4 files changed, 36 insertions, 15 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
index a31f3ceb0..8983403d8 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/AuthModule.java
@@ -22,8 +22,9 @@ public interface AuthModule {
 	int getPriority();
 
 	/**
-	 * Checks if the module has a process, which is able to perform an authentication with the given
-	 * {@link ExecutionContext}.
+	 * Selects a process (description), referenced by its unique id, which is able to perform authentication with the
+	 * given {@link ExecutionContext}. Returns {@code null} if no appropriate process (description) was available within
+	 * this module.
 	 * 
 	 * @param context
 	 *            an ExecutionContext for a process.
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
index fa1878e74..9c950366c 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/modules/registration/ModuleRegistration.java
@@ -128,7 +128,7 @@ public class ModuleRegistration {
 	}
 
 	/**
-	 * Returns the process id of the first process, in the highest ranked
+	 * Returns the process description id of the first process, in the highest ranked
 	 * module, which is able to work with the given execution context.
 	 * 
 	 * @param context
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
index a99b7aeef..d670cbe8a 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/auth/servlet/ProcessEngineSignalServlet.java
@@ -9,6 +9,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringEscapeUtils;

 

 import at.gv.egovernment.moa.id.auth.AuthenticationServer;

+import at.gv.egovernment.moa.id.auth.MOAIDAuthConstants;

 import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;

 import at.gv.egovernment.moa.id.auth.exception.WrongParametersException;

 import at.gv.egovernment.moa.id.commons.db.MOASessionDBUtils;

@@ -23,7 +24,7 @@ import at.gv.egovernment.moa.id.util.ParamValidatorUtils;
 public class ProcessEngineSignalServlet extends AuthServlet {

 

 	private static final long serialVersionUID = 1L;

-

+	

 	/**

 	 * Sets response headers that prevent caching (code taken from {@link AuthServlet}).

 	 * 

@@ -51,14 +52,13 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 	 */

 	@Override

 	protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {

-		String sessionID = StringEscapeUtils.escapeHtml(req.getParameter(PARAM_SESSIONID));

+		String sessionID = StringEscapeUtils.escapeHtml(getMoaSessionId(req));

 

 		setNoCachingHeaders(resp);

 		try {

-

-			// check parameter

-			if (!ParamValidatorUtils.isValidSessionID(sessionID)) {

-				throw new WrongParametersException("ProcessEngineSignal", PARAM_SESSIONID, "auth.12");

+			

+			if (sessionID == null) {

+				throw new IllegalStateException("Unable to determine MOA session id.");

 			}

 

 			// retrieve moa session

@@ -80,4 +80,19 @@ public class ProcessEngineSignalServlet extends AuthServlet {
 

 	}

 

+	/**

+	 * Retrieves the current MOA session id from the HttpServletRequest parameter

+	 * {@link MOAIDAuthConstants#PARAM_SESSIONID}.

+	 * <p/>

+	 * Note that this class/method can be overwritten by modules providing their own strategy of retrieving the

+	 * respective MOA session id.

+	 * 

+	 * @param request

+	 *            The unterlying HttpServletRequest.

+	 * @return The current MOA session id.

+	 */

+	public String getMoaSessionId(HttpServletRequest request) {

+		return StringEscapeUtils.escapeHtml(request.getParameter(PARAM_SESSIONID));

+	}

+

 }

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java
index 499e86fa0..af6822ba6 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/process/springweb/SpringWebExpressionEvaluator.java
@@ -124,12 +124,17 @@ public class SpringWebExpressionEvaluator implements ExpressionEvaluator {
 		log.trace("Evaluating '{}'.", expression);
 
 		Expression expr = parser.parseExpression(expression);
-		Boolean result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext),
-				Boolean.class);
-		if (result == null) {
-			log.warn("Evaluation of '{}' results in null-value.", expression);
-		} else {
-			log.debug("Expression '{}' -> {}", expression, result);
+		Boolean result = null;
+		try {
+			result = expr.getValue(evaluationContext, new SpringWebExpressionEvaluationContext(expressionContext),
+					Boolean.class);
+			if (result == null) {
+				log.warn("Evaluation of '{}' results in null-value.", expression);
+			} else {
+				log.debug("Expression '{}' -> {}", expression, result);
+			}
+		} catch (Exception e) {
+			log.warn("Expression '{}' could not be processed.", expression, e);
 		}
 
 		return BooleanUtils.isTrue(result);