3 files changed, 1 insertions, 789 deletions
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
index 66f91266f..68d5ae299 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AbstractAuthServletTask.java
@@ -1,29 +1,17 @@
 package at.gv.egovernment.moa.id.auth.modules;
 
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_CACHE_CONTROL;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_EXPIRES;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_PRAGMA;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_EXPIRES;
-import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.HEADER_VALUE_PRAGMA;
 import static at.gv.egovernment.moa.id.auth.MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.util.Enumeration;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 
-import javax.servlet.RequestDispatcher;
-import javax.servlet.ServletContext;
-import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.fileupload.FileItem;
 import org.apache.commons.fileupload.FileItemFactory;
@@ -36,24 +24,16 @@ import org.apache.commons.lang3.ObjectUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 
 import at.gv.egovernment.moa.id.advancedlogging.MOAReversionLogger;
-import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
 import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
 import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
 import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-import at.gv.egovernment.moa.id.config.ConfigurationException;
 import at.gv.egovernment.moa.id.config.auth.AuthConfiguration;
 import at.gv.egovernment.moa.id.moduls.IRequest;
 import at.gv.egovernment.moa.id.moduls.IRequestStorage;
 import at.gv.egovernment.moa.id.process.api.ExecutionContext;
 import at.gv.egovernment.moa.id.process.springweb.MoaIdTask;
-import at.gv.egovernment.moa.id.protocols.AbstractProtocolModulController;
 import at.gv.egovernment.moa.id.storage.IAuthenticationSessionStoreage;
-import at.gv.egovernment.moa.id.storage.ITransactionStorage;
-import at.gv.egovernment.moa.id.util.Random;
-import at.gv.egovernment.moa.id.util.ServletUtils;
 import at.gv.egovernment.moa.logging.Logger;
 import at.gv.egovernment.moa.util.MiscUtil;
 
@@ -63,8 +43,6 @@ import at.gv.egovernment.moa.util.MiscUtil;
  */
 public abstract class AbstractAuthServletTask extends MoaIdTask {
 
-	@Autowired private StatisticLogger statisticLogger;
-	@Autowired private ITransactionStorage transactionStorage;
 	@Autowired protected IRequestStorage requestStoreage;
 	@Autowired protected IAuthenticationSessionStoreage authenticatedSessionStorage;
 	@Autowired protected MOAReversionLogger revisionsLogger;
@@ -116,165 +94,6 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 		}
 		
 	}
-	
-	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp) {
-
-		if (null != errorMessage) {
-			Logger.error(errorMessage);
-			req.setAttribute("ErrorMessage", errorMessage);
-		}
-
-		if (null != exceptionThrown) {
-			if (null == errorMessage)
-				errorMessage = exceptionThrown.getMessage();
-			Logger.error(errorMessage, exceptionThrown);
-			req.setAttribute("ExceptionThrown", exceptionThrown);
-		}
-
-		if (Logger.isDebugEnabled()) {
-			req.setAttribute("LogLevel", "debug");
-		}
-		
-		statisticLogger.logErrorOperation(exceptionThrown);
-				
-		// forward this to errorpage-auth.jsp where the HTML error page is
-		// generated
-		ServletContext context = req.getServletContext();
-		RequestDispatcher dispatcher = context
-				.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
-
-			resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
-			resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
-			resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
-			resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
-
-			dispatcher.forward(req, resp);
-		} catch (ServletException e) {
-			Logger.error(e);
-		} catch (IOException e) {
-			Logger.error(e);
-		}
-	}
-	
-	/**
-	 * Handles an error. <br>>
-	 * <ul>
-	 * <li>Logs the error</li>
-	 * <li>Places error message and exception thrown into the request as request
-	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
-	 * <li>Sets HTTP status 500 (internal server error)</li>
-	 * </ul>
-	 * 
-	 * @param errorMessage
-	 *            error message
-	 * @param exceptionThrown
-	 *            exception thrown
-	 * @param req
-	 *            servlet request
-	 * @param resp
-	 *            servlet response
-	 */
-	protected void handleError(String errorMessage, Throwable exceptionThrown,
-			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
-
-		if (null != errorMessage) {
-			Logger.error(errorMessage);
-			req.setAttribute("ErrorMessage", errorMessage);
-		}
-
-		if (null != exceptionThrown) {
-			if (null == errorMessage)
-				errorMessage = exceptionThrown.getMessage();
-			Logger.error(errorMessage, exceptionThrown);
-			req.setAttribute("ExceptionThrown", exceptionThrown);
-		}
-
-		if (Logger.isDebugEnabled()) {
-			req.setAttribute("LogLevel", "debug");
-		}
-
-		if (!(exceptionThrown instanceof MOAIDException)) {
-			Logger.error("Receive an internal error: Message=" + exceptionThrown.getMessage(), exceptionThrown);
-			
-		}
-				
-		
-		try {
-			String key = Random.nextRandom();			
-			transactionStorage.put(key, exceptionThrown);
-			
-			if (key != null && MiscUtil.isNotEmpty(pendingRequestID)) {		
-				String redirectURL = null;
-				
-				redirectURL = ServletUtils.getBaseUrl(req) + "/";
-				redirectURL += AbstractProtocolModulController.FINALIZEPROTOCOL_ENDPOINT 
-								+ "?" + ERROR_CODE_PARAM + "=" + key 
-						+ "&" + MOAIDAuthConstants.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-			
-				resp.setContentType("text/html");
-				resp.setStatus(302);
-		
-				resp.addHeader("Location", redirectURL);		
-				Logger.debug("REDIRECT TO: " + redirectURL);	
-					
-				return;
-				
-			} else {				
-				//Exception can not be stored in database
-				handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
-			}
-						
-		} catch (MOADatabaseException e) {
-			Logger.warn("Exception can not be stored to Database.", e);
-			handleErrorNoRedirect(errorMessage, exceptionThrown, req, resp);
-			
-		}
-
-
-			
-
-	}
-
-	/**
-	 * Handles a <code>WrongParametersException</code>.
-	 * 
-	 * @param req
-	 *            servlet request
-	 * @param resp
-	 *            servlet response
-	 */
-	protected void handleWrongParameters(WrongParametersException ex,
-			HttpServletRequest req, HttpServletResponse resp) {
-		Logger.error(ex.toString());
-		req.setAttribute("WrongParameters", ex.getMessage());
-
-		// forward this to errorpage-auth.jsp where the HTML error page is
-		// generated
-		ServletContext context = req.getServletContext();
-		RequestDispatcher dispatcher = context
-				.getRequestDispatcher("/errorpage-auth.jsp");
-		try {
-			setNoCachingHeaders(resp);
-			dispatcher.forward(req, resp);
-		} catch (ServletException e) {
-			Logger.error(e);
-		} catch (IOException e) {
-			Logger.error(e);
-		}
-	}
-
-	/**
-	 * Logs all servlet parameters for debugging purposes.
-	 */
-	protected void logParameters(HttpServletRequest req) {
-		for (Enumeration params = req.getParameterNames(); params
-				.hasMoreElements();) {
-			String parname = (String) params.nextElement();
-			Logger.debug("Parameter " + parname + req.getParameter(parname));
-		}
-	}
 
 	/**
 	 * Parses the request input stream for parameters, assuming parameters are
@@ -334,27 +153,7 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 			}
 		}
 
-		else {
-			// request is encoded as application/x-www-urlencoded
-			// [tknall]: we must not consume request body input stream once servlet-api request parameters have been accessed
-			
-			/*
-			InputStream in = req.getInputStream();
-
-			String paramName;
-			String paramValueURLEncoded;
-			do {
-				paramName = new String(readBytesUpTo(in, '='));
-				if (paramName.length() > 0) {
-					paramValueURLEncoded = readBytesUpTo(in, '&');
-					String paramValue = URLDecoder.decode(paramValueURLEncoded,
-							"UTF-8");
-					parameters.put(paramName, paramValue);
-				}
-			} while (paramName.length() > 0);
-			in.close();
-			*/
-			
+		else {	
 			Iterator<Entry<String, String[]>> requestParamIt = req.getParameterMap().entrySet().iterator();
 			while (requestParamIt.hasNext()) {
 				Entry<String, String[]> entry = requestParamIt.next();
@@ -394,19 +193,6 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 	}
 
 	/**
-	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).
-	 * 
-	 * @param resp
-	 *            The HttpServletResponse.
-	 */
-	public void setNoCachingHeaders(HttpServletResponse resp) {
-		resp.setHeader(HEADER_EXPIRES, HEADER_VALUE_EXPIRES);
-		resp.setHeader(HEADER_PRAGMA, HEADER_VALUE_PRAGMA);
-		resp.setHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL);
-		resp.addHeader(HEADER_CACHE_CONTROL, HEADER_VALUE_CACHE_CONTROL_IE);
-	}
-
-	/**
 	 * Adds a parameter to a URL.
 	 * 
 	 * @param url
@@ -425,32 +211,4 @@ public abstract class AbstractAuthServletTask extends MoaIdTask {
 		else
 			return url + "&" + param;
 	}
-
-	/**
-	 * Checks if HTTP requests are allowed
-	 * 
-	 * @param authURL
-	 *            requestURL
-	 * @throws AuthenticationException
-	 *             if HTTP requests are not allowed
-	 * @throws ConfigurationException
-	 */
-	protected void checkIfHTTPisAllowed(String authURL)
-			throws AuthenticationException, ConfigurationException {
-		// check if HTTP Connection may be allowed (through
-		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-		
-		//Removed from MOA-ID 2.0 config
-//		String boolStr = AuthConfigurationProvider
-//				.getInstance()
-//				.getGenericConfigurationParameter(
-//						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-		if ((!authURL.startsWith("https:"))
-				//&& (false == BoolUtils.valueOf(boolStr))
-				)
-			throw new AuthenticationException("auth.07", new Object[] { authURL
-					+ "*" });
-
-	}
-
 }
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
deleted file mode 100644
index fb6c71846..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/AuthServlet.java
+++ /dev/null
@@ -1,378 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// * 
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// * 
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// * 
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// ******************************************************************************/
-///*
-// * Copyright 2003 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// *
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// *
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// *
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// */
-//
-//package at.gv.egovernment.moa.id.auth.servlet;
-//
-//import java.io.IOException;
-//
-//import javax.servlet.RequestDispatcher;
-//import javax.servlet.ServletConfig;
-//import javax.servlet.ServletContext;
-//import javax.servlet.ServletException;
-//import javax.servlet.http.HttpServlet;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//
-//import org.springframework.beans.BeansException;
-//import org.springframework.beans.factory.NoSuchBeanDefinitionException;
-//import org.springframework.beans.factory.NoUniqueBeanDefinitionException;
-//import org.springframework.web.context.WebApplicationContext;
-//import org.springframework.web.context.support.WebApplicationContextUtils;
-//
-//import at.gv.egovernment.moa.id.advancedlogging.StatisticLogger;
-//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-//import at.gv.egovernment.moa.id.auth.exception.AuthenticationException;
-//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-//import at.gv.egovernment.moa.id.config.ConfigurationException;
-//import at.gv.egovernment.moa.id.process.ProcessEngine;
-//import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-//import at.gv.egovernment.moa.id.storage.DBExceptionStoreImpl;
-//import at.gv.egovernment.moa.id.storage.IExceptionStore;
-//import at.gv.egovernment.moa.id.util.ServletUtils;
-//import at.gv.egovernment.moa.logging.Logger;
-//import at.gv.egovernment.moa.util.MiscUtil;
-//
-///**
-// * Base class for MOA-ID Auth Servlets, providing standard error handling and
-// * constant names.
-// * 
-// * @author Paul Ivancsics
-// * @version $Id$
-// */
-//public class AuthServlet extends HttpServlet {
-//
-//	/**
-//	 * 
-//	 */
-//	private static final long serialVersionUID = -6929905344382283738L;
-//
-//	protected static final String ERROR_CODE_PARAM = "errorid";
-//	
-//	/**
-//	 * The process engine.
-//	 */
-//	private ProcessEngine processEngine;
-//	
-//	@Override
-//	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-//			throws ServletException, IOException {
-//		Logger.debug("GET " + this.getServletName());
-//
-//		this.setNoCachingHeadersInHttpRespone(req, resp);
-//	}
-//
-//	protected void handleErrorNoRedirect(String errorMessage, Throwable exceptionThrown,
-//			HttpServletRequest req, HttpServletResponse resp) {
-//
-//		if (null != errorMessage) {
-//			Logger.error(errorMessage);
-//			req.setAttribute("ErrorMessage", errorMessage);
-//		}
-//
-//		if (null != exceptionThrown) {
-//			if (null == errorMessage)
-//				errorMessage = exceptionThrown.getMessage();
-//			Logger.error(errorMessage, exceptionThrown);
-//			req.setAttribute("ExceptionThrown", exceptionThrown);
-//		}
-//
-//		if (Logger.isDebugEnabled()) {
-//			req.setAttribute("LogLevel", "debug");
-//		}
-//		
-//		
-//		StatisticLogger logger = StatisticLogger.getInstance();
-//		logger.logErrorOperation(exceptionThrown);
-//		
-//		
-//		// forward this to errorpage-auth.jsp where the HTML error page is
-//		// generated
-//		ServletContext context = getServletContext();
-//		RequestDispatcher dispatcher = context
-//				.getRequestDispatcher("/errorpage-auth.jsp");
-//		try {
-//
-//			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-//					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-//			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-//					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-//			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-//			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-//
-//			dispatcher.forward(req, resp);
-//		} catch (ServletException e) {
-//			Logger.error(e);
-//		} catch (IOException e) {
-//			Logger.error(e);
-//		}
-//	}
-//	
-//	/**
-//	 * Handles an error. <br>>
-//	 * <ul>
-//	 * <li>Logs the error</li>
-//	 * <li>Places error message and exception thrown into the request as request
-//	 * attributes (to be used by <code>"/errorpage-auth.jsp"</code>)</li>
-//	 * <li>Sets HTTP status 500 (internal server error)</li>
-//	 * </ul>
-//	 * 
-//	 * @param errorMessage
-//	 *            error message
-//	 * @param exceptionThrown
-//	 *            exception thrown
-//	 * @param req
-//	 *            servlet request
-//	 * @param resp
-//	 *            servlet response
-//	 */
-//	protected void handleError(String errorMessage, Throwable exceptionThrown,
-//			HttpServletRequest req, HttpServletResponse resp, String pendingRequestID) {
-//
-//		Throwable loggedException = null;
-//		
-//		if (exceptionThrown != null 
-//				&& exceptionThrown instanceof ProcessExecutionException) {
-//			ProcessExecutionException procExc = 
-//					(ProcessExecutionException) exceptionThrown;
-//			if (procExc.getCause() != null && 
-//					procExc.getCause() instanceof TaskExecutionException) {
-//				TaskExecutionException taskExc = (TaskExecutionException) procExc.getCause();
-//				loggedException = taskExc.getOriginalException();	
-//								
-//			}			
-//		}
-//		
-//		if (loggedException == null)
-//			loggedException = exceptionThrown;
-//		
-//
-//		if (!(loggedException instanceof MOAIDException)) {
-//			Logger.error("Receive an internal error: Message=" + loggedException.getMessage(), loggedException);
-//			
-//		} else {
-//			if (Logger.isDebugEnabled() || Logger.isTraceEnabled()) {
-//				Logger.error(loggedException.getMessage(), loggedException);
-//			
-//			} else {
-//				Logger.error(loggedException.getMessage());
-//			
-//			}			
-//		}
-//		
-//		IExceptionStore store = DBExceptionStoreImpl.getStore();
-//		String id = store.storeException(loggedException);
-//
-//		if (id != null && MiscUtil.isNotEmpty(pendingRequestID)) {
-//		
-//			String redirectURL = null;
-//
-//			redirectURL = ServletUtils.getBaseUrl(req);
-//			
-//			//TODO: DEVELOPMENT
-////			redirectURL += "/dispatcher?" + ERROR_CODE_PARAM + "=" + id 
-////					+ "&" + DispatcherServlet.PARAM_TARGET_PENDINGREQUESTID + "=" + pendingRequestID;
-//		
-//			resp.setContentType("text/html");
-//			resp.setStatus(302);
-//	
-//			resp.addHeader("Location", redirectURL);		
-//			Logger.debug("REDIRECT TO: " + redirectURL);	
-//		
-//			return;
-//			
-//		} else {
-//			
-//			//Exception can not be stored in database
-//			handleErrorNoRedirect(errorMessage, loggedException, req, resp);
-//		}
-//	}
-//
-//	/**
-//	 * Handles a <code>WrongParametersException</code>.
-//	 * 
-//	 * @param req
-//	 *            servlet request
-//	 * @param resp
-//	 *            servlet response
-//	 */
-//	protected void handleWrongParameters(WrongParametersException ex,
-//			HttpServletRequest req, HttpServletResponse resp) {
-//		Logger.error(ex.toString());
-//		req.setAttribute("WrongParameters", ex.getMessage());
-//
-//		// forward this to errorpage-auth.jsp where the HTML error page is
-//		// generated
-//		ServletContext context = getServletContext();
-//		RequestDispatcher dispatcher = context
-//				.getRequestDispatcher("/errorpage-auth.jsp");
-//		try {
-//			resp.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-//					MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-//			resp.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-//					MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-//			resp.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-//			resp.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-//					MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-//
-//			dispatcher.forward(req, resp);
-//		} catch (ServletException e) {
-//			Logger.error(e);
-//		} catch (IOException e) {
-//			Logger.error(e);
-//		}
-//	}
-//
-//
-//	/**
-//	 * Calls the web application initializer.
-//	 * 
-//	 * @see javax.servlet.Servlet#init(ServletConfig)
-//	 */
-//	public void init(ServletConfig servletConfig) throws ServletException {
-//		super.init(servletConfig);
-//	}
-//
-//	
-//	/**
-//	 * Set response headers to avoid caching
-//	 * 
-//	 * @param request
-//	 *            HttpServletRequest
-//	 * @param response
-//	 *            HttpServletResponse
-//	 */
-//	protected void setNoCachingHeadersInHttpRespone(HttpServletRequest request,
-//			HttpServletResponse response) {
-//		response.setHeader(MOAIDAuthConstants.HEADER_EXPIRES,
-//				MOAIDAuthConstants.HEADER_VALUE_EXPIRES);
-//		response.setHeader(MOAIDAuthConstants.HEADER_PRAGMA,
-//				MOAIDAuthConstants.HEADER_VALUE_PRAGMA);
-//		response.setHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-//				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL);
-//		response.addHeader(MOAIDAuthConstants.HEADER_CACHE_CONTROL,
-//				MOAIDAuthConstants.HEADER_VALUE_CACHE_CONTROL_IE);
-//
-//	}
-//
-//	/**
-//	 * Adds a parameter to a URL.
-//	 * 
-//	 * @param url
-//	 *            the URL
-//	 * @param paramname
-//	 *            parameter name
-//	 * @param paramvalue
-//	 *            parameter value
-//	 * @return the URL with parameter added
-//	 */
-//	protected static String addURLParameter(String url, String paramname,
-//			String paramvalue) {
-//		String param = paramname + "=" + paramvalue;
-//		if (url.indexOf("?") < 0)
-//			return url + "?" + param;
-//		else
-//			return url + "&" + param;
-//	}
-//
-//	/**
-//	 * Checks if HTTP requests are allowed
-//	 * 
-//	 * @param authURL
-//	 *            requestURL
-//	 * @throws AuthenticationException
-//	 *             if HTTP requests are not allowed
-//	 * @throws ConfigurationException
-//	 */
-//	protected void checkIfHTTPisAllowed(String authURL)
-//			throws AuthenticationException, ConfigurationException {
-//		// check if HTTP Connection may be allowed (through
-//		// FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY)
-//		
-//		//Removed from MOA-ID 2.0 config
-////		String boolStr = AuthConfigurationProvider
-////				.getInstance()
-////				.getGenericConfigurationParameter(
-////						AuthConfigurationProvider.FRONTEND_SERVLETS_ENABLE_HTTP_CONNECTION_PROPERTY);
-//		if ((!authURL.startsWith("https:"))
-//				//&& (false == BoolUtils.valueOf(boolStr))
-//				)
-//			throw new AuthenticationException("auth.07", new Object[] { authURL
-//					+ "*" });
-//
-//	}
-//
-//
-//	/**
-//	 * Returns the underlying process engine instance.
-//	 * 
-//	 * @return The process engine (never {@code null}).
-//	 * @throws NoSuchBeanDefinitionException
-//	 *             if no {@link ProcessEngine} bean was found.
-//	 * @throws NoUniqueBeanDefinitionException
-//	 *             if more than one {@link ProcessEngine} bean was found.
-//	 * @throws BeansException
-//	 *             if a problem getting the {@link ProcessEngine} bean occurred.
-//	 * @throws IllegalStateException
-//	 *             if the Spring WebApplicationContext was not found, which means that the servlet is used outside a
-//	 *             Spring web environment.
-//	 */
-//	public synchronized ProcessEngine getProcessEngine() {
-//		if (processEngine == null) {
-//			WebApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(getServletContext());
-//			if (ctx == null) {
-//				throw new IllegalStateException(
-//						"Unable to find Spring WebApplicationContext. Servlet needs to be executed within a Spring web environment.");
-//			}
-//			processEngine = ctx.getBean(ProcessEngine.class);
-//		}
-//		return processEngine;
-//	}
-//	
-//}
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
deleted file mode 100644
index 663a14881..000000000
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/GenerateIFrameTemplateServlet.java
+++ /dev/null
@@ -1,168 +0,0 @@
-///*******************************************************************************
-// * Copyright 2014 Federal Chancellery Austria
-// * MOA-ID has been developed in a cooperation between BRZ, the Federal
-// * Chancellery Austria - ICT staff unit, and Graz University of Technology.
-// * 
-// * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
-// * the European Commission - subsequent versions of the EUPL (the "Licence");
-// * You may not use this work except in compliance with the Licence.
-// * You may obtain a copy of the Licence at:
-// * http://www.osor.eu/eupl/
-// * 
-// * Unless required by applicable law or agreed to in writing, software
-// * distributed under the Licence is distributed on an "AS IS" basis,
-// * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// * See the Licence for the specific language governing permissions and
-// * limitations under the Licence.
-// * 
-// * This product combines work with different licenses. See the "NOTICE" text
-// * file for details on the various modules and licenses.
-// * The "NOTICE" text file is part of the distribution. Any derivative works
-// * that you distribute must include a readable copy of the "NOTICE" text file.
-// ******************************************************************************/
-//package at.gv.egovernment.moa.id.auth.servlet;
-//
-//import java.io.IOException;
-//import java.util.Enumeration;
-//
-//import javax.servlet.ServletException;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//
-//import org.apache.commons.lang.StringEscapeUtils;
-//
-//import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;
-//import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
-//import at.gv.egovernment.moa.id.auth.exception.MOAIDException;
-//import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;
-//import at.gv.egovernment.moa.id.auth.modules.TaskExecutionException;
-//import at.gv.egovernment.moa.id.auth.modules.registration.ModuleRegistration;
-//import at.gv.egovernment.moa.id.commons.db.ex.MOADatabaseException;
-//import at.gv.egovernment.moa.id.process.ExecutionContextImpl;
-//import at.gv.egovernment.moa.id.process.ProcessExecutionException;
-//import at.gv.egovernment.moa.id.process.api.ExecutionContext;
-//import at.gv.egovernment.moa.id.storage.AuthenticationSessionStoreage;
-//import at.gv.egovernment.moa.logging.Logger;
-//import at.gv.egovernment.moa.util.MiscUtil;
-//
-//public class GenerateIFrameTemplateServlet extends AuthServlet {
-//
-//	private static final long serialVersionUID = 1L;
-//
-//	protected void doGet(HttpServletRequest req, HttpServletResponse resp)
-//			throws ServletException, IOException {
-//		Logger.debug("Receive " + GenerateIFrameTemplateServlet.class + " Request");
-//
-//    	String pendingRequestID = null;
-//		
-//	    try {
-//	    	String moasessionid = req.getParameter(MOAIDAuthConstants.PARAM_SESSIONID);	    		    
-//	    	moasessionid = StringEscapeUtils.escapeHtml(moasessionid);	    	
-//	    	AuthenticationSession moasession = null;	    	
-//	    	try {	    		
-//	    	    pendingRequestID = AuthenticationSessionStoreage.getPendingRequestID(moasessionid);			
-//	    	    moasession = AuthenticationSessionStoreage.getSession(moasessionid);
-//	    	    			
-//			} catch (MOADatabaseException e) {
-//				Logger.info("MOASession with SessionID="+ moasessionid + " is not found in Database");
-//				throw new MOAIDException("init.04", new Object[] {
-//						moasessionid});
-//				
-//			} catch (Throwable e) {
-//				Logger.info("No HTTP Session found!");
-//				throw new MOAIDException("auth.18", new Object[] {});
-//			}
-//	    	
-//
-//
-//			ExecutionContext ec = new ExecutionContextImpl();
-//			// set execution context			
-//			Enumeration<String> reqParamNames = req.getParameterNames();
-//			while(reqParamNames.hasMoreElements()) {
-//				String paramName = reqParamNames.nextElement();
-//				if (MiscUtil.isNotEmpty(paramName))
-//					ec.put(paramName, req.getParameter(paramName));
-//				
-//			}
-//			
-//			ec.put("pendingRequestID", pendingRequestID);
-//			ec.put(MOAIDAuthConstants.PARAM_SESSIONID, moasessionid);
-//			
-////	    	String bkuid = req.getParameter(MOAIDAuthConstants.PARAM_BKU);
-////	    	String useMandate = req.getParameter(MOAIDAuthConstants.PARAM_USEMANDATE);
-////	    	String ccc = req.getParameter(MOAIDAuthConstants.PARAM_CCC);
-////			ec.put("ccc", moasession.getCcc());
-////			ec.put("useMandate", moasession.getUseMandate());
-////			ec.put("bkuURL", moasession.getBkuURL());
-//			
-//			// select and create process instance
-//			String processDefinitionId = ModuleRegistration.getInstance().selectProcess(ec);
-//			if (processDefinitionId == null) {
-//				Logger.warn("No suitable process found for SessionID " + moasession.getSessionID());
-//				throw new MOAIDException("process.02", new Object[] { moasession.getSessionID() });
-//			}			
-//			
-//			String processInstanceId = getProcessEngine().createProcessInstance(processDefinitionId, ec);
-//
-//			// keep process instance id in moa session
-//			moasession.setProcessInstanceId(processInstanceId);
-//
-//			// make sure moa session has been persisted before running the process
-//			try {
-//				AuthenticationSessionStoreage.storeSession(moasession);
-//			} catch (MOADatabaseException e) {
-//				Logger.error("Database Error! MOASession is not stored!");
-//				throw new MOAIDException("init.04", new Object[] { moasession.getSessionID() });
-//			}
-//
-//			Logger.info("BKU is selected -> Start BKU communication ...");
-//			
-//			// start process
-//			getProcessEngine().start(processInstanceId);
-//
-//		}
-//	    catch (WrongParametersException ex) {
-//	    	handleWrongParameters(ex, req, resp);
-//	    }
-//	          
-//	    catch (MOAIDException ex) {
-//	    	handleError(null, ex, req, resp, pendingRequestID);
-//
-//	    } catch (ProcessExecutionException e) {
-//			Throwable cause = e.getCause();
-//			if (cause != null && cause instanceof TaskExecutionException) {
-//				Throwable taskCause = cause.getCause();
-//				if (taskCause != null && taskCause instanceof WrongParametersException) {
-//					WrongParametersException internalEx = (WrongParametersException) taskCause;
-//					handleWrongParameters(internalEx, req, resp);
-//					return;
-//					
-//				} else if (taskCause != null && taskCause instanceof MOAIDException) {
-//					MOAIDException moaTaskCause = (MOAIDException) taskCause;
-//					handleError(null, moaTaskCause, req, resp, pendingRequestID);
-//					return;
-//					
-//				}									
-//			} 
-//			
-//			Logger.error("BKUSelectionServlet has an interal Error.", e);				    	
-//	    	
-//	    } catch (Exception e) {
-//	    	Logger.error("BKUSelectionServlet has an interal Error.", e);
-//	    	
-//	    }
-//	       	    
-//	    finally {
-//	    	
-//	    }
-//	}
-//
-//	
-//	
-//	
-//	
-//	
-//	
-//	
-//
-//}