From a5743a4e7157cb115cb1564d9327a426afac5ee0 Mon Sep 17 00:00:00 2001
From: mcentner <mcentner@8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4>
Date: Tue, 19 Jan 2010 07:37:59 +0000
Subject: Fixes XSS vulnerability.

git-svn-id: https://joinup.ec.europa.eu/svn/mocca/trunk@577 8a26b1a7-26f0-462f-b9ef-d0e30c41f5a4
---
 .../src/main/webapp/WEB-INF/applicationContext.xml | 83 +++++++++++++---------
 1 file changed, 50 insertions(+), 33 deletions(-)

(limited to 'BKUOnline/src/main/webapp')
diff --git a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
index 0324030e..fb3cae63 100644
--- a/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
+++ b/BKUOnline/src/main/webapp/WEB-INF/applicationContext.xml
@@ -30,47 +30,64 @@
 
 	<bean id="slCommandFactory" class="at.gv.egiz.bku.slcommands.SLCommandFactory"
 		factory-method="getInstance">
-		<property name="commandImpl">
-			<map>
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:NullOperationRequest"
-					value="at.gv.egiz.bku.slcommands.impl.NullOperationCommandImpl" />
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxReadRequest"
-					value="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandImpl" />
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:InfoboxUpdateRequest"
-					value="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandImpl" />
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:CreateXMLSignatureRequest"
-					value="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandImpl" />
-				<entry
-					key="http://www.buergerkarte.at/namespaces/securitylayer/1.2#:GetStatusRequest"
-					value="at.gv.egiz.bku.slcommands.impl.GetStatusCommandImpl" />
-			</map>
+		<property name="concreteFactories">
+		  <map>
+        <entry key-ref="nullOperationRequest" value-ref="nullOperationCommandFactory"/>
+		    <entry key-ref="infoboxReadRequest" value-ref="infoboxReadCommandFactory"/>
+        <entry key-ref="infoboxUpdateRequest" value-ref="infoboxUpdateCommandFactory"/>
+        <entry key-ref="createXMLSignatureRequest" value-ref="createXMLSignatureCommandFactory"/>
+        <entry key-ref="getStatusRequest" value-ref="getStatusCommandFactory"/>
+		  </map>
 		</property>
 	</bean>
 
-  <bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory"
-    factory-method="getInstance">
-    <property name="infoboxImpl">
+  <bean id="nullOperationCommandFactory" class="at.gv.egiz.bku.slcommands.impl.NullOperationCommandFactory"/>
+  <bean id="nullOperationRequest" class="javax.xml.namespace.QName">
+    <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+    <constructor-arg value="NullOperationRequest"/>
+  </bean>
+  <bean id="infoboxReadCommandFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxReadCommandFactory">
+    <property name="infoboxFactory" ref="infoboxFactory"/>
+  </bean>
+  <bean id="infoboxReadRequest" class="javax.xml.namespace.QName">
+    <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+    <constructor-arg value="InfoboxReadRequest"/>
+  </bean>
+  <bean id="infoboxUpdateCommandFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxUpdateCommandFactory">
+    <property name="infoboxFactory" ref="infoboxFactory"/>
+  </bean>
+  <bean id="infoboxUpdateRequest" class="javax.xml.namespace.QName">
+    <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+    <constructor-arg value="InfoboxUpdateRequest"/>
+  </bean>
+  <bean id="createXMLSignatureCommandFactory" class="at.gv.egiz.bku.slcommands.impl.CreateXMLSignatureCommandFactory"/>
+  <bean id="createXMLSignatureRequest" class="javax.xml.namespace.QName">
+    <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+    <constructor-arg value="CreateXMLSignatureRequest"/>
+  </bean>
+  <bean id="getStatusCommandFactory" class="at.gv.egiz.bku.slcommands.impl.GetStatusCommandFactory"/>
+  <bean id="getStatusRequest" class="javax.xml.namespace.QName">
+    <constructor-arg value="http://www.buergerkarte.at/namespaces/securitylayer/1.2#"/>
+    <constructor-arg value="GetStatusRequest"/>
+  </bean>
+
+  <bean id="infoboxFactory" class="at.gv.egiz.bku.slcommands.impl.InfoboxFactory">
+    <property name="infoboxFactories">
       <map>
-        <entry
-          key="Certificates"
-          value="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxImpl" />
-        <entry
-          key="IdentityLink"
-          value="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxImpl" />
-        <entry
-          key="CardChannel"
-          value="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxImpl" />
-        <entry
-          key="SV-Personendaten"
-          value="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxImpl" />
+        <entry key="Certificates" value-ref="certificatesInfoboxFactory"/>
+        <entry key="IdentityLink" value-ref="identityLinkInfoboxFactory"/>
+        <entry key="CardChannel" value-ref="cardChannelInfoboxFactory"/>
+        <entry key="SV-Personendaten" value-ref="svPersonendatenInfoboxFactory"/>
       </map>
     </property>
   </bean>
 
+  <bean id="certificatesInfoboxFactory" class="at.gv.egiz.bku.slcommands.impl.CertificatesInfoboxFactory"/>
+  <bean id="identityLinkInfoboxFactory" class="at.gv.egiz.bku.slcommands.impl.IdentityLinkInfoboxFactory"/>
+  <bean id="cardChannelInfoboxFactory" class="at.gv.egiz.bku.slcommands.impl.CardChannelInfoboxFactory"/>
+  <bean id="svPersonendatenInfoboxFactory" class="at.gv.egiz.bku.slcommands.impl.SVPersonendatenInfoboxFactory"/>
+
+
 	<bean id="bindingProcessorManager" class="at.gv.egiz.bku.binding.BindingProcessorManagerImpl"
 		scope="singleton">
 		<constructor-arg ref="STALFactory"></constructor-arg>
-- 
cgit v1.2.3

