First untested part: Refactor authentication modules and process management to Spring

8 files changed, 511 insertions, 61 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 67ddd170a..a73fd6858 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -1,6 +1,12 @@
 package at.gv.egovernment.moa.id.auth.modules;

 

-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.*;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_CACHE_CONTROL;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_EXPIRES;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_PRAGMA;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES;

+import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA;

 

 import java.io.ByteArrayOutputStream;

 import java.io.IOException;

@@ -24,17 +30,23 @@ import org.apache.commons.fileupload.FileUploadException;
 import org.apache.commons.fileupload.disk.DiskFileItemFactory;

 import org.apache.commons.fileupload.servlet.ServletFileUpload;

 import org.apache.commons.lang3.ArrayUtils;

+import org.springframework.beans.factory.annotation.Autowired;

 

+import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;

 import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;

+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;

 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;

 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;

-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;

+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;

 import at.gv.egovernment.moa.id.config.ConfigurationException;

-import at.gv.egovernment.moa.id.entrypoints.DispatcherServlet;

+import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;

+import at.gv.egovernment.moa.id.moduls.IRequestStorage;

 import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;

-import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;

-import at.gv.egovernment.moa.id.storage.IExceptionStore;

+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;

+import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;

+import at.gv.egovernment.moa.id.storage.ITransactionStorage;

+import at.gv.egovernment.moa.id.util.Random;

 import at.gv.egovernment.moa.id.util.ServletUtils;

 import at.gv.egovernment.moa.logging.Logger;

 import at.gv.egovernment.moa.util.MiscUtil;

@@ -45,6 +57,13 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */

 public abstract class AbstractAuthServletTask extends MoaIdTask {

 

+	@Autowired private StatisticLogger statisticLogger;

+	@Autowired private ITransactionStorage transactionStorage;

+	@Autowired protected IRequestStorage requestStoreage;

+	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;

+	@Autowired protected MOAReversionLogger revisionsLogger;

+	@Autowired protected AuthConfiguration authConfig;

+	

 	protected static final String ERROR_CODE_PARAM = "errorid";

 

 	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,

@@ -66,11 +85,8 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 			req.setAttribute("LogLevel", "debug");

 		}

 		

-		

-		StatisticLogger logger = StatisticLogger.getInstance();

-		logger.logErrorOperation(exceptionThrown);

-		

-		

+		statisticLogger.logErrorOperation(exceptionThrown);

+				

 		// forward this to errorpage-auth.jsp where the HTML error page is

 		// generated

 		ServletContext context = req.getServletContext();

@@ -132,31 +148,42 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);

 			

 		}

+				

 		

-		IExceptionStore store = DBExceptionStoreImpl.getStore();

-		String id = store.storeException(exceptionThrown);

-

-		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {

-		

-			String redirectURL = null;

-

-			redirectURL = ServletUtils.getBaseUrl(req);

-			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 

-					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;

-		

-			resp.setContentType("text/html");

-			resp.setStatus(302);

-	

-			resp.addHeader("Location", redirectURL);		

-			Logger.debug("REDIRECT TO: " + redirectURL);	

-		

-			return;

+		try {

+			String key = Random.nextRandom();			

+			transactionStorage.put(key, exceptionThrown);

 			

-		} else {

+			if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {		

+				String redirectURL = null;

+				

+				redirectURL = ServletUtils.getBaseUrl(req) + "/";

+				redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT 

+								+ "?" + ERROR_CODE_PARAM + "=" + key 

+						+ "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;

 			

-			//Exception can not be stored in database

+				resp.setContentType("text/html");

+				resp.setStatus(302);

+		

+				resp.addHeader("Location", redirectURL);		

+				Logger.debug("REDIRECT TO: " + redirectURL);	

+					

+				return;

+				

+			} else {				

+				//Exception can not be stored in database

+				handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);

+			}

+						

+		} catch (MOADatabaseException e) {

+			Logger.warn("Exception can not be stored to Database.", e);

 			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);

+			

 		}

+

+

+			

+

 	}

 

 	/**

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
new file mode 100644
index 000000000..8b02a5bf6
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/BKUSelectionModuleImpl.java
@@ -0,0 +1,68 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules;
+
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+
+/**
+ * @author tlenz
+ *
+ */
+public class BKUSelectionModuleImpl implements AuthModule {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority()
+	 */
+	@Override
+	public int getPriority() {
+		return 0;
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv.egovernment.moa.id.process.api.ExecutionContext)
+	 */
+	@Override
+	public String selectProcess(ExecutionContext context) {
+		boolean performBKUSelection = false;
+		Object performBKUSelectionObj = context.get("performBKUSelection");
+		if (performBKUSelectionObj != null && performBKUSelectionObj instanceof Boolean)
+			performBKUSelection = (boolean) performBKUSelectionObj;
+		
+		if (performBKUSelection)
+			return "BKUSelectionProcess";
+		
+		else
+			return null;
+		
+	}
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions()
+	 */
+	@Override
+	public String[] getProcessDefinitions() {
+		return new String[] { "classpath:at/gv/egovernment/moa/id/auth/modules/internal/BKUSelection.process.xml" };
+		
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
index 4a6ecd56a..f1ab58ee0 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/CreateInterfedeartionRequestTask.java
@@ -44,9 +44,9 @@ import org.opensaml.saml2.metadata.SingleSignOnService;
 import org.opensaml.saml2.metadata.provider.MetadataProviderException;
 import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.xml.security.SecurityException;
+import org.springframework.stereotype.Service;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
-import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
@@ -55,13 +55,12 @@ import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProviderFactory;
 import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.IEncoder;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.PostBinding;
 import at.gv.egovernment.moa.id.protocols.pvp2x.binding.RedirectBinding;
-import at.gv.egovernment.moa.id.protocols.pvp2x.config.PVPConfiguration;
 import at.gv.egovernment.moa.id.protocols.pvp2x.exceptions.PVP2Exception;
 import at.gv.egovernment.moa.id.protocols.pvp2x.metadata.MOAMetadataProvider;
 import at.gv.egovernment.moa.id.protocols.pvp2x.utils.SAML2Utils;
@@ -73,6 +72,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@Service("CreateInterfedeartionRequestTask")
 public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
@@ -84,8 +84,8 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		boolean requiredLocalAuthentication = true;
 		
-		IRequest pendingReq = RequestStorage.getPendingRequest(
-				(String) executionContext.get("pendingRequestID"));	
+		IRequest pendingReq = requestStoreage.getPendingRequest(
+				(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));	
 
 		String idpEntityID = 
 				(String) executionContext.get(MOAIDAuthConstants.PROCESSCONTEXT_INTERFEDERATION_ENTITYID);
@@ -105,8 +105,10 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
 			OAAuthParameter idp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(idpEntityID);
 			OAAuthParameter sp = AuthConfigurationProviderFactory.getInstance().getOnlineApplicationParameter(pendingReq.getOAURL());
 		
+			String requestedIDP = pendingReq.getGenericData(RequestImpl.DATAID_INTERFEDERATIOIDP_URL, String.class);
+			
 			if (!idp.isInderfederationIDP() || !idp.isInboundSSOInterfederationAllowed()) {
-				Logger.info("Requested interfederation IDP " + pendingReq.getRequestedIDP() + " is not valid for interfederation.");
+				Logger.info("Requested interfederation IDP " + requestedIDP + " is not valid for interfederation.");
 				Logger.debug("isInderfederationIDP:" + String.valueOf(idp.isInderfederationIDP())
 					+ " isInboundSSOAllowed:" + String.valueOf(idp.isInboundSSOInterfederationAllowed()));
 				Logger.info("Switch to local authentication on this IDP ... ");
@@ -252,18 +254,18 @@ public class CreateInterfedeartionRequestTask extends AbstractAuthServletTask {
 					//build and send request without an error
 					requiredLocalAuthentication = false;
 					
-					MOAReversionLogger.getInstance().logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+					revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
 							pendingReq, MOAIDEventConstants.AUTHPROCESS_INTERFEDERATION_IDP, idpEntity.getEntityID());
 					
 					
 				} else {
-					Logger.warn("Requested IDP " + pendingReq.getRequestedIDP() 
+					Logger.warn("Requested IDP " + requestedIDP 
 						+ " does not support POST or Redirect Binding.");
 					
 				}
 												
 			} else {
-				Logger.warn("Requested IDP " + pendingReq.getRequestedIDP() 
+				Logger.warn("Requested IDP " + requestedIDP 
 						+ " is not found in InterFederation configuration");
 				
 			}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
new file mode 100644
index 000000000..fe3e8680c
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/EvaluateBKUSelectionTask.java
@@ -0,0 +1,119 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.Enumeration;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.lang.StringEscapeUtils;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+import at.gv.egovernment.moa.util.MiscUtil;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("EvaluateBKUSelectionTask")
+public class EvaluateBKUSelectionTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {		
+		try {
+			//load pending request
+			String pendingReqID = request.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);	    		    
+			pendingReqID = StringEscapeUtils.escapeHtml(pendingReqID);						
+			IRequest pendingReq = requestStoreage.getPendingRequest(pendingReqID);
+			
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+				
+			}
+			
+			//change pending-request ID
+			String newPendingRequestID = requestStoreage.changePendingRequestID(pendingReq);
+			executionContext.put(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID, newPendingRequestID);
+	    	
+	    	AuthenticationSession moaSession = null;
+	    	String moaSessionID = pendingReq.getMOASessionIdentifier();
+	    	try {
+	    	    moaSession = authenticatedSessionStorage.getSession(moaSessionID);
+	    	    
+	    	    if (moaSession == null) {
+					Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database");
+					throw new MOAIDException("init.04", new Object[] {
+							moaSessionID});
+	    	    	
+	    	    }
+	    	   	    	    
+				// set parameter execution context			
+				Enumeration<String> reqParamNames = request.getParameterNames();
+				while(reqParamNames.hasMoreElements()) {
+					String paramName = reqParamNames.nextElement();
+					if (MiscUtil.isNotEmpty(paramName))
+						executionContext.put(paramName, request.getParameter(paramName));
+					
+				}
+	    	    
+				Logger.info("BKU is selected finished -> Start BKU communication ...");
+	    	    
+			} catch (MOADatabaseException e) {
+				Logger.info("MOASession with SessionID="+ moaSessionID + " is not found in Database");
+				throw new MOAIDException("init.04", new Object[] {
+						moaSessionID});
+				
+			} catch (Throwable e) {
+				Logger.info("No HTTP Session found!");
+				throw new MOAIDException("auth.18", new Object[] {});
+			}
+	    	
+	    	
+			
+			
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("EvaluateBKUSelectionTask has an internal error", e);
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		}
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
index 712ebb731..ed309d85a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/FinalizeAuthenticationTask.java
@@ -22,11 +22,12 @@
  */
 package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_SESSIONID;
-
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.DataURLBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
@@ -34,10 +35,9 @@ import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
 import at.gv.egovernment.moa.id.moduls.IRequest;
-import at.gv.egovernment.moa.id.moduls.ModulUtils;
-import at.gv.egovernment.moa.id.moduls.RequestStorage;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
+import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -45,6 +45,7 @@ import at.gv.egovernment.moa.util.MiscUtil;
  * @author tlenz
  *
  */
+@Service("FinalizeAuthenticationTask")
 public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
@@ -56,8 +57,8 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 			throws TaskExecutionException {
 		
 		try {
-			IRequest pendingReq = RequestStorage.getPendingRequest(
-					(String) executionContext.get("pendingRequestID"));	
+			IRequest pendingReq = requestStoreage.getPendingRequest(
+					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));	
 		
 			if (pendingReq == null) {
 				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
@@ -66,7 +67,7 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 			}
 			
 			//get Session from context
-			String moasessionid = (String) executionContext.get(PARAM_SESSIONID);
+			String moasessionid = pendingReq.getMOASessionIdentifier();
 			AuthenticationSession session = null;				
 			if (MiscUtil.isEmpty(moasessionid)) {
 				Logger.warn("MOASessionID is empty.");
@@ -74,9 +75,14 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 			}
 			
 			try {			
-				session = AuthenticationSessionStoreage.getSession(moasessionid);
-				AuthenticationSessionStoreage.changeSessionID(session);
-							
+				session = authenticatedSessionStorage.getSession(moasessionid);
+				if (session == null) {
+					Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
+					throw new MOAIDException("init.04", new Object[] { moasessionid });
+					
+				}
+					
+				
 			} catch (MOADatabaseException e) {
 				Logger.info("MOASession with SessionID=" + moasessionid + " is not found in Database");
 				throw new MOAIDException("init.04", new Object[] { moasessionid });
@@ -86,25 +92,25 @@ public class FinalizeAuthenticationTask extends AbstractAuthServletTask {
 				throw new MOAIDException("auth.18", new Object[] {});
 			
 			} finally {
-				executionContext.remove(PARAM_SESSIONID);
+				executionContext.remove(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID);
 			
 			}
 		
-		
-			session.setAuthenticatedUsed(false);
-			session.setAuthenticated(true);
-
 
-			String oldsessionID = session.getSessionID();
+			//set MOASession to authenticated and store MOASession
+			session.setAuthenticated(true);
+			String newMOASessionID = authenticatedSessionStorage.changeSessionID(session);
 
-			//Session is implicte stored in changeSessionID!!!
-			String newMOASessionID = AuthenticationSessionStoreage.changeSessionID(session);
+			//set pendingRequest to authenticated and set new MOASessionID			
+			((RequestImpl)pendingReq).setMOASessionIdentifier(newMOASessionID);
+			pendingReq.setAuthenticated(true);
+			requestStoreage.storePendingRequest(pendingReq);
 		
 			Logger.info("AuthProcess finished. Redirect to Protocol Dispatcher.");
 			
-			String redirectURL = new DataURLBuilder().buildDataURL(session.getAuthURL(), 
-					ModulUtils.buildAuthURL(pendingReq.requestedModule(), pendingReq.requestedAction(), pendingReq.getRequestID()), newMOASessionID);
-				
+			String redirectURL = new DataURLBuilder().buildDataURL(pendingReq.getAuthURL(), 
+					AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT, pendingReq.getRequestID());
+							
 			response.setContentType("text/html");
 			response.setStatus(302);
 			response.addHeader("Location", redirectURL);		
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
new file mode 100644
index 000000000..1bdc132d9
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/GenerateBKUSelectionFrameTask.java
@@ -0,0 +1,102 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.advancedlogging.MOAIDEventConstants;
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
+import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.config.auth.IOAAuthParameters;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("GenerateBKUSelectionFrameTask")
+public class GenerateBKUSelectionFrameTask extends AbstractAuthServletTask {
+
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			IRequest pendingReq = requestStoreage.getPendingRequest(
+					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+			
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+				
+			}
+			
+			revisionsLogger.logEvent(pendingReq.getOnlineApplicationConfiguration(), 
+					pendingReq, MOAIDEventConstants.AUTHPROCESS_BKUSELECTION_INIT);
+							
+			//load Parameters from OnlineApplicationConfiguration
+			IOAAuthParameters oaParam = pendingReq.getOnlineApplicationConfiguration();
+			
+			if (oaParam == null) {
+				throw new AuthenticationException("auth.00", new Object[] { pendingReq.getOAURL() });
+				
+			}
+						
+			//Build authentication form						
+			String publicURLPreFix = pendingReq.getAuthURL();
+			if (publicURLPreFix.endsWith("/"))
+				publicURLPreFix = publicURLPreFix.substring(0, publicURLPreFix.length() - 1);
+			String loginForm = LoginFormBuilder.buildLoginForm(pendingReq.requestedModule(), 
+					pendingReq.requestedAction(), oaParam, publicURLPreFix, MOAIDAuthConstants.PARAM_SESSIONID);
+						
+			response.setContentType("text/html;charset=UTF-8");
+			PrintWriter out = new PrintWriter(response.getOutputStream()); 
+			out.print(loginForm);
+			out.flush(); 
+			
+		
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("FinalizeAuthenticationTask has an internal error", e);
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		}
+	
+	}
+
+}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
index f05ff07e9..77aab8ddb 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/ReceiveInterfederationResponseTask.java
@@ -25,6 +25,8 @@ package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.springframework.stereotype.Service;
+
 import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
 import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
@@ -33,6 +35,7 @@ import at.gv.egovernment.moa.id.process.api.ExecutionContext;
  * @author tlenz
  *
  */
+@Service("ReceiveInterfederationResponseTask")
 public class ReceiveInterfederationResponseTask extends AbstractAuthServletTask {
 
 	/* (non-Javadoc)
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
new file mode 100644
index 000000000..d8b558846
--- /dev/null
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/internal/tasks/RestartAuthProzessManagement.java
@@ -0,0 +1,123 @@
+/*
+ * Copyright 2014 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+package at.gv.egovernment.moa.id.auth.modules.internal.tasks;
+
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Service;
+
+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
+import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
+import at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask;
+import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
+import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
+import at.gv.egovernment.moa.id.moduls.IRequest;
+import at.gv.egovernment.moa.id.moduls.RequestImpl;
+import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
+import at.gv.egovernment.moa.id.process.ProcessEngine;
+import at.gv.egovernment.moa.id.process.api.ExecutionContext;
+import at.gv.egovernment.moa.logging.Logger;
+
+/**
+ * @author tlenz
+ *
+ */
+@Service("RestartAuthProzessManagement")
+public class RestartAuthProzessManagement  extends AbstractAuthServletTask {
+
+	@Autowired ProcessEngine processEngine;
+	
+	/* (non-Javadoc)
+	 * @see at.gv.egovernment.moa.id.process.springweb.MoaIdTask#execute(at.gv.egovernment.moa.id.process.api.ExecutionContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
+			throws TaskExecutionException {
+		try {
+			IRequest pendingReq = requestStoreage.getPendingRequest(
+					(String) executionContext.get(MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID));
+			
+			if (pendingReq == null) {
+				Logger.info("No PendingRequest with Id: " + executionContext.get("pendingRequestID") + " Maybe, a transaction timeout occure.");
+				throw new MOAIDException("auth.28", new Object[]{executionContext.get("pendingRequestID")});
+				
+			}
+			
+			//create a new execution context and copy all elements to new context
+			ExecutionContext newec = new ExecutionContextImpl(); 
+			Set<String> entries = executionContext.keySet();
+			for (String key : entries) {
+				newec.put(key, executionContext.get(key));
+				
+			}
+			
+			//remove BKU selection flag
+			newec.remove("performBKUSelection");
+			
+
+			Logger.debug("Swicht to specific authentication process after BKU is selected");
+			
+			// select and create new process instance
+			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(newec);
+			if (processDefinitionId == null) {
+				Logger.warn("No suitable authentication process found for SessionID " + pendingReq.getRequestID());
+				throw new MOAIDException("process.02", new Object[] { pendingReq.getRequestID() });
+			}			
+			
+			String processInstanceId = processEngine.createProcessInstance(processDefinitionId, newec);
+
+			// keep process instance id in moa session
+			((RequestImpl)pendingReq).setProcessInstanceId(processInstanceId);
+
+			// make sure pending request has been persisted before running the process
+			try {
+				requestStoreage.storePendingRequest(pendingReq);
+				
+			} catch (MOAIDException e) {
+				Logger.error("Database Error! MOASession is not stored!");
+				throw new MOAIDException("init.04", new Object[] { pendingReq.getRequestID() });
+				
+			}
+
+			Logger.info("BKU is selected -> Start BKU communication ...");
+			
+			// start process
+			processEngine.start(processInstanceId);
+			
+			
+		} catch (MOAIDException e) {
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		} catch (Exception e) {
+			Logger.warn("RestartAuthProzessManagement has an internal error", e);
+			throw new TaskExecutionException(e.getMessage(), e);
+			
+		}			
+		
+	}
+
+}