Add "DefaultAuthentication" process (AT, no mandates, no stork) (MOAID-59).

- Fix oa web.xml, switch to servlet 3.0.
- moa-id-auth web.xml
-- Add CharacterEncodingFilter for UTF-8 encoding.
-- Add ProcessEngineSignalServlet.
- Fix invalid template_*.html.
- Add TODO[branch] annotations in order to indicates potential process flow branches.
- Add some missing Javadoc.
- Add property processInstandId to AuthenticationSession.
- Add process engine support.
- Fix HttpServlet init issues.
- Set VerifyAuthenticationBlockServlet and VerifyIdentityLinkServlet deprecated.

1 files changed, 95 insertions, 82 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
index a4d63b144..0c481d94e 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/moduls/AuthenticationManager.java
@@ -59,17 +59,16 @@ import org.opensaml.ws.message.encoder.MessageEncodingException;
 import org.opensaml.ws.soap.common.SOAPException;
 import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.security.SecurityException;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.builder.LoginFormBuilder;
 import at.gv.egovernment.moa.id.auth.builder.SendAssertionFormBuilder;
-import at.gv.egovernment.moa.id.auth.builder.StartAuthenticationBuilder;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
 import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.BuildException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
 import at.gv.egovernment.moa.id.auth.parser.StartAuthentificationParameterParser;
-import at.gv.egovernment.moa.id.auth.servlet.AuthServlet;
 import at.gv.egovernment.moa.id.commons.db.dao.session.InterfederationSessionStore;
 import at.gv.egovernment.moa.id.commons.db.dao.session.OASessionStore;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
@@ -94,25 +93,28 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 import at.gv.egovernment.moa.id.util.Random;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
-import at.gv.egovernment.moa.util.StringUtils;
 
-public class AuthenticationManager extends AuthServlet {
+import com.datentechnik.process_engine.ProcessEngine;
+import com.datentechnik.process_engine.ProcessExecutionException;
+import com.datentechnik.process_engine.ProcessInstance;
 
-	private static AuthenticationManager instance = null;
-	
-	private static final long serialVersionUID = 1L;
+public class AuthenticationManager implements MOAIDAuthConstants {
+
+	private static final AuthenticationManager INSTANCE = new AuthenticationManager();
 	
 	public static final String MOA_SESSION = "MoaAuthenticationSession";
 	public static final String MOA_AUTHENTICATED = "MoaAuthenticated";
 
 	public static final int SLOTIMEOUT = 30 * 1000; //30 sec
 	
+	@Autowired
+	private ProcessEngine processEngine;
+	
+	private AuthenticationManager() {
+	}
+	
 	public static AuthenticationManager getInstance() {
-		if (instance == null) {
-			instance = new AuthenticationManager();
-		}
-		
-		return instance;
+		return INSTANCE;
 	}
 	
 	/**
@@ -508,7 +510,10 @@ public class AuthenticationManager extends AuthServlet {
 			throws ServletException, IOException, MOAIDException {
 		Logger.debug("Starting authentication on this IDP ...");
 
-		setNoCachingHeadersInHttpRespone(request, response);
+		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES, MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
+		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA, MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
+		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
+		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL, MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
 		
 		List<String> legacyallowed_prot = AuthConfigurationProvider.getInstance().getLegacyAllowedProtocols();
 
@@ -529,79 +534,87 @@ public class AuthenticationManager extends AuthServlet {
 			throw new MOAIDException("init.04", new Object[] {});
 		}
 		
-		
-		if (legacyallowed && legacyparamavail) {
-			
-			//parse request parameter into MOASession			
-			StartAuthentificationParameterParser.parse(request, response, moasession, target);
-							
-		    Logger.info("Start Authentication Module: " + moasession.getModul() 
-		    		+ " Action: " + moasession.getAction());
-					    
-		    StartAuthenticationBuilder startauth = StartAuthenticationBuilder.getInstance();
-			
-		    String getIdentityLinkForm = startauth.build(moasession, request, response);
-			
-			//store MOASession
-			try {
-				AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
-			} catch (MOADatabaseException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] {
-						moasession.getSessionID()});
-			}
-		    
-		    if (!StringUtils.isEmpty(getIdentityLinkForm)) {
-		    	response.setContentType("text/html;charset=UTF-8");
-		    	PrintWriter out = new PrintWriter(response.getOutputStream());
-		    	out.print(getIdentityLinkForm);
-		    	out.flush();
-		    	Logger.debug("Finished GET StartAuthentication");
-		    }
-			
-		} else {
-			//load Parameters from OnlineApplicationConfiguration
-			OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
-					.getOnlineApplicationParameter(target.getOAURL());
+		try {
 			
-			if (oaParam == null) {
-				throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
-			}
+			if (legacyallowed && legacyparamavail) {
+				
+				//parse request parameter into MOASession			
+				StartAuthentificationParameterParser.parse(request, response, moasession, target);
+								
+			    Logger.info("Start Authentication Module: " + moasession.getModul() 
+			    		+ " Action: " + moasession.getAction());
+	
+			    
+				// create process instance
+			    // TODO[MOAID-49]: Automatically selection of process
+		    	ProcessInstance pi = processEngine.createProcessInstance("DefaultAuthentication");
+		    	// keep process instance id in moa session
+		    	moasession.setProcessInstanceId(pi.getId());
+	
+				// make sure moa session has been persisted before running the process
+				try {
+					AuthenticationSessionStoreage.storeSession(moasession);
+				} catch (MOADatabaseException e) {
+					Logger.error("Database Error! MOASession is not stored!");
+					throw new MOAIDException("init.04", new Object[] {
+							moasession.getSessionID()});
+				}
+				
+				// set execution context
+				pi.getExecutionContext().put("ccc", moasession.getCcc());
+				pi.getExecutionContext().put("useMandate", moasession.getUseMandate());
+				pi.getExecutionContext().put("bkuURL", moasession.getBkuURL());
+				pi.getExecutionContext().put(PARAM_SESSIONID, moasession.getSessionID());
+		    	
+		    	// start process
+		    	processEngine.start(pi);
+			    
+			} else {
+				//load Parameters from OnlineApplicationConfiguration
+				OAAuthParameter oaParam = AuthConfigurationProvider.getInstance()
+						.getOnlineApplicationParameter(target.getOAURL());
+				
+				if (oaParam == null) {
+					throw new AuthenticationException("auth.00", new Object[] { target.getOAURL() });
+				}
+								
+				else {
+					
+					//check if an MOASession exists and if not create an new MOASession
+					//moasession = getORCreateMOASession(request);
+	
+					//set OnlineApplication configuration in Session
+					moasession.setOAURLRequested(target.getOAURL());
+					moasession.setAction(target.requestedAction());
+					moasession.setModul(target.requestedModule());
+				}
 							
-			else {
+				//Build authentication form
 				
-				//check if an MOASession exists and if not create an new MOASession
-				//moasession = getORCreateMOASession(request);
-
-				//set OnlineApplication configuration in Session
-				moasession.setOAURLRequested(target.getOAURL());
-				moasession.setAction(target.requestedAction());
-				moasession.setModul(target.requestedModule());
-			}
-						
-			//Build authentication form
-			
-			
-			String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
-			String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
-					target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
-			
-			//store MOASession
-			try {
-				AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
-			} catch (MOADatabaseException e) {
-				Logger.error("Database Error! MOASession is not stored!");
-				throw new MOAIDException("init.04", new Object[] {
-						moasession.getSessionID()});
+				
+				String publicURLPreFix = AuthConfigurationProvider.getInstance().getPublicURLPrefix();
+				String loginForm = LoginFormBuilder.buildLoginForm(target.requestedModule(), 
+						target.requestedAction(), oaParam, publicURLPreFix, moasession.getSessionID());
+				
+				//store MOASession
+				try {
+					AuthenticationSessionStoreage.storeSession(moasession, target.getRequestID());				
+				} catch (MOADatabaseException e) {
+					Logger.error("Database Error! MOASession is not stored!");
+					throw new MOAIDException("init.04", new Object[] {
+							moasession.getSessionID()});
+				}
+				
+				//set MOAIDSession
+				//request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
+				
+				response.setContentType("text/html;charset=UTF-8");
+				PrintWriter out = new PrintWriter(response.getOutputStream()); 
+				out.print(loginForm);
+				out.flush(); 
 			}
-			
-			//set MOAIDSession
-			//request.getSession().setAttribute(MOA_SESSION, moasession.getSessionID());
-			
-			response.setContentType("text/html;charset=UTF-8");
-			PrintWriter out = new PrintWriter(response.getOutputStream()); 
-			out.print(loginForm);
-			out.flush(); 
+		} catch (ProcessExecutionException e) {
+			throw new MOAIDException("process.01", new Object[] { moasession.getProcessInstanceId(), moasession }, e);
 		}
 	}
 }