refactor(core): move all project libs into sub-project 'modules'

15 files changed, 1863 insertions, 0 deletions

diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/SpringContextCloseHandler.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/SpringContextCloseHandler.java
new file mode 100644
index 00000000..81f23841
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/SpringContextCloseHandler.java
@@ -0,0 +1,170 @@
+package at.asitplus.eidas.specific.core;
+
+import java.util.Iterator;
+import java.util.Map;
+import java.util.Map.Entry;
+
+import org.slf4j.Logger;
+import org.springframework.beans.BeansException;
+import org.springframework.beans.factory.config.BeanPostProcessor;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextClosedEvent;
+import org.springframework.context.event.EventListener;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskExecutor;
+import org.springframework.scheduling.concurrent.ThreadPoolTaskScheduler;
+
+import at.gv.egiz.components.spring.api.IDestroyableObject;
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+
+/**
+ * SpringContext CloseHandler.
+ *
+ * @author tlenz
+ *
+ */
+
+public class SpringContextCloseHandler
+    implements ApplicationListener<ContextClosedEvent>, ApplicationContextAware, BeanPostProcessor {
+
+  private static final Logger log =
+      org.slf4j.LoggerFactory.getLogger(SpringContextCloseHandler.class);
+
+  private ApplicationContext context;
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see org.springframework.context.ApplicationListener#onApplicationEvent(org.
+   * springframework.context. ApplicationEvent)
+   */
+  @Override
+  @EventListener
+  public void onApplicationEvent(final ContextClosedEvent arg0) {
+    log.info("MS-specific eIDAS-Node shutdown process started ...");
+
+    try {
+      log.debug("CleanUp objects with implements the IDestroyable interface ... ");
+      final Map<String, IDestroyableObject> objectsToDestroy =
+          context.getBeansOfType(IDestroyableObject.class);
+      internalIDestroyableObject(objectsToDestroy);
+      log.info("Object cleanUp complete");
+
+      log.debug("Stopping Spring Thread-Pools ... ");
+      // shut-down task schedulers
+      final Map<String, ThreadPoolTaskScheduler> schedulers =
+          context.getBeansOfType(ThreadPoolTaskScheduler.class);
+      internalThreadPoolTaskScheduler(schedulers);
+
+      // shut-down task executors
+      final Map<String, ThreadPoolTaskExecutor> executers =
+          context.getBeansOfType(ThreadPoolTaskExecutor.class);
+      internalThreadPoolTaskExecutor(executers);
+      log.debug("Spring Thread-Pools stopped");
+      
+      
+      //clean-up eIDAS node
+      Map<String, IgniteInstanceInitializerSpecificCommunication> nodeIgnite = 
+          context.getBeansOfType(IgniteInstanceInitializerSpecificCommunication.class);
+      log.info("Find #{} Apache Ignite instances from eIDAS Ref. impl.", nodeIgnite.size());
+      for (Entry<String, IgniteInstanceInitializerSpecificCommunication> el : nodeIgnite.entrySet()) {
+        if (el.getValue().getInstance() != null) {
+          el.getValue().getInstance().close();
+          el.getValue().destroyInstance();
+          log.debug("Shutdown Apache-Ignite: {}", el.getKey());
+          
+        }        
+      }
+            
+      log.info("MS-specific eIDAS-Node shutdown process finished");
+
+    } catch (final Exception e) {
+      log.warn("MS-specific eIDAS-Node shutdown process has an error.", e);
+
+    }
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see org.springframework.beans.factory.config.BeanPostProcessor#
+   * postProcessAfterInitialization(java. lang.Object, java.lang.String)
+   */
+  @Override
+  public Object postProcessAfterInitialization(final Object arg0, final String arg1)
+      throws BeansException {
+    if (arg0 instanceof ThreadPoolTaskScheduler) {
+      ((ThreadPoolTaskScheduler) arg0).setWaitForTasksToCompleteOnShutdown(true);
+    }
+    if (arg0 instanceof ThreadPoolTaskExecutor) {
+      ((ThreadPoolTaskExecutor) arg0).setWaitForTasksToCompleteOnShutdown(true);
+    }
+    return arg0;
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see org.springframework.beans.factory.config.BeanPostProcessor#
+   * postProcessBeforeInitialization(java .lang.Object, java.lang.String)
+   */
+  @Override
+  public Object postProcessBeforeInitialization(final Object arg0, final String arg1)
+      throws BeansException {
+    return arg0;
+
+  }
+
+  /*
+   * (non-Javadoc)
+   *
+   * @see
+   * org.springframework.context.ApplicationContextAware#setApplicationContext(org
+   * .springframework. context.ApplicationContext)
+   */
+  @Override
+  public void setApplicationContext(final ApplicationContext arg0) throws BeansException {
+    this.context = arg0;
+
+  }
+
+  private void internalThreadPoolTaskExecutor(final Map<String, ThreadPoolTaskExecutor> executers) {
+    for (final ThreadPoolTaskExecutor executor : executers.values()) {
+      executor.shutdown();
+      log.debug("Executer {} with active {} work has killed", executor.getThreadNamePrefix(),
+          executor.getActiveCount());
+
+    }
+
+  }
+
+  // Not required at the moment
+  private void internalThreadPoolTaskScheduler(
+      final Map<String, ThreadPoolTaskScheduler> schedulers) {
+    log.trace("Stopping #{} task-schedulers", schedulers.size());
+    
+  }
+
+  private void internalIDestroyableObject(final Map<String, IDestroyableObject> objectsToDestroy) {
+    if (objectsToDestroy != null) {
+      final Iterator<Entry<String, IDestroyableObject>> interator =
+          objectsToDestroy.entrySet().iterator();
+      while (interator.hasNext()) {
+        final Entry<String, IDestroyableObject> object = interator.next();
+        try {
+          object.getValue().fullyDestroy();
+          log.debug("Object with ID: {} is destroyed", object.getKey());
+
+        } catch (final Exception e) {
+          log.warn("Destroing object with ID: {} FAILED!", object.getKey(), null, e);
+
+        }
+      }
+    }
+
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/auth/AuthenticationManager.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/auth/AuthenticationManager.java
new file mode 100644
index 00000000..6be1f0ba
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/auth/AuthenticationManager.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.auth;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.api.idp.slo.ISloInformationContainer;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.AbstractAuthenticationManager;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+
+@Service("AuthenticationManager")
+public class AuthenticationManager extends AbstractAuthenticationManager {
+  private static final Logger log = LoggerFactory.getLogger(AuthenticationManager.class);
+
+  @Override
+  public ISloInformationContainer performSingleLogOut(HttpServletRequest httpReq,
+      HttpServletResponse httpResp,
+      IRequest pendingReq, String internalSsoId) throws EaafException {
+    throw new RuntimeException("Single LogOut is NOT supported by this implementation");
+
+  }
+
+  @Override
+  protected void populateExecutionContext(ExecutionContext executionContext,
+      RequestImpl pendingReq, HttpServletRequest httpReq)
+      throws EaafException {
+    log.trace("No implementation-specific population of execution-context required ... ");
+
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
new file mode 100644
index 00000000..e5937b99
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/builder/AuthenticationDataBuilder.java
@@ -0,0 +1,255 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.core.builder;
+
+import java.util.Date;
+import java.util.Optional;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+import org.springframework.stereotype.Service;
+
+import com.google.common.collect.Streams;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions.EidIdentityStatusLevelValues;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IAuthProcessDataContainer;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.EidAuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.AbstractAuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.EidAuthProcessDataWrapper;
+import lombok.extern.slf4j.Slf4j;
+
+@Service("AuthenticationDataBuilder")
+@Slf4j
+public class AuthenticationDataBuilder extends AbstractAuthenticationDataBuilder {
+  
+  private static final String ERROR_B11 = "builder.11";
+
+  @Override
+  protected IAuthData buildDeprecatedAuthData(IRequest pendingReq) throws EaafException {
+    final EidAuthProcessDataWrapper authProcessData =
+        pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+    final EidAuthenticationData authData = new EidAuthenticationData();
+
+    // set basis infos
+    super.generateDeprecatedBasicAuthData(authData, pendingReq, authProcessData);
+
+    // set specific informations
+    authData.setSsoSessionValidTo(
+        new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+
+    authData.setEidStatus(authProcessData.isTestIdentity()
+        ? EidIdentityStatusLevelValues.TESTIDENTITY
+        : EidIdentityStatusLevelValues.IDENTITY);
+
+    return authData;
+
+  }
+
+  @Override
+  protected void buildServiceSpecificAuthenticationData(IAuthData authData, IRequest pendingReq)
+      throws EaafException {
+    if (authData instanceof EidAuthenticationData) {
+      ((EidAuthenticationData) authData).setGenericData(
+          ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME,
+          pendingReq.getUniquePiiTransactionIdentifier());
+      log.trace("Inject piiTransactionId: {} into AuthData", pendingReq.getUniquePiiTransactionIdentifier());
+
+      // set specific informations
+      ((EidAuthenticationData) authData).setSsoSessionValidTo(
+          new Date(new Date().getTime() + MsEidasNodeConstants.DEFAULT_PVP_ASSERTION_VALIDITY * 60 * 1000));
+
+      // set E-ID status-level
+      final EidAuthProcessDataWrapper authProcessData =
+          pendingReq.getSessionData(EidAuthProcessDataWrapper.class);
+      ((EidAuthenticationData) authData).setEidStatus(authProcessData.isTestIdentity()
+          ? EidIdentityStatusLevelValues.TESTIDENTITY
+          : EidIdentityStatusLevelValues.IDENTITY);
+
+      // handle mandate informations
+      buildMandateInformation((EidAuthenticationData) authData, pendingReq, authProcessData);
+
+    } else {
+      throw new RuntimeException("Can not inject PiiTransactionId because AuthData is of unknown type: "
+          + authData.getClass().getName());
+
+    }
+
+  }
+
+  @Override
+  protected IAuthData getAuthDataInstance(IRequest arg0) throws EaafException {
+    return new EidAuthenticationData();
+
+  }
+
+  @Override
+  protected Pair<String, String> buildOAspecificbPK(IRequest pendingReq, AuthenticationData authData)
+      throws EaafBuilderException {
+    return super.buildOAspecificbPK(pendingReq, authData);
+
+  }
+
+  @Override
+  protected Pair<String, String> getEncryptedBpkFromPvpAttribute(IAuthProcessDataContainer arg0,
+      AuthenticationData arg1, ISpConfiguration arg2) throws EaafBuilderException {
+    return null;
+
+  }
+
+  @Override
+  protected Pair<String, String> getbaseIdFromSzr(AuthenticationData arg0, String arg1, String arg2) {
+    return null;
+
+  }
+
+  private void buildMandateInformation(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    authData.setUseMandate(authProcessData.isMandateUsed());
+    if (authProcessData.isMandateUsed()) {
+      log.debug("Build mandate-releated authentication data ... ");
+      if (authProcessData.isForeigner()) {
+        buildMandateInformationForEidasIncoming();
+
+      } else {
+        buildMandateInformationForEidasOutgoing(authData, pendingReq, authProcessData);
+
+      }
+
+      // inject mandate information into authdata
+      final Set<String> mandateAttributes = Streams.concat(
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream(),
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream())
+          .map(el -> el.getFirst())
+          .collect(Collectors.toSet());
+
+      authProcessData.getGenericSessionDataStream()
+          .filter(el -> mandateAttributes.contains(el.getKey()))
+          .forEach(el -> {
+            try {
+              authData.setGenericData(el.getKey(), el.getValue());
+
+            } catch (final EaafStorageException e) {
+              log.error("Can not store attribute: {} into session.", el.getKey(), e);
+              throw new RuntimeException(e);
+
+            }
+          });
+    }
+  }
+
+  private void buildMandateInformationForEidasIncoming() {
+    log.debug("Find eIDAS incoming process. Generated mandate-information for ID-Austria system ... ");
+
+    // TODO: implement IDA specific processing of foreign mandate
+
+  }
+
+  private void buildMandateInformationForEidasOutgoing(EidAuthenticationData authData, IRequest pendingReq,
+      EidAuthProcessDataWrapper authProcessData) throws EaafAuthenticationException, EaafBuilderException,
+      EaafStorageException {
+    log.debug("Find eIDAS outgoing process. Generated mandate-information for other country ... ");
+    if (authProcessData.getGenericDataFromSession(
+        PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME) != null) {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_NAT_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for nat. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Nat. person mandate" });
+
+      } else {
+        log.trace("Find nat. person mandate. Mandate can be used as it is ");
+        authData.setGenericData(MsEidasNodeConstants.ATTR_EIDAS_NAT_MANDATOR_PERSONAL_IDENTIFIER,
+            extractBpkFromResponse(authProcessData.getGenericDataFromSession(
+                PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)));
+
+      }
+
+    } else {
+      final Optional<Triple<String, String, Boolean>> missingAttribute =
+          MsEidasNodeConstants.DEFAULT_REQUIRED_MANDATE_JUR_PVP_ATTRIBUTES.stream()
+              .filter(el -> authProcessData.getGenericDataFromSession(el.getFirst()) == null)
+              .findFirst();
+      if (missingAttribute.isPresent()) {
+        log.error("ID-Austria response contains not all attributes for legal. person mandator. Missing: {}",
+            missingAttribute.get().getFirst());
+        throw new EaafAuthenticationException(ERROR_B11, new Object[] { "Legal. person mandate" });
+
+      } else {
+        log.trace(
+            "Find jur. person mandate. Generate eIDAS identifier from legal-person sourcePin and type ... ");
+        final String sourcePin = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class);
+        final String sourcePinType = authProcessData.getGenericDataFromSession(
+            PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class);
+
+        // build leagl-person identifier for eIDAS out-going 
+        final String[] splittedTarget =  
+            pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier().split("\\+");       
+        StringBuilder sb = new StringBuilder();
+        sb.append(splittedTarget[1])
+          .append("/")
+          .append(splittedTarget[2])
+          .append("/")
+          .append(sourcePinType)
+          .append("+")
+          .append(sourcePin);
+                
+        log.debug("Use legal-person eIDAS identifer: {} from baseId: {} and baseIdType: {}",
+            sb.toString(), sourcePin, sourcePinType);
+        authData.setGenericData(MsEidasNodeConstants.ATTR_EIDAS_JUR_MANDATOR_PERSONAL_IDENTIFIER, sb.toString());
+
+      }
+    }
+  }
+
+  private String extractBpkFromResponse(String pvpBpkAttrValue) {
+    final String[] split = pvpBpkAttrValue.split(":", 2);
+    if (split.length == 2) {
+      return split[1];
+
+    } else {
+      log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
+      return pvpBpkAttrValue;
+
+    }
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/config/StaticResourceConfiguration.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/config/StaticResourceConfiguration.java
new file mode 100644
index 00000000..06377c3f
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/config/StaticResourceConfiguration.java
@@ -0,0 +1,220 @@
+/*
+ * Copyright 2019 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+package at.asitplus.eidas.specific.core.config;
+
+import java.net.MalformedURLException;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.support.ReloadableResourceBundleMessageSource;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.i18n.CookieLocaleResolver;
+import org.thymeleaf.templateresolver.FileTemplateResolver;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+import at.gv.egiz.eaaf.core.impl.utils.FileUtils;
+
+/**
+ * Spring configurator for Web resources.
+ * 
+ * @author tlenz
+ *
+ */
+@Configuration
+public class StaticResourceConfiguration implements WebMvcConfigurer {
+  private static final Logger log = LoggerFactory.getLogger(StaticResourceConfiguration.class);
+  private static final String[] CLASSPATH_RESOURCE_LOCATIONS = {
+      "/"
+  };
+
+  private static final String DEFAULT_MESSAGE_SOURCE = "classpath:properties/status_messages";
+
+  @Autowired
+  private IConfiguration basicConfig;
+
+  @Override
+  public void addResourceHandlers(ResourceHandlerRegistry registry) {
+    final String staticResources = basicConfig.getBasicConfiguration(
+        MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_STATIC_PATH);
+    try {
+      if (StringUtils.isNotEmpty(staticResources)) {
+        String absPath = FileUtils.makeAbsoluteUrl(staticResources, basicConfig
+            .getConfigurationRootDirectory());
+        if (!absPath.endsWith("/")) {
+          absPath += "/";
+        }
+
+        registry.addResourceHandler("/static/**").addResourceLocations(absPath);
+        log.info("Add Ressourcefolder: " + absPath + " for static Web content");
+
+      } else {
+        log.debug("No Ressourcefolder for static Web content");
+      }
+
+    } catch (final MalformedURLException e) {
+      log.warn("Can NOT initialize ressourcefolder for static Web content", e);
+
+    }
+
+    registry.addResourceHandler("/**").addResourceLocations(CLASSPATH_RESOURCE_LOCATIONS);
+
+  }
+
+  /**
+   * Get a message source with only internal message properties.
+   *
+   * @param ressourceLocations List of source-locations
+   * @return
+   */
+  @Bean
+  public ReloadableResourceBundleMessageSource internalMessageSource(
+      @Autowired(required = false) final List<IMessageSourceLocation> ressourceLocations) {
+    final ReloadableResourceBundleMessageSource messageSource =
+        new ReloadableResourceBundleMessageSource();
+
+    // add default message source
+    messageSource.setBasename(DEFAULT_MESSAGE_SOURCE);
+
+    if (ressourceLocations != null) {
+      // load more message sources
+      for (final IMessageSourceLocation el : ressourceLocations) {
+        if (el.getMessageSourceLocation() != null) {
+          for (final String source : el.getMessageSourceLocation()) {
+            messageSource.addBasenames(source);
+            log.debug("Add additional messageSources: {}", el.getMessageSourceLocation().toArray());
+
+          }
+        }
+      }
+    }
+
+    messageSource.setDefaultEncoding("UTF-8");
+    return messageSource;
+
+  }
+
+  /**
+   * Get full message source with internal and external message-properties files.
+   *
+   * @param ressourceLocations List of source-locations
+   * @return
+   */
+  @Bean
+  public ReloadableResourceBundleMessageSource messageSource(
+      @Autowired(required = false) final List<IMessageSourceLocation> ressourceLocations) {
+    final ReloadableResourceBundleMessageSource messageSource =
+        new ReloadableResourceBundleMessageSource();
+    messageSource.setDefaultEncoding("UTF-8");
+    messageSource.setParentMessageSource(internalMessageSource(ressourceLocations));
+
+    final String staticResources = basicConfig
+        .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_PROPERTIES_PATH);
+    try {
+      if (StringUtils.isNotEmpty(staticResources)) {
+        final String absPath =
+            FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory());
+        messageSource.setBasename(absPath);
+
+      } else {
+        log.debug("No Ressourcefolder for dynamic Web content templates");
+
+      }
+
+    } catch (final MalformedURLException e) {
+      log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e);
+
+    }
+
+    return messageSource;
+
+  }
+    
+  /**
+   * Get a i18n resolver based on cookies.
+   *
+   * @return
+   */
+  @Bean
+  public CookieLocaleResolver localeResolver() {
+    final CookieLocaleResolver localeResolver = new CookieLocaleResolver();
+    localeResolver.setCookieName("currentLanguage");
+    localeResolver.setCookieMaxAge(3600);
+    return localeResolver;
+    
+  }
+  
+  /**
+   * Get a Tyhmeleaf Template-Resolver with external configuration path.
+   *
+   * @return
+   */
+  @Bean(name = "templateResolver")
+  public FileTemplateResolver templateResolver() {
+    final String staticResources = basicConfig
+        .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_WEBCONTENT_TEMPLATES_PATH);
+    try {
+      if (StringUtils.isNotEmpty(staticResources)) {
+        String absPath =
+            FileUtils.makeAbsoluteUrl(staticResources, basicConfig.getConfigurationRootDirectory());
+        if (!absPath.endsWith("/")) {
+          absPath += "/";
+
+        }
+
+        if (absPath.startsWith("file:")) {
+          absPath = absPath.substring("file:".length());
+
+        }
+
+        final FileTemplateResolver viewResolver = new FileTemplateResolver();
+        viewResolver.setPrefix(absPath);
+        viewResolver.setSuffix(".html");
+        viewResolver.setTemplateMode("HTML");
+        viewResolver.setCacheable(false);
+
+        log.info("Add Ressourcefolder: {} for dynamic Web content templates", absPath);
+        return viewResolver;
+
+      } else {
+        log.debug("No Ressourcefolder for dynamic Web content templates");
+
+      }
+
+    } catch (final MalformedURLException e) {
+      log.warn("Can NOT initialize ressourcefolder for dynamic Web content templates", e);
+
+    }
+
+    throw new RuntimeException("Can NOT initialize HTML template resolver");
+
+  }
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/EidasNodeMetadataHealthIndicator.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/EidasNodeMetadataHealthIndicator.java
new file mode 100644
index 00000000..754fe9ab
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/EidasNodeMetadataHealthIndicator.java
@@ -0,0 +1,69 @@
+package at.asitplus.eidas.specific.core.health;
+
+import java.io.ByteArrayInputStream;
+
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.http.StatusLine;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpUriRequest;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.entity.ContentType;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.HealthIndicator;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Triple;
+import at.gv.egiz.eaaf.core.impl.http.HttpUtils;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class EidasNodeMetadataHealthIndicator implements HealthIndicator {
+
+  @Autowired IConfiguration config;
+  @Autowired IHttpClientFactory httpClientFactory;
+  
+  @Override
+  public Health health() {
+    try {
+      final String urlString = config.getBasicConfiguration(
+          MsEidasNodeConstants.PROP_CONFIG_MONITORING_EIDASNODE_METADATAURL);
+      if (StringUtils.isEmpty(urlString)) {
+        log.trace("No eIDASNode metadata URL. Skipping test ... ");
+        return Health.unknown().build();
+
+      }
+
+      // create HTTP client
+      CloseableHttpClient httpClient = httpClientFactory.getHttpClient();      
+      URIBuilder uriBuilder = new URIBuilder(urlString);      
+      HttpUriRequest request = new HttpGet(uriBuilder.build());
+
+      final Triple<StatusLine, ByteArrayInputStream, ContentType> respCode = httpClient.execute(request,
+          HttpUtils.bodyStatusCodeResponseHandler());
+      if (respCode.getFirst().getStatusCode() != 200) {
+        log.warn("Monitoring: Get http StatusCode: {} from eIDAS-Node Metadata endpoint", 
+            respCode.getFirst().getStatusCode());
+        return Health.down().withDetail("http StatusCode", respCode.getFirst().getStatusCode()).build();
+
+      }
+
+      // parse metadata
+      DomUtils.parseXmlNonValidating(respCode.getSecond());
+
+      return Health.up().build();
+
+    } catch (Exception | TransformerFactoryConfigurationError e) {
+      log.warn("Monitoring: Can not read SAML2 metadata from eIDAS-Node", e);
+      return Health.down().down(e).build();
+
+    }
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/IgniteClusterHealthIndicator.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/IgniteClusterHealthIndicator.java
new file mode 100644
index 00000000..651f9125
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/health/IgniteClusterHealthIndicator.java
@@ -0,0 +1,52 @@
+package at.asitplus.eidas.specific.core.health;
+
+import org.apache.ignite.Ignite;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.HealthIndicator;
+
+import eu.eidas.auth.cache.IgniteInstanceInitializerSpecificCommunication;
+import lombok.Setter;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * HealthCheck that validate Nodes in Apache-Ignite Cluster.
+ * 
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class IgniteClusterHealthIndicator implements HealthIndicator {
+
+  @Setter
+  protected IgniteInstanceInitializerSpecificCommunication igniteInstanceInitializerSpecificCommunication;
+
+  @Override
+  public Health health() {
+    final Ignite instance = igniteInstanceInitializerSpecificCommunication.getInstance();
+
+    // check if Apache Ignite cluster is active
+    if (!instance.cluster().active()) {
+      return Health.outOfService().build();
+
+    }
+
+    final Health.Builder healthBuilder;
+    // Status UP requires more than 1 node because MS-Connector and eIDAS-Node operations as
+    // micro-services
+    if (instance.cluster().nodes().size() > 1) {
+      healthBuilder = Health.up();
+
+    } else {
+      // Something looks wrong if only a single node was found because MS-Connector and eIDAS-Node
+      // operations as micro-services
+      healthBuilder = Health.outOfService();
+
+    }
+
+    healthBuilder.withDetail("#Nodes", instance.cluster().nodes().size());
+    log.trace("Ignite state. #Nodes: {}", instance.cluster().nodes().size());
+    return healthBuilder.build();
+
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java
new file mode 100644
index 00000000..f665be51
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/interceptor/WebFrontEndSecurityInterceptor.java
@@ -0,0 +1,90 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.interceptor;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+/**
+ * Spring interceptor to inject securtiy headers into http response.
+ * 
+ * @author tlenz
+ *
+ */
+public class WebFrontEndSecurityInterceptor implements HandlerInterceptor {
+
+  /*
+   * (non-Javadoc)
+   * 
+   * @see
+   * org.springframework.web.servlet.HandlerInterceptor#preHandle(javax.servlet.
+   * http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+   * java.lang.Object)
+   */
+  @Override
+  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+      throws Exception {
+
+    // set security headers
+    response.setHeader("Expires", "Sat, 6 May 1995 12:00:00 GMT");
+    response.setHeader("Pragma", "no-cache");
+    response.setHeader("Cache-control", "no-store, no-cache, must-revalidate");
+
+    return true;
+
+  }
+
+  /*
+   * (non-Javadoc)
+   * 
+   * @see
+   * org.springframework.web.servlet.HandlerInterceptor#postHandle(javax.servlet.
+   * http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+   * java.lang.Object, org.springframework.web.servlet.ModelAndView)
+   */
+  @Override
+  public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler,
+      ModelAndView modelAndView) throws Exception {
+
+  }
+
+  /*
+   * (non-Javadoc)
+   * 
+   * @see
+   * org.springframework.web.servlet.HandlerInterceptor#afterCompletion(javax.
+   * servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
+   * java.lang.Object, java.lang.Exception)
+   */
+  @Override
+  public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler,
+      Exception ex)
+      throws Exception {
+
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/RevisionLogger.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/RevisionLogger.java
new file mode 100644
index 00000000..03a56976
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/RevisionLogger.java
@@ -0,0 +1,110 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.logger;
+
+import java.util.Date;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.components.eventlog.api.Event;
+import at.gv.egiz.components.eventlog.api.EventConstants;
+import at.gv.egiz.components.eventlog.api.EventLogFactory;
+import at.gv.egiz.components.eventlog.api.EventLoggingException;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.api.logging.IRevisionLogger;
+
+public class RevisionLogger extends EventLogFactory implements IRevisionLogger {
+  private static final Logger log = LoggerFactory.getLogger(RevisionLogger.class);
+
+  @Autowired
+  private IConfiguration basicConfig;
+
+  @Override
+  public void logEvent(ISpConfiguration oaConfig, int eventCode, String message) {
+    logEvent(createNewEvent(new Date().getTime(), eventCode, message));
+
+  }
+
+  @Override
+  public void logEvent(IRequest pendingRequest, int eventCode) {
+    logEvent(createNewEvent(new Date().getTime(), eventCode,
+        pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier()));
+
+  }
+
+  @Override
+  public void logEvent(IRequest pendingRequest, int eventCode, String message) {
+    logEvent(createNewEvent(new Date().getTime(), eventCode, message,
+        pendingRequest.getUniqueSessionIdentifier(), pendingRequest.getUniqueTransactionIdentifier()));
+
+  }
+
+  @Override
+  public void logEvent(int eventCode, String message) {
+    logEvent(createNewEvent(new Date().getTime(), eventCode, message));
+
+  }
+
+  @Override
+  public void logEvent(String sessionID, String transactionID, int eventCode, String message) {
+    logEvent(createNewEvent(new Date().getTime(), eventCode, message, sessionID, transactionID));
+
+  }
+
+  @Override
+  public void logEvent(String sessionID, String transactionID, int eventCode) {
+    logEvent(createNewEvent(new Date().getTime(), eventCode, sessionID, transactionID));
+
+  }
+
+  private void logEvent(Event event) {
+    try {
+      if (event.getEventCode() >= 1100) {
+        if (event.getEventCode() == EventConstants.TRANSACTION_IP
+            && !basicConfig.getBasicConfigurationBoolean(
+                MsEidasNodeConstants.PROP_CONFIG_REVISIONLOG_LOG_IP_ADDRESS_OF_USER, true)) {
+          log.trace("Ignore Event: " + event.getEventCode() + " because IP adresse logging prohibited");
+          return;
+
+        }
+
+        getEventLog().logEvent(event);
+
+      } else {
+        log.trace("Ignore Event: " + event.getEventCode()
+            + " because session functionallity is not implemented");
+      }
+
+    } catch (final EventLoggingException e) {
+      log.warn("Event logging FAILED! Reason: " + e.getMessage());
+
+    }
+
+  }
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/StatisticLogger.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/StatisticLogger.java
new file mode 100644
index 00000000..bdaf83f6
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/logger/StatisticLogger.java
@@ -0,0 +1,141 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.logger;
+
+import org.apache.commons.lang3.StringUtils;
+import org.joda.time.DateTime;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.logging.IStatisticLogger;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+
+public class StatisticLogger implements IStatisticLogger {
+
+  private static final Logger log = LoggerFactory.getLogger(StatisticLogger.class);
+
+  private static final String DATEFORMATER = "yyyy.MM.dd-HH:mm:ss+z";
+  private static final String STATUS_SUCCESS = "success";
+  private static final String STATUS_ERROR = "error";
+
+  @Override
+  public void logSuccessOperation(IRequest protocolRequest, IAuthData authData, boolean isSsoSession) {
+    log.info(buildLogMessage(
+        protocolRequest.getUniqueTransactionIdentifier(),
+        protocolRequest.getSpEntityId(),
+        protocolRequest.getRawData(MsEidasNodeConstants.DATA_REQUESTERID),
+        protocolRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
+        authData.getCiticenCountryCode(),
+        STATUS_SUCCESS,
+        StringUtils.EMPTY,
+        StringUtils.EMPTY));
+
+  }
+
+  @Override
+  public void logErrorOperation(Throwable throwable) {
+    String errorId = "TODO";
+    if (throwable instanceof EaafException) {
+      errorId = ((EaafException) throwable).getErrorId();
+    }
+
+    log.info(buildLogMessage(
+        StringUtils.EMPTY,
+        StringUtils.EMPTY,
+        StringUtils.EMPTY,
+        StringUtils.EMPTY,
+        StringUtils.EMPTY,
+        STATUS_ERROR,
+        errorId,
+        throwable.getMessage()));
+
+  }
+
+  @Override
+  public void logErrorOperation(Throwable throwable, IRequest errorRequest) {
+    String errorId = "TODO";
+    if (throwable instanceof EaafException) {
+      errorId = ((EaafException) throwable).getErrorId();
+    }
+
+    if (errorRequest != null) {
+      log.info(buildLogMessage(
+          errorRequest.getUniqueTransactionIdentifier(),
+          errorRequest.getSpEntityId(),
+          errorRequest.getRawData(MsEidasNodeConstants.DATA_REQUESTERID),
+          errorRequest.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier(),
+          StringUtils.EMPTY,
+          STATUS_ERROR,
+          errorId,
+          throwable.getMessage()));
+    } else {
+      log.info(buildLogMessage(
+          StringUtils.EMPTY,
+          StringUtils.EMPTY,
+          StringUtils.EMPTY,
+          StringUtils.EMPTY,
+          StringUtils.EMPTY,
+          STATUS_ERROR,
+          errorId,
+          throwable.getMessage()));
+    }
+
+  }
+
+  @Override
+  public void internalTesting() throws Exception {
+    log.trace("Not implemented for a File-based logger");
+
+  }
+
+  private String buildLogMessage(String transId, String entityId, Object requesterId, String target,
+      String cc,
+      String status, String errorCode, String errorMsg) {
+    String logMsg = StringUtils.EMPTY;
+
+    // data,tId,MOAID-Id,SP-Id,bPKTarget,CC,status,error-code,error-msg
+
+    logMsg += DateTime.now().toString(DATEFORMATER) + ",";
+    logMsg += transId + ",";
+    logMsg += entityId + ",";
+
+    if (requesterId instanceof String && StringUtils.isNotEmpty((String) requesterId)) {
+      logMsg += (String) requesterId + ",";
+    } else {
+      logMsg += StringUtils.EMPTY + ",";
+    }
+
+    logMsg += target + ",";
+    logMsg += cc + ",";
+
+    logMsg += status + ",";
+    logMsg += errorCode + ",";
+    logMsg += errorMsg;
+
+    return logMsg;
+  }
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/mapper/LoALevelMapper.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/mapper/LoALevelMapper.java
new file mode 100644
index 00000000..e3ab5d45
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/mapper/LoALevelMapper.java
@@ -0,0 +1,60 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.mapper;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ILoALevelMapper;
+
+@Service("LoALevelMapper")
+public class LoALevelMapper implements ILoALevelMapper {
+  private static final Logger log = LoggerFactory.getLogger(LoALevelMapper.class);
+
+  @Override
+  public String mapToSecClass(String loa) {
+    log.info("Mapping to PVP SecClass is NOT supported");
+    return null;
+  }
+
+  @Override
+  public String mapToEidasLoa(String loa) {
+    if (loa.startsWith(EaafConstants.EIDAS_LOA_PREFIX)) {
+      return loa;
+    } else {
+      log.info("Can NOT map '" + loa + "' to eIDAS LoA");
+    }
+
+    return null;
+
+  }
+
+  @Override
+  public String mapEidasQaaToStorkQaa(String eidasqaaLevel) {
+    return null;
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/provider/StatusMessageProvider.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/provider/StatusMessageProvider.java
new file mode 100644
index 00000000..b47c0b63
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/provider/StatusMessageProvider.java
@@ -0,0 +1,182 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.provider;
+
+import java.text.MessageFormat;
+import java.util.Locale;
+import java.util.MissingResourceException;
+import java.util.ResourceBundle;
+
+import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.context.MessageSource;
+import org.springframework.context.MessageSourceAware;
+import org.springframework.context.NoSuchMessageException;
+import org.springframework.context.i18n.LocaleContextHolder;
+import org.springframework.stereotype.Service;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+
+@Service("StatusMessageProvider")
+public class StatusMessageProvider implements IStatusMessenger, MessageSourceAware {
+  private static final Logger log = LoggerFactory.getLogger(StatusMessageProvider.class);
+
+  private static final String ERROR_MESSAGES_UNAVAILABLE =
+      "Error messages can NOT be load from application. Only errorCode: {0} is availabe";
+  private static final String ERROR_NO_MESSAGE = "No errormesseage for error with number.={0}";
+
+  private static final String ERROR_EXTERNALERROR_CODES_UNAVAILABLE =
+      "External error-codes can NOT be load from application. Only internal errorCode: {0} is availabe";
+  private static final String ERROR_NO_EXTERNALERROR_CODE =
+      "No external error for internal error with number.={0}";
+  private static final String MSG_WARN_NO_SOURCE = "MessageCode: {} is NOT SET for locale: {}";
+  private static final String MSG_INFO = "Use locale: {} as default";
+  
+  // external error codes
+  private static final String DEFAULT_EXTERNALERROR_RESOURCES = "properties/external_statuscodes_map";
+  private static final Locale DEFAULT_EXTERNALERROR_LOCALES = new Locale("en", "GB");
+  private ResourceBundle externalError = null;
+
+  //internal messanges
+  private MessageSource messageSource;
+
+  @Override
+  public String getMessageWithoutDefault(final String messageId, final Object[] parameters) {
+    if (messageSource == null) {
+      return null;
+
+    } else {
+      try {
+        final Locale locale = LocaleContextHolder.getLocale();
+        return messageSource.getMessage(messageId, parameters, locale);
+
+      } catch (final NoSuchMessageException e) {
+        log.info(MSG_WARN_NO_SOURCE, messageId, LocaleContextHolder.getLocale());
+        log.debug(MSG_INFO, Locale.ENGLISH);
+
+        try {
+          return messageSource.getMessage(messageId, parameters, Locale.ENGLISH);
+
+        } catch (final NoSuchMessageException e2) {
+          log.info(MSG_WARN_NO_SOURCE, messageId, Locale.ENGLISH);
+
+        }
+
+      } catch (final MissingResourceException e2) {
+        log.warn("No message source", e2);
+
+      }
+    }
+
+    return null;
+
+  }
+
+  @Override
+  public String getMessage(final String messageId, final Object[] parameters) {
+    if (messageSource == null) {
+      return MessageFormat.format(ERROR_MESSAGES_UNAVAILABLE, new Object[]{messageId});
+
+    } else {
+      try {
+        final Locale locale = LocaleContextHolder.getLocale();
+        return messageSource.getMessage(messageId, parameters, locale);
+
+      } catch (final NoSuchMessageException e) {
+        log.info(MSG_WARN_NO_SOURCE, messageId, LocaleContextHolder.getLocale());
+        log.debug(MSG_INFO, Locale.ENGLISH);
+
+        try {
+          return messageSource.getMessage(messageId, parameters, Locale.ENGLISH);
+
+        } catch (final NoSuchMessageException e2) {
+          return MessageFormat.format(ERROR_NO_MESSAGE, new Object[]{messageId});
+
+        }
+
+      } catch (final MissingResourceException e2) {
+        return MessageFormat.format(ERROR_NO_MESSAGE, new Object[]{messageId});
+
+      }
+    }
+  }
+  
+  @Override
+  public String getResponseErrorCode(Throwable throwable) {
+    String errorCode = IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC;
+    if (throwable instanceof EaafException) {
+      errorCode = ((EaafException) throwable).getErrorId();
+      
+    }
+        
+    return errorCode;
+
+  }
+
+  @Override
+  public String mapInternalErrorToExternalError(String intErrorCode) {
+    // initialize messages
+    if (externalError == null) {
+      this.externalError = ResourceBundle.getBundle(
+          DEFAULT_EXTERNALERROR_RESOURCES,
+          DEFAULT_EXTERNALERROR_LOCALES);
+
+    }
+
+    // create the message
+    if (externalError == null) {
+      log.warn(MessageFormat.format(ERROR_EXTERNALERROR_CODES_UNAVAILABLE, new Object[] { intErrorCode }));
+      return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC;
+
+    } else {
+      try {
+        if (StringUtils.isNotEmpty(intErrorCode)) {
+          return externalError.getString(intErrorCode);
+
+        } else {
+          return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC;
+
+        }
+
+      } catch (final MissingResourceException e2) {
+        log.info(MessageFormat.format(ERROR_NO_EXTERNALERROR_CODE, new Object[] { intErrorCode }));
+        return IStatusMessenger.CODES_EXTERNAL_ERROR_GENERIC;
+
+      }
+    }
+  }
+
+  @Override
+  public void setMessageSource(MessageSource messageSource) {
+    this.messageSource = messageSource;
+
+    log.info("Injecting 'StatusMessanger' into 'LogMessageProviderFactory'");
+    LogMessageProviderFactory.setStatusMessager(this);
+    
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/CacheWithEidasBackend.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/CacheWithEidasBackend.java
new file mode 100644
index 00000000..0eeb35d9
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/CacheWithEidasBackend.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.storage;
+
+import eu.eidas.auth.commons.cache.ConcurrentCacheService;
+import eu.eidas.auth.commons.tx.AbstractCache;
+
+public class CacheWithEidasBackend extends AbstractCache<String, TransactionStoreElement> {
+
+  protected CacheWithEidasBackend(ConcurrentCacheService concurrentMapService) {
+    super(concurrentMapService);
+  }
+  
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/EidasCacheTransactionStoreDecorator.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/EidasCacheTransactionStoreDecorator.java
new file mode 100644
index 00000000..5a59a4e0
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/EidasCacheTransactionStoreDecorator.java
@@ -0,0 +1,180 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.storage;
+
+import java.util.Arrays;
+import java.util.Date;
+import java.util.List;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.actuate.health.Health;
+import org.springframework.boot.actuate.health.HealthIndicator;
+
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.utils.Random;
+
+public class EidasCacheTransactionStoreDecorator implements ITransactionStorage, HealthIndicator {
+  private static final Logger log = LoggerFactory.getLogger(EidasCacheTransactionStoreDecorator.class);
+
+  @Autowired(required = true)
+  private CacheWithEidasBackend storage;
+
+  @Override
+  public Health health() {
+    try {
+      final String key = Random.nextHexRandom16();
+      final String value = Random.nextHexRandom16();
+
+      this.put(key, value, -1);
+      final String result = this.get(key, String.class);
+      this.remove(key);
+
+      if (result != null && result.equals(value)) {
+        return Health.up().build();
+      
+      } else {
+        log.warn("Montioring: TestValue: " + value + " does NOT match in Storage test");
+        return Health.down().build();
+        
+      }
+
+    } catch (final EaafException e) {
+      log.warn("Montioring: Can not read/write to storage.", e);
+      return Health.down().down(e).build();
+      
+    }
+  }
+  
+  @Override
+  public void changeKey(String oldKey, String newKey, Object value) throws EaafException {
+    if (containsKey(oldKey)) {
+      final TransactionStoreElement el = storage.get(oldKey);
+      el.setKey(newKey);
+      el.setData(value);
+      storage.put(newKey, el);
+      boolean delResult = storage.remove(oldKey);
+      log.trace("Object: {} removed from cache: {}", oldKey, delResult);
+
+    } else {
+      throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey);
+    }
+
+  }
+
+  @Override
+  public List<String> clean(Date now, long dataTimeOut) {
+    log.info("Clean is NOT implemented, because its not needed");
+    return Arrays.asList();
+
+  }
+
+  @Override
+  public boolean containsKey(String key) {
+    return storage.containsKey(key);
+
+  }
+
+  @Override
+  public Object get(String key) throws EaafException {
+    if (key != null && containsKey(key)) {
+      final TransactionStoreElement element = storage.get(key);
+      return element.getData();
+
+    } else {
+      return null;
+    }
+  }
+
+  @Override
+  public <T> T get(String key, Class<T> type) throws EaafException {
+    return get(key, type, -1);
+
+  }
+
+  @Override
+  public <T> T get(String key, Class<T> type, long dataTimeOut) throws EaafException {
+    if (key != null && containsKey(key)) {
+      final TransactionStoreElement value = storage.get(key);
+
+      if (dataTimeOut > -1) {
+        final long now = new Date().getTime();
+        if (now - value.getCreated().getTime() > dataTimeOut) {
+          log.info("Transaction-Data with key: " + key + " is out of time.");
+          throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time.");
+
+        }
+      }
+
+      if (type.isAssignableFrom(value.getData().getClass())) {
+        return (T) value.getData();
+
+      } else {
+        log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'");
+      }
+
+    }
+
+    return null;
+  }
+
+  @Override
+  public Object getRaw(String key) throws EaafException {
+    return storage.get(key);
+
+  }
+
+  @Override
+  public void put(String key, Object value, int dataTimeOut) throws EaafException {
+    final TransactionStoreElement element = new TransactionStoreElement();
+    element.setKey(key);
+    element.setData(value);
+    storage.put(key, element);
+
+  }
+
+  @Override
+  public void putRaw(String key, Object value) throws EaafException {
+    if (value instanceof TransactionStoreElement) {
+      storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value);
+    } else {
+      log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class
+          .getName());
+    }
+
+  }
+
+  @Override
+  public void remove(String key) {
+    if (containsKey(key)) {
+      log.trace("Remove element with key: " + key + " from " + ITransactionStorage.class.getName());
+      boolean delResult = storage.remove(key);
+      log.trace("Object: {} removed from cache: {}", key, delResult);
+
+    }
+  }
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/SimpleInMemoryTransactionStorage.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/SimpleInMemoryTransactionStorage.java
new file mode 100644
index 00000000..a3a8af0f
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/SimpleInMemoryTransactionStorage.java
@@ -0,0 +1,169 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.storage;
+
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.concurrent.ConcurrentHashMap;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+
+public class SimpleInMemoryTransactionStorage implements ITransactionStorage {
+  private static final Logger log = LoggerFactory.getLogger(SimpleInMemoryTransactionStorage.class);
+
+  private final Map<String, TransactionStoreElement> storage =
+      new ConcurrentHashMap<>();
+
+  @Override
+  public void changeKey(String oldKey, String newKey, Object value) throws EaafException {
+    if (containsKey(oldKey)) {
+      final TransactionStoreElement el = storage.get(oldKey);
+      el.setKey(newKey);
+      storage.put(newKey, el);
+      storage.remove(oldKey);
+
+    } else {
+      throw new EaafStorageException("No element in TransactionStorage with key: " + oldKey);
+    }
+
+  }
+
+  @Override
+  public List<String> clean(Date now, long dataTimeOut) {
+    final List<String> result = new ArrayList<>();
+    final Iterator<Entry<String, TransactionStoreElement>> iterator = storage.entrySet().iterator();
+    while (iterator.hasNext()) {
+      final Entry<String, TransactionStoreElement> key = iterator.next();
+      synchronized (storage) {
+        if (storage.containsKey(key.getKey())) {
+          final TransactionStoreElement element = key.getValue();
+          if (now.getTime() - element.getCreated().getTime() > dataTimeOut) {
+            result.add(key.getKey());
+          }
+        }
+      }
+    }
+
+    return result;
+
+  }
+
+  @Override
+  public boolean containsKey(String key) {
+    if (key != null) {
+      return storage.containsKey(key);
+    } else {
+      return false;
+    }
+
+  }
+
+  @Override
+  public Object get(String key) throws EaafException {
+    if (key != null && containsKey(key)) {
+      final TransactionStoreElement element = storage.get(key);
+      return element.getData();
+
+    } else {
+      return null;
+    }
+  }
+
+  @Override
+  public <T> T get(String key, Class<T> type) throws EaafException {
+    return get(key, type, -1);
+
+  }
+
+  @Override
+  public <T> T get(String key, Class<T> type, long dataTimeOut) throws EaafException {
+    if (key != null && containsKey(key)) {
+      final TransactionStoreElement value = storage.get(key);
+
+      if (dataTimeOut > -1) {
+        final long now = new Date().getTime();
+        if (now - value.getCreated().getTime() > dataTimeOut) {
+          log.info("Transaction-Data with key: " + key + " is out of time.");
+          throw new EaafStorageException("Transaction-Data with key: " + key + " is out of time.");
+
+        }
+      }
+
+      if (type.isAssignableFrom(value.getData().getClass())) {
+        return (T) value.getData();
+
+      } else {
+        log.warn("Can NOT cast '" + value.getClass() + "' to '" + type + "'");
+      }
+
+    }
+
+    return null;
+  }
+
+  @Override
+  public Object getRaw(String key) throws EaafException {
+    return storage.get(key);
+
+  }
+
+  @Override
+  public void put(String key, Object value, int dataTimeOut) throws EaafException {
+    final TransactionStoreElement element = new TransactionStoreElement();
+    element.setKey(key);
+    element.setData(value);
+    storage.put(key, element);
+
+  }
+
+  @Override
+  public void putRaw(String key, Object value) throws EaafException {
+    if (value instanceof TransactionStoreElement) {
+      storage.put(((TransactionStoreElement) value).getKey(), (TransactionStoreElement) value);
+    } else {
+      log.info(value.getClass().getName() + " is NOT a RAW element of " + ITransactionStorage.class
+          .getName());
+    }
+
+  }
+
+  @Override
+  public void remove(String key) {
+    if (containsKey(key)) {
+      log.debug("Remove element with key: " + key + " from " + ITransactionStorage.class.getName());
+      storage.remove(key);
+
+    }
+  }
+
+}
diff --git a/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/TransactionStoreElement.java b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/TransactionStoreElement.java
new file mode 100644
index 00000000..48668d4b
--- /dev/null
+++ b/modules/core_common_webapp/src/main/java/at/asitplus/eidas/specific/core/storage/TransactionStoreElement.java
@@ -0,0 +1,70 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.core.storage;
+
+import java.io.Serializable;
+import java.util.Date;
+
+public class TransactionStoreElement implements Serializable {
+
+  private static final long serialVersionUID = 1L;
+  private String key = null;
+  private Object data = null;
+  private Date created;
+
+  public String getKey() {
+    return key;
+  }
+
+  public void setKey(String key) {
+    this.key = key;
+  }
+
+  public Object getData() {
+    return data;
+  }
+
+  public void setData(Object data) {
+    this.data = data;
+  }
+
+  public Date getCreated() {
+    return copyOrNull(created);
+  }
+
+  public void setCreated(Date created) {
+    this.created = copyOrNull(created);
+  }
+
+  private Date copyOrNull(Date in) {
+    if (in != null) {
+      return new Date(in.getTime());
+      
+    } 
+    
+    return null;
+      
+  }
+  
+}