4 files changed, 268 insertions, 143 deletions
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
index 0324030e..ab8be2b6 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
@@ -12,106 +12,252 @@
 		License.
 	-->
 <beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
 
-	<bean id="STALFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"
-		scope="singleton" />
+	<!-- configuration -->
+	<bean id="configurationResource"
+		class="org.springframework.web.context.support.ServletContextParameterFactoryBean">
+		<property name="initParamName" value="configurationResource" />
+	</bean>
+
+	<bean id="configuration" class="at.gv.egiz.bku.spring.ConfigurationFactoryBean">
+		<property name="configurationResource" ref="configurationResource" />
+	</bean>
+
+  <bean id="sslPKIProfile" class="at.gv.egiz.bku.spring.PKIProfileFactoryBean">
+    <property name="configuration" ref="configuration"/>
+    <property name="trustProfileId" value="SSL"/>
+  </bean>
+
+  <bean id="sslSocketFactory" class="at.gv.egiz.bku.spring.SSLSocketFactoryBean">
+    <property name="configuration" ref="configuration"/>
+    <property name="pkiProfile" ref="sslPKIProfile"/>
+  </bean>
+
+  <bean id="hostnameVerifier" class="at.gv.egiz.bku.spring.ConfigurableHostnameVerifier">
+    <property name="configuration" ref="configuration"/>
+  </bean>
 
-	<bean id="accessController"
-		class="at.gv.egiz.bku.online.accesscontroller.SpringSecurityManager"
-		scope="singleton" init-method="init">
-		<property name="config" ref="configurator" />
+	<bean id="urlDereferencer" class="at.gv.egiz.bku.utils.urldereferencer.URLDereferencerImpl"
+		factory-method="getInstance">
+		<property name="SSLSocketFactory" ref="sslSocketFactory"/>
+		<property name="hostnameVerifier" ref="hostnameVerifier"/>
+	</bean>
+  
+	<!-- security manager for the command invoker -->
+	<bean id="securityManager" class="at.gv.egiz.bku.spring.SecurityManagerFactoryBean">
+		<property name="configuration" ref="configuration" />
 	</bean>
 
-	<bean id="commandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
-		<property name="securityManager" ref="accessController" />
+	<!-- command invoker -->
+	<bean id="slCommandInvoker" class="at.gv.egiz.bku.binding.SLCommandInvokerImpl">
+		<property name="securityManager" ref="securityManager" />
+	</bean>
+
+	<!-- Security Layer command factory -->
+
+	<bean id="abstractCommandFactory" class="at.gv.egiz.bku.slcommands.AbstractSLCommandFactory"
+		abstract="true">
+    <property name="configuration" ref="configuration"/>
+  </bean>
+
+	<bean id="certificatesInfoboxFactory"
+		class="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxFactory" />
+  <bean id="identityLinkInfoboxFactory"
+    class="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxFactory">
+    <property name="identityLinkTransformer">
+      <bean class="at.gv.egiz.idlink.IdentityLinkTransformer">
+        <property name="urlDereferencer" ref="urlDereferencer"/>
+      </bean>
+    </property>
+  </bean>
+	<bean id="cardChannelInfoboxFactory"
+		class="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxFactory" />
+	<bean id="svPersonendatenInfoboxFactory"
+		class="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxFactory" />
+
+	<bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory">
+		<property name="infoboxFactories">
+			<map>
+				<entry key="Certificates" value-ref="certificatesInfoboxFactory" />
+				<entry key="IdentityLink" value-ref="identityLinkInfoboxFactory" />
+				<entry key="CardChannel" value-ref="cardChannelInfoboxFactory" />
+				<entry key="SV-Personendaten" value-ref="svPersonendatenInfoboxFactory" />
+			</map>
+		</property>
+	</bean>
+
+	<bean id="nullOperationCommandFactory"
+		class="at.gv.egiz.bku.slcommands.impl.NullOperationCommandFactory"
+		parent="abstractCommandFactory" />
+	<bean id="nullOperationRequest" class="javax.xml.namespace.QName">
+		<constructor-arg
+			value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+		<constructor-arg value="NullOperationRequest" />
+	</bean>
+	<bean id="infoboxReadCommandFactory"
+		class="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandFactory"
+		parent="abstractCommandFactory">
+		<property name="infoboxFactory" ref="infoboxFactory" />
+	</bean>
+	<bean id="infoboxReadRequest" class="javax.xml.namespace.QName">
+		<constructor-arg
+			value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+		<constructor-arg value="InfoboxReadRequest" />
+	</bean>
+	<bean id="infoboxUpdateCommandFactory"
+		class="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandFactory"
+		parent="abstractCommandFactory">
+		<property name="infoboxFactory" ref="infoboxFactory" />
+	</bean>
+	<bean id="infoboxUpdateRequest" class="javax.xml.namespace.QName">
+		<constructor-arg
+			value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+		<constructor-arg value="InfoboxUpdateRequest" />
+	</bean>
+	<bean id="createXMLSignatureCommandFactory"
+		class="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandFactory"
+		parent="abstractCommandFactory" />
+	<bean id="createXMLSignatureRequest" class="javax.xml.namespace.QName">
+		<constructor-arg
+			value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+		<constructor-arg value="CreateXMLSignatureRequest" />
+	</bean>
+	<bean id="getStatusCommandFactory" class="at.gv.egiz.bku.slcommands.impl.GetStatusCommandFactory"
+		parent="abstractCommandFactory" />
+	<bean id="getStatusRequest" class="javax.xml.namespace.QName">
+		<constructor-arg
+			value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#" />
+		<constructor-arg value="GetStatusRequest" />
 	</bean>
 
 	<bean id="slCommandFactory" class="at.gv.egiz.bku.slcommands.SLCommandFactory"
 		factory-method="getInstance">
-		<property name="commandImpl">
+		<property name="concreteFactories">
 			<map>
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:NullOperationRequest"
-					value="at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl" />
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxReadRequest"
-					value="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl" />
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxUpdateRequest"
-					value="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandImpl" />
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:CreateXMLSignatureRequest"
-					value="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandImpl" />
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:GetStatusRequest"
-					value="at.gv.egiz.bku.slcommands.impl.GetStatusCommandImpl" />
+				<entry key-ref="nullOperationRequest" value-ref="nullOperationCommandFactory" />
+				<entry key-ref="infoboxReadRequest" value-ref="infoboxReadCommandFactory" />
+				<entry key-ref="infoboxUpdateRequest" value-ref="infoboxUpdateCommandFactory" />
+				<entry key-ref="createXMLSignatureRequest" value-ref="createXMLSignatureCommandFactory" />
+				<entry key-ref="getStatusRequest" value-ref="getStatusCommandFactory" />
 			</map>
 		</property>
+		<!--
+			The following properties may be used to introduce additional XML
+			schemas and binding classes to the command factory.
+		-->
+		<!--
+			If property jaxbContextPackageNames is not set the default JAXBContext
+			is created with the package names given below.
+		-->
+		<!--
+		<property name="jaxbContextPackageNames">
+		  <list>
+		    <value>at.buergerkarte.namespaces.securitylayer._1</value>
+		    <value>org.w3._2000._09.xmldsig_</value>
+        <value>at.buergerkarte.namespaces.cardchannel</value>
+        <value>at.buergerkarte.namespaces.securitylayer._20020225_</value>
+        <value>at.buergerkarte.namespaces.securitylayer._20020831_</value>
+		  </list>
+		</property>
+		-->
+		<!--
+			If property schemaUrls is not set the default schema is created from
+			the URLs listed below.
+		-->
+		<!--
+		<property name="schemaUrls">
+		  <list>
+		    <value>classpath:at/gv/egiz/bku/slschema/xml.xsd</value>
+		    <value>classpath:at/gv/egiz/bku/slschema/xmldsig-core-schema.xsd</value>
+		    <value>classpath:at/gv/egiz/bku/slschema/Core-1.2.xsd</value>
+        <value>classpath:at/gv/egiz/bku/slschema/Core.20020225.xsd</value>
+        <value>classpath:at/gv/egiz/bku/slschema/Core.20020831.xsd</value>
+		  </list>
+		</property>
+		-->
 	</bean>
 
-  <bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory"
-    factory-method="getInstance">
-    <property name="infoboxImpl">
-      <map>
-        <entry
-          key="Certificates"
-          value="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxImpl" />
-        <entry
-          key="IdentityLink"
-          value="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxImpl" />
-        <entry
-          key="CardChannel"
-          value="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxImpl" />
-        <entry
-          key="SV-Personendaten"
-          value="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxImpl" />
-      </map>
-    </property>
+	<!-- STAL factory -->
+	<bean id="stalFactory" class="at.gv.egiz.stal.service.impl.RequestBrokerSTALFactory"
+		scope="singleton">
+		<property name="configuration" ref="configuration" />
+	</bean>
+	
+	<!-- binding processor factories -->
+	<bean id="httpBindingProcessorFactory" class="at.gv.egiz.bku.binding.HTTPBindingProcessorFactory">
+    <property name="configuration" ref="configuration" />
+    <property name="urlDereferencer" ref="urlDereferencer" />
+    <property name="sslSocketFactory" ref="sslSocketFactory" />
+    <property name="hostnameVerifier" ref="hostnameVerifier" />
+    <property name="slCommandFactory" ref="slCommandFactory" />
+	</bean>
+  <bean id="samlBindingProcessorFactory" class="at.gv.egiz.mocca.id.SAMLBindingProcessorFactory">
+    <property name="configuration" ref="configuration" />
+    <property name="slCommandFactory" ref="slCommandFactory" />
+    <property name="urlDereferencer" ref="urlDereferencer" />
   </bean>
 
+	<!-- binding processor manager -->
 	<bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
 		scope="singleton">
-		<constructor-arg ref="STALFactory"></constructor-arg>
-		<constructor-arg ref="commandInvoker"></constructor-arg>
-    <constructor-arg ref="configuration"></constructor-arg>
+		<property name="stalFactory" ref="stalFactory" />
+		<property name="slCommandInvoker" ref="slCommandInvoker" />
+		<property name="factories">
+		  <list>
+		    <ref bean="httpBindingProcessorFactory"/>
+		    <ref bean="samlBindingProcessorFactory"/>
+		  </list>
+		</property>
 	</bean>
 
-  <!-- TODO DataURL bean with configuration injected -->
-
-	<bean
+	<bean id="attributeExporter"
 		class="org.springframework.web.context.support.ServletContextAttributeExporter">
 		<property name="attributes">
 			<map>
-				<entry key="bindingProcessorManager">
-					<ref bean="bindingProcessorManager" />
-				</entry>
+				<entry key="bindingProcessorManager" value-ref="bindingProcessorManager"/>
 			</map>
 		</property>
 	</bean>
 
-	<!-- Configure Configuration -->
-	<bean id="certValidator" class="at.gv.egiz.bku.conf.CertValidatorImpl"></bean>
-
-
-	<bean id="configurator" class="at.gv.egiz.bku.online.conf.SpringConfigurator"
-		init-method="configure" scope="singleton">
-		<property name="resource"
-			value="classpath:at/gv/egiz/bku/online/conf/defaultConf.properties" />
-		<property name="certValidator" ref="certValidator"></property>
-	</bean>
-
 	<!-- Shutdown Event handler -->
-	<bean id="shutdown" class="at.gv.egiz.bku.online.webapp.ShutdownHandler">
-		<property name="bindingProcessorManager" ref="bindingProcessorManager"></property>
+	<bean id="shutdownHandler" class="at.gv.egiz.bku.online.webapp.ShutdownHandler">
+		<property name="bindingProcessorManager" ref="bindingProcessorManager" />
 	</bean>
+	
+	<!-- JMX -->
+	<bean
+    class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
+    <property name="properties">
+      <map>
+        <entry key="contextPath">
+          <bean class="at.gv.egiz.bku.online.spring.ServletContextPathFactoryBean"/>
+        </entry>
+      </map>
+    </property>
+  </bean>
 
-  <!-- Begin MOCCA Configuration [REFACTORED]
-   |   Configuration beans (no conf properties file) should be injected directly 
-   |   to module configurators (at.gv.egiz.bku.X.conf.Configuration).
-   |   Currently, only configuration items are considered.
-   |-->
-  <import resource="mocca-conf.xml"/>
+  <bean id="mbeanServer" class="org.springframework.jmx.support.MBeanServerFactoryBean">
+    <property name="locateExistingServerIfPossible" value="true" />
+  </bean>
+   
+  <bean id="exporter" class="org.springframework.jmx.export.MBeanExporter">
+    <property name="server" ref="mbeanServer"/>
+    <property name="beans">
+      <map>
+        <entry
+          key="at.gv.egiz.mocca:type=bindingProcessorManager,contextPath=${contextPath},name=HTTP"
+          value-ref="bindingProcessorManager" />
+        <entry
+          key="at.gv.egiz.mocca:type=stalFactory,contextPath=${contextPath},name=RequestBrocker"
+          value-ref="stalFactory" />
+        <entry
+          key="at.gv.egiz.mocca:type=slCommandInvoker,contextPath=${contextPath},name=CommandInvoker"
+          value-ref="slCommandInvoker" />
+      </map>
+    </property>
+  </bean>
+	
 
 </beans>
 \ No newline at end of file
diff --git a/BKUOnline/src/main/webapp/WEB-INF/conf/configuration.xml b/BKUOnline/src/main/webapp/WEB-INF/conf/configuration.xml
new file mode 100644
index 00000000..20d27bb0
--- /dev/null
+++ b/BKUOnline/src/main/webapp/WEB-INF/conf/configuration.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<MoccaConfiguration version="1.0">
+  <DataURLConnection>
+		<!--
+			The maximum number of consecutive Security Layer requests received
+			from DataURL server before execution is aborted.
+		-->
+    <MaxHops>50</MaxHops>
+  </DataURLConnection>
+</MoccaConfiguration>
+\ No newline at end of file
diff --git a/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml b/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml
deleted file mode 100644
index 5c96dc58..00000000
--- a/BKUOnline/src/main/webapp/WEB-INF/mocca-conf.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-  Copyright 2008 Federal Chancellery Austria and
-  Graz University of Technology
-
-  Licensed under the Apache License, Version 2.0 (the "License");
-  you may not use this file except in compliance with the License.
-  You may obtain a copy of the License at
-
-      http://www.apache.org/licenses/LICENSE-2.0
-
-  Unless required by applicable law or agreed to in writing, software
-  distributed under the License is distributed on an "AS IS" BASIS,
-  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-  See the License for the specific language governing permissions and
-  limitations under the License.
--->
-
-<!--
- |   User configuration file. (defaultConf.properties is migrated to this file)
--->
-<beans xmlns="http://www.springframework.org/schema/beans"
-  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
-  xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
-                      http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.0.xsd">
-
-  <!-- BKU Common (ie. main) Configuration -->
-  <bean id="configuration" class="at.gv.egiz.bku.conf.Configuration">
-    <property name="maxDataUrlHops" value="50"/>
-
-    <!-- TODO refactor DataURL and inject this bkuCommonConfig to DataURL -->
-    <!-- TODO inject bkuCommonConfig to SpringBKUServlet and SpringSecurityManager
-     |   and replace SpringConfigurator -->
-    <!-- used to construct the User-Agent HTTP header 
-    <property name="implementationName" value="MOCCA"/>
-    <property name="implementationVersion" value="1.0"/-->
-  </bean>
-
-  <!--
-   |   ReaderFactory configuration not available in Applet
-   |
-  <bean id="smccConfiguration" class="at.gv.egiz.smcc.conf.SMCCConfiguration">
-    <property name="disablePinpad" value="true"/>
-  </bean>
-
-  <bean id="readerFactory" class="at.gv.egiz.smcc.reader.ReaderFactory">
-    <property name="configuration" ref="smccConfiguration"/>
-  </bean>
-   |-->
-   
-</beans>
diff --git a/BKUOnline/src/main/webapp/WEB-INF/web.xml b/BKUOnline/src/main/webapp/WEB-INF/web.xml
index 41cd400f..13ed30ee 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/web.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/web.xml
@@ -15,19 +15,23 @@
 <web-app id="bkuonline" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
   <display-name>http-security-layer-request</display-name>
 
-	<!--  Begin Spring Config -->
-  <context-param>
-    <param-name>contextConfigLocation</param-name>
-    <param-value>/WEB-INF/applicationContext.xml</param-value>
-  </context-param>
   <listener>
-    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+    <listener-class>at.gv.egiz.bku.online.webapp.MoccaContextListener</listener-class>
   </listener>
+
+	<!--  Begin Spring Config -->
+	<listener>
+		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+	</listener>
+	<context-param>
+		<param-name>configurationResource</param-name>
+		<param-value></param-value>
+	</context-param>
 	<!--  End Spring Config -->
 
 	<!--  Begin BKU Config -->
   <listener>
-    <listener-class>at.gv.egiz.bku.online.webapp.SessionTimeout</listener-class>
+    <listener-class>at.gv.egiz.bku.online.webapp.SessionListener</listener-class>
   </listener>
   <listener>
     <listener-class>com.sun.xml.ws.transport.http.servlet.WSServletContextListener</listener-class>
@@ -37,6 +41,14 @@
     <servlet-class>at.gv.egiz.bku.online.webapp.BKURequestHandler</servlet-class>
   </servlet>
   <servlet>
+    <servlet-name>SAMLServlet</servlet-name>
+    <servlet-class>at.gv.egiz.mocca.id.SAMLRequestHandler</servlet-class>
+  </servlet>
+  <servlet>
+    <servlet-name>DataURLServlet</servlet-name>
+    <servlet-class>at.gv.egiz.mocca.id.DataURLServerServlet</servlet-class>
+  </servlet>
+  <servlet>
     <servlet-name>ResultServlet</servlet-name>
     <servlet-class>at.gv.egiz.bku.online.webapp.ResultServlet</servlet-class>
     <init-param>
@@ -45,31 +57,39 @@
     </init-param>
     <init-param>
       <param-name>expiredPage</param-name>
-			<!-- FIXME -->
       <param-value>expired.html</param-value>
     </init-param>
   </servlet>
-  <servlet>
-    <servlet-name>BKUApplet</servlet-name>
-    <jsp-file>/applet.jsp</jsp-file>
-  </servlet>
-    <servlet>
-        <servlet-name>STALService</servlet-name>
-        <servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
-        <load-on-startup>1</load-on-startup>
-        </servlet>
-    <servlet-mapping>
-    <servlet-name>BKUServlet</servlet-name>
-    <url-pattern>/http-security-layer-request</url-pattern>
-  </servlet-mapping>
+	<servlet>
+		<servlet-name>STALService</servlet-name>
+		<servlet-class>com.sun.xml.ws.transport.http.servlet.WSServlet</servlet-class>
+		<load-on-startup>1</load-on-startup>
+	</servlet>
+	<servlet-mapping>
+		<servlet-name>BKUServlet</servlet-name>
+		<url-pattern>/http-security-layer-request</url-pattern>
+	</servlet-mapping>
   <servlet-mapping>
     <servlet-name>BKUServlet</servlet-name>
     <url-pattern>/https-security-layer-request</url-pattern>
   </servlet-mapping>
   <servlet-mapping>
+    <servlet-name>DataURLServlet</servlet-name>
+    <url-pattern>/DataURLServer</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
     <servlet-name>ResultServlet</servlet-name>
     <url-pattern>/bkuResult</url-pattern>
   </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>SAMLServlet</servlet-name>
+    <url-pattern>/moccaid</url-pattern>
+  </servlet-mapping>
+  <servlet-mapping>
+    <servlet-name>DataURLServlet</servlet-name>
+    <url-pattern>/DataURLServer</url-pattern>
+  </servlet-mapping>
+  
 
     <!--
      |  Configure alternative applet pages that may be requested