SLOTIMEOUT = 30 * 1000; // 30 sec
+
+  @Autowired(required = true)
+  protected IConfiguration authConfig;
+  @Autowired(required = true)
+  private ProcessEngine processEngine;
+  @Autowired(required = true)
+  private IRequestStorage requestStoreage;
+  @Autowired(required = true)
+  protected IRevisionLogger revisionsLogger;
+  @Autowired(required = false)
+  protected ISsoManager ssoManager;
+  @Autowired ModuleRegistration moduleRegistration;
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see
+   * at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addParameterNameToWhiteList(java.lang
+   * .String)
+   */
+  @Override
+  public final void addParameterNameToWhiteList(final String httpReqParam) {
+    if (StringUtils.isNotEmpty(httpReqParam)) {
+      reqParameterWhiteListeForModules.add(httpReqParam);
+    }
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see
+   * at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang.
+   * String)
+   */
+  @Override
+  public final void addHeaderNameToWhiteList(final String httpReqParam) {
+    if (StringUtils.isNotEmpty(httpReqParam)) {
+      reqHeaderWhiteListeForModules.add(httpReqParam.toLowerCase());
+    }
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see
+   * at.gv.egiz.eaaf.core.impl.idp.auth.IAuthenticationManager#addHeaderNameToWhiteList(java.lang.
+   * String)
+   */
+  @Override
+  public final boolean doAuthentication(final HttpServletRequest httpReq,
+      final HttpServletResponse httpResp, final IRequest pendingReq) throws EaafException {
+
+    if (!(pendingReq instanceof RequestImpl)) {
+      log.error("Requests that need authentication MUST be of type 'RequestImpl'");
+      throw new RuntimeException(
+          "Requests that need authentication HAS TO BE of type 'RequestImpl'");
+
+    }
+
+    // load OA configuration from pending request
+    final IspConfiguration oaParam = pendingReq.getServiceProviderConfiguration();
+
+    // set logging context and log unique OA identifier to revision log
+    TransactionIdUtils.setServiceProviderId(oaParam.getUniqueIdentifier());
+    revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FOR_SP,
+        pendingReq.getSpEntityId());
+
+    // generic authentication request validation
+    if (pendingReq.isPassiv() && pendingReq.forceAuth()) {
+      // conflict!
+      throw new NoPassivAuthenticationException();
+    }
+
+
+    // check Single Sign-On functionality if SSOManager is available
+    boolean isValidSsoSession = false;
+    if (ssoManager != null) {
+      log.trace("SSOManager is loaded. Starting SSO session validation ... ");
+      // check if SSO is allowed for this service provider
+      ssoManager.isSsoAllowedForSp(pendingReq, httpReq);
+
+      // check if SSO session is active and valid
+      isValidSsoSession = ssoManager.checkAndValidateSsoSession(pendingReq, httpReq, httpResp)
+          && pendingReq.needSingleSignOnFunctionality();
+
+
+    }
+
+    // check if session is already authenticated
+    // boolean isSessionAuthenticated = tryPerformAuthentication((RequestImpl) pendingReq,
+    // isValidSSOSession);
+    // boolean isSessionAuthenticated = isValidSSOSession &&
+    // StringUtils.isNotEmpty(pendingReq.getSSOSessionIdentifier());
+
+
+    // force new authentication authentication process
+    if (pendingReq.forceAuth()) {
+      startAuthenticationProcess(httpReq, httpResp, (RequestImpl) pendingReq);
+      return false;
+
+      // perform SSO-Consents evaluation if it it required
+    } else if (isValidSsoSession && pendingReq.isNeedUserConsent()) {
+      sendSingleSignOnConsentsEvaluation(httpReq, httpResp, (RequestImpl) pendingReq);
+      return false;
+
+
+    } else if (pendingReq.isPassiv()) {
+      if (isValidSsoSession
+          && StringUtils.isNotEmpty(pendingReq.getInternalSsoSessionIdentifier())) {
+        // Passive authentication ok! --> Populate pending request from SSO session
+        ssoManager.populatePendingRequestWithSsoInformation(pendingReq);
+        revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FINISHED);
+        return true;
+
+      } else {
+        throw new NoPassivAuthenticationException();
+
+      }
+
+    } else {
+      if (isValidSsoSession
+          && StringUtils.isNotEmpty(pendingReq.getInternalSsoSessionIdentifier())) {
+        // Is authenticated .. proceed
+        ssoManager.populatePendingRequestWithSsoInformation(pendingReq);
+        revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_FINISHED);
+        return true;
+
+      } else {
+        // Start authentication!
+        startAuthenticationProcess(httpReq, httpResp, (RequestImpl) pendingReq);
+        return false;
+
+      }
+    }
+  }
+
+  @Override
+  public final void performOnlyIdpLogOut(final HttpServletRequest request,
+      final HttpServletResponse response, final IRequest pendingReq) {
+
+    log.debug("Close session. Remove pending request ... ");
+    requestStoreage.removePendingRequest(pendingReq.getPendingRequestId());
+
+
+    if (ssoManager != null) {
+      try {
+        log.trace("'SSOManager' active. Search for active SSO sessions ...  ");
+        if (ssoManager.destroySsoSessionOnIdpOnly(request, response, pendingReq)) {
+          log.info("SSO session successfully closed");
+        } else {
+          log.info("Closing SSO session NOT successfully");
+        }
+
+      } catch (final EaafSsoException e) {
+        log.warn("Destroying of SSO session FAILED. Reason: " + e.getMessage(), e);
+
+      }
+
+    }
+
+  }
+
+  /**
+   * Populate process execution context and start process engine.
+   *
+   * @param httpReq http request
+   * @param httpResp http response
+   * @param pendingReq current pending request
+   * @throws ServletException In case of a servlet error
+   * @throws IOException In case of an IO error
+   * @throws EaafException In case of EAAF processing error
+   */
+  private void startAuthenticationProcess(final HttpServletRequest httpReq,
+      final HttpServletResponse httpResp, final RequestImpl pendingReq) throws EaafException {
+
+    log.info("Starting authentication ...");
+    revisionsLogger.logEvent(pendingReq, EVENT_AUTHENTICATION_PROCESS_STARTED);
+
+    // create authentication process execution context
+    final ExecutionContext executionContext = new ExecutionContextImpl();
+
+    // set oaIdentifeir
+    executionContext.put(EAAFConstants.PROCESS_ENGINE_SERVICE_PROVIDER_ENTITYID,
+        pendingReq.getServiceProviderConfiguration().getUniqueIdentifier());
+
+    // add X509 SSL client certificate if exist
+    if (httpReq.getAttribute("javax.servlet.request.X509Certificate") != null) {
+      log.debug("Find SSL-client-certificate on request --> Add it to context");
+      executionContext.put(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE,
+          ((X509Certificate[]) httpReq.getAttribute("javax.servlet.request.X509Certificate")));
+      pendingReq.setRawDataToTransaction(EAAFConstants.PROCESS_ENGINE_SSL_CLIENT_CERTIFICATE,
+          (httpReq.getAttribute("javax.servlet.request.X509Certificate")));
+
+    }
+
+    // add additional http request parameter to context
+    if (!reqParameterWhiteListeForModules.isEmpty()) {
+      final Enumeration<String> reqParamNames = httpReq.getParameterNames();
+      while (reqParamNames.hasMoreElements()) {
+        final String paramName = reqParamNames.nextElement();
+        if (StringUtils.isNotEmpty(paramName)
+            && reqParameterWhiteListeForModules.contains(paramName)) {
+          executionContext.put(paramName,
+              StringEscapeUtils.escapeHtml4(httpReq.getParameter(paramName)));
+        }
+      }
+    }
+
+    // add additional http request parameter to context
+    if (!reqHeaderWhiteListeForModules.isEmpty()) {
+      final Enumeration<String> reqHeaderNames = httpReq.getHeaderNames();
+      while (reqHeaderNames.hasMoreElements()) {
+        final String paramName = reqHeaderNames.nextElement();
+        if (StringUtils.isNotEmpty(paramName) && at.gv.egiz.eaaf.core.impl.utils.ArrayUtils
+            .containsCaseInsensitive(paramName, reqHeaderWhiteListeForModules)
+        // reqHeaderWhiteListeForModules.contains(paramName.toLowerCase())
+        ) {
+          executionContext.put(paramName.toLowerCase(),
+              StringEscapeUtils.escapeHtml4(httpReq.getHeader(paramName)));
+        }
+
+      }
+    }
+
+
+
+    // populate more IDP specific information to execution context
+    populateExecutionContext(executionContext, pendingReq, httpReq);
+
+    // start process engine
+    startProcessEngine(pendingReq, executionContext);
+
+  }
+
+  /**
+   * Add additional parameters into context of process-engine.
+   *
+   * @param executionContext Process-engine context
+   * @param pendingReq Current pending request
+   * @param httpReq http request
+   *
+   * @throws EaafException In case of an error
+   */
+  protected abstract void populateExecutionContext(ExecutionContext executionContext,
+      RequestImpl pendingReq, HttpServletRequest httpReq) throws EaafException;
+
+  /**
+   * Starting a user consent evaluation.
+   *
+   * @param request http request
+   * @param response http response
+   * @param pendingReq current pending request
+   * @throws ServletException In case of a servlet error
+   * @throws IOException In case of an IO error
+   * @throws EaafException In case of a EAAF processing error
+   */
+  private void sendSingleSignOnConsentsEvaluation(final HttpServletRequest request,
+      final HttpServletResponse response, final RequestImpl pendingReq) throws EaafException {
+
+    log.debug("Starting SSO user-consents evaluation ...");
+
+    // set authenticated flag to false, because user consents is required
+    pendingReq.setAuthenticated(false);
+
+    // create execution context
+    final ExecutionContext executionContext = new ExecutionContextImpl();
+    executionContext.put(ISsoManager.PROCESS_ENGINE_SSO_CONSENTS_EVALUATION, true);
+
+    // start process engine
+    startProcessEngine(pendingReq, executionContext);
+
+  }
+
+
+  /**
+   * Select a specific process and starting process engine.
+   *
+   * @param pendingReq current pending request
+   * @param executionContext current context for process-engine
+   * @throws EaafException In case of an process-engine error
+   */
+  private void startProcessEngine(final RequestImpl pendingReq,
+      final ExecutionContext executionContext) throws EaafException {
+    try {
+      // put pending-request ID on execurtionContext
+      executionContext.put(EAAFConstants.PROCESS_ENGINE_PENDINGREQUESTID,
+          pendingReq.getPendingRequestId());
+
+      // create process instance
+      final String processDefinitionId =
+          moduleRegistration.selectProcess(executionContext, pendingReq);
+
+      if (processDefinitionId == null) {
+        log.warn("No suitable process found for PendingReqId " + pendingReq.getPendingRequestId());
+        throw new EaafException("process.02", new Object[] {pendingReq.getPendingRequestId()});
+
+      }
+
+      final String processInstanceId =
+          processEngine.createProcessInstance(processDefinitionId, executionContext);
+
+      // keep process instance id in protocol pending-request
+      pendingReq.setProcessInstanceId(processInstanceId);
+
+      // store pending-request
+      requestStoreage.storePendingRequest(pendingReq);
+
+      // start process
+      processEngine.start(pendingReq);
+
+    } catch (final ProcessExecutionException e) {
+      final Throwable cause = e.getCause();
+      if (cause != null && cause instanceof TaskExecutionException) {
+        final Throwable taskCause = cause.getCause();
+        if (taskCause != null && taskCause instanceof EaafException) {
+          final EaafException moaTaskCause = (EaafException) taskCause;
+          log.warn(taskCause.getMessage(), taskCause);
+          throw moaTaskCause;
+
+        }
+      }
+
+      throw new EaafException("process.01",
+          new Object[] {pendingReq.getProcessInstanceId(), pendingReq.getPendingRequestId()}, e);
+    }
+
+  }
 }