Add minor fixes and updates.

- Fix moa-id-auth web.xml and upgrade to servlet 3.0.
- Reformat loginFormFull.html in order to enhance readability.
- Add some TODOs and FIXMEs.
- Adding some comments to DispatcherServlet in order to ease understanding the process.

5 files changed, 76 insertions, 39 deletions

diff --git a/id/server/auth/src/main/webapp/WEB-INF/web.xml b/id/server/auth/src/main/webapp/WEB-INF/web.xml
index 42085b01e..fb3888a3e 100644
--- a/id/server/auth/src/main/webapp/WEB-INF/web.xml
+++ b/id/server/auth/src/main/webapp/WEB-INF/web.xml
@@ -1,8 +1,25 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE web-app PUBLIC '-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN' 'http://java.sun.com/dtd/web-app_2_3.dtd'>
-<web-app>
+<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
+	version="3.0">
 	<display-name>MOA ID Auth</display-name>
 	<description>MOA ID Authentication Service</description>
+
+	<!-- bootstrap loader for spring framework -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+
+	<!-- exposes request and response to the current thread -->
+	<filter>
+		<filter-name>requestContextFilter</filter-name>
+		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+	</filter>
+	<filter-mapping>
+		<filter-name>requestContextFilter</filter-name>
+		<url-pattern>/*</url-pattern>
+	</filter-mapping>
+
 <!-- 	<servlet>
 		<servlet-name>SelectBKU</servlet-name>
 		<display-name>SelectBKU</display-name>
@@ -10,63 +27,63 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SelectBKUServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>GenerateIframeTemplate</servlet-name>
-		<display-name>GenerateIframeTemplate</display-name>
 		<description>Generate BKU Request template</description>
+		<display-name>GenerateIframeTemplate</display-name>
+		<servlet-name>GenerateIframeTemplate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GenerateIFrameTemplateServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>RedirectServlet</servlet-name>
 		<display-name>RedirectServlet</display-name>
+		<servlet-name>RedirectServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.RedirectServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>MonitoringServlet</servlet-name>
 		<display-name>MonitoringServlet</display-name>
+		<servlet-name>MonitoringServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.MonitoringServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<display-name>SSOSendAssertionServlet</display-name>
+		<servlet-name>SSOSendAssertionServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.SSOSendAssertionServlet</servlet-class>
 	</servlet>	
 	<servlet>
-		<servlet-name>LogOut</servlet-name>
-		<display-name>LogOut</display-name>
 		<description>SSO LogOut</description>
+		<display-name>LogOut</display-name>
+		<servlet-name>LogOut</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.LogOutServlet</servlet-class>
 	</servlet>
 	
 	<servlet>
-		<servlet-name>IDPSLO</servlet-name>
-		<display-name>IDP-SLO</display-name>
 		<description>IDP Single LogOut Service</description>
+		<display-name>IDP-SLO</display-name>
+		<servlet-name>IDPSLO</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.IDPSingleLogOutServlet</servlet-class>
 	</servlet>
 	
 	<servlet>
-		<servlet-name>VerifyIdentityLink</servlet-name>
-		<display-name>VerifyIdentityLink</display-name>
 		<description>Verify identity link coming from security layer</description>
+		<display-name>VerifyIdentityLink</display-name>
+		<servlet-name>VerifyIdentityLink</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyIdentityLinkServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>VerifyCertificate</servlet-name>
-		<display-name>VerifyCertificate</display-name>
 		<description>Verify the certificate coming from security layer</description>
+		<display-name>VerifyCertificate</display-name>
+		<servlet-name>VerifyCertificate</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyCertificateServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>GetMISSessionID</servlet-name>
-		<display-name>GetMISSessionID</display-name>
 		<description>Get the MIS session ID coming from security layer</description>
+		<display-name>GetMISSessionID</display-name>
+		<servlet-name>GetMISSessionID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetMISSessionIDServlet</servlet-class>
 	</servlet>
 
 	<servlet>
-		<servlet-name>GetForeignID</servlet-name>
-		<display-name>GetForeignID</display-name>
 		<description>Gets the foreign eID from security layer</description>
+		<display-name>GetForeignID</display-name>
+		<servlet-name>GetForeignID</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.GetForeignIDServlet</servlet-class>
 	</servlet>
 <!-- 	<servlet>
@@ -76,9 +93,9 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ProcessValidatorInputServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>VerifyAuthBlock</servlet-name>
-		<display-name>VerifyAuthBlock</display-name>
 		<description>Verify AUTH block coming from security layer</description>
+		<display-name>VerifyAuthBlock</display-name>
+		<servlet-name>VerifyAuthBlock</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.VerifyAuthenticationBlockServlet</servlet-class>
 	</servlet>
 <!-- 	<servlet>
@@ -89,8 +106,8 @@
 		<servlet-class>at.gv.egovernment.moa.id.auth.servlet.ConfigurationServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>AxisServlet</servlet-name>
 		<display-name>Apache-Axis Servlet</display-name>
+		<servlet-name>AxisServlet</servlet-name>
 		<servlet-class>org.apache.axis.transport.http.AxisServlet</servlet-class>
 	</servlet>
 
@@ -100,18 +117,18 @@
 		<servlet-class>org.apache.jasper.servlet.JspServlet</servlet-class>
 	</servlet> -->
 	<servlet>
-		<servlet-name>PEPSConnectorServlet</servlet-name>
-		<display-name>PEPSConnectorServlet</display-name>
 		<description>Servlet receiving STORK SAML Response Messages from
 			different C-PEPS</description>
+		<display-name>PEPSConnectorServlet</display-name>
+		<servlet-name>PEPSConnectorServlet</servlet-name>
 		<servlet-class>
 			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorServlet</servlet-class>
 	</servlet>
 	<servlet>
-		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
-		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
 		<description>Servlet receiving STORK SAML Response Messages from
 			different C-PEPS</description>
+		<display-name>PEPSConnectorWithLocalSigningServlet</display-name>
+		<servlet-name>PEPSConnectorWithLocalSigningServlet</servlet-name>
 		<servlet-class>
 			at.gv.egovernment.moa.id.auth.servlet.PEPSConnectorWithLocalSigningServlet</servlet-class>
 	</servlet>
@@ -124,8 +141,8 @@
 		<load-on-startup>1</load-on-startup>
 	</servlet>-->
 	<servlet>
-		<servlet-name>DispatcherServlet</servlet-name>
 		<display-name>Dispatcher Servlet</display-name>
+		<servlet-name>DispatcherServlet</servlet-name>
 		<servlet-class>at.gv.egovernment.moa.id.entrypoints.DispatcherServlet</servlet-class>
 		<load-on-startup>1</load-on-startup>
 	</servlet>
diff --git a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
index 7e2ddc491..f19cc5320 100644
--- a/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
+++ b/id/server/data/deploy/conf/moa-id/htmlTemplates/loginFormFull.html
@@ -794,13 +794,13 @@
 						<div id="localBKU">
 							<form method="get" id="moaidform" action="#AUTH_URL#"
 								class="verticalcenter" target="_parent">
-								<input type="hidden" name="bkuURI" value="#LOCAL#"> <input
-									type="hidden" name="useMandate" id="useMandate"> <input
-									type="hidden" name="SSO" id="useSSO"> <input
-									type="hidden" name="CCC" id="ccc"> <input type="hidden"
-									name="MODUL" value="#MODUL#"> <input type="hidden"
-									name="ACTION" value="#ACTION#"> <input type="hidden"
-									name="MOASessionID" value="#SESSIONID#"> 
+								<input type="hidden" name="bkuURI" value="#LOCAL#">
+								<input type="hidden" name="useMandate" id="useMandate">
+								<input type="hidden" name="SSO" id="useSSO">
+								<input type="hidden" name="CCC" id="ccc">
+								<input type="hidden" name="MODUL" value="#MODUL#">
+								<input type="hidden" name="ACTION" value="#ACTION#">
+								<input type="hidden" name="MOASessionID" value="#SESSIONID#"> 
                   <input type="submit" value=">lokale Bürgerkartenumgebung" tabindex="4"
 									role="button" class="hell"
                   onclick="setMandateSelection();"
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
index 9e2e845b5..20c32a3ec 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GetMISSessionIDServlet.java
@@ -197,6 +197,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
 			// for now: list contains only one element
 			MISMandate mandate = (MISMandate) list.get(0);
 
+			// TODO[tlenz]: UTF-8 ?
 			String sMandate = new String(mandate.getMandate());
 			if (sMandate == null || sMandate.compareToIgnoreCase("") == 0) {
 				Logger.error("Mandate is empty.");
@@ -206,6 +207,7 @@ public class GetMISSessionIDServlet extends AuthServlet {
 						
 			//check if it is a parsable XML
 			byte[] byteMandate = mandate.getMandate();
+			// TODO[tlenz]: UTF-8 ?
 			String stringMandate = new String(byteMandate);
 			DOMUtils.parseDocument(stringMandate, false,
 					null, null).getDocumentElement();
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
index 3bc79f8bd..165445ea5 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/PEPSConnectorWithLocalSigningServlet.java
@@ -473,6 +473,7 @@ public class PEPSConnectorWithLocalSigningServlet extends AuthServlet {
 						Logger.info("Found AttributeProviderPlugin attribute:"+ap.getAttributes());
 						if(ap.getAttributes().equalsIgnoreCase("signedDoc"))
 						{
+							// FIXME[tlenz]: A servlet's class field is not thread safe.
 							oasisDssWebFormURL = ap.getUrl();
 							found = true;
 							Logger.info("Loaded signedDoc attribute provider url from config:"+oasisDssWebFormURL);
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
index 03cb6c1c4..a4c5c938f 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/entrypoints/DispatcherServlet.java
@@ -23,7 +23,6 @@
 package at.gv.egovernment.moa.id.entrypoints;
 
 import java.io.IOException;
-
 import java.util.Iterator;
 
 import javax.servlet.ServletConfig;
@@ -97,10 +96,13 @@ public class DispatcherServlet extends AuthServlet{
 		boolean useSSOOA = false;
 		String protocolRequestID = null;
 		
-		
 		try {
 			Logger.info("REQUEST: " + req.getRequestURI());
 			Logger.info("QUERY  : " + req.getQueryString());
+			
+
+// *** start of error handling ***
+			
 			String errorid = req.getParameter(ERROR_CODE_PARAM);
 			if (errorid != null) {
 
@@ -117,7 +119,7 @@ public class DispatcherServlet extends AuthServlet{
 					pendingRequestID = (String) idObject; 
 				}
 				
-				if (throwable != null) {					
+				if (throwable != null) {
 													
 						IRequest errorRequest = null;
 						if (pendingRequestID != null) {
@@ -173,6 +175,11 @@ public class DispatcherServlet extends AuthServlet{
 				return;
 			}
 
+// *** end of error handling ***
+
+			
+// *** start of protocol specific stuff ***
+
 			Object moduleObject = req.getParameter(PARAM_TARGET_MODULE);
 			String module = null;
 			if (moduleObject != null && (moduleObject instanceof String)) {
@@ -357,7 +364,11 @@ public class DispatcherServlet extends AuthServlet{
 						
 					}
 				}
-								
+						
+// *** end of protocol specific stuff ***
+				
+// *** start handling authentication ***
+				
 				AuthenticationManager authmanager = AuthenticationManager.getInstance();									
 				
 				String moasessionID = null;
@@ -473,7 +484,11 @@ public class DispatcherServlet extends AuthServlet{
 					//build authenticationdata from session information and OA configuration
 					authData = AuthenticationDataBuilder.buildAuthenticationData(protocolRequest, moasession);					
 				}
-										
+
+// *** end handling authentication ***
+
+// *** start finalizing authentication (SSO, final redirects, statistic logging etc) ***
+				
 				SLOInformationInterface assertionID = moduleAction.processRequest(protocolRequest, req, resp, authData);
 
 				RequestStorage.removePendingRequest(protocolRequestID);
@@ -506,6 +521,8 @@ public class DispatcherServlet extends AuthServlet{
 					
 				}
 
+// *** end finalizing authentication ***
+
 			} catch (Throwable e) {
 				Logger.warn("An authentication error occured: ", e);;
 				// Try handle module specific, if not possible rethrow