Redesign of FintechServer redirect

[electronicpeter]

trafficstars

Redirect approach in FintechServer is currently implemented like that:

FinTechUI: 
	- defines (ok,nok url) which are real endpoints in UI
	- sends (ok,nok url) to FinTechServer

FintechServer: 
	- stores (ok,nok url) and uses new (ok2,nok2 url) as they are defined in
	  application.yml. These endpoints are real endpoints in FintechUI
	- sends (ok2,nok2 url) to TPP
	  
ConsentUI:
	- after whole call is done consentUI eventually redirects to (ok2,nok2 url) 
  	  as given from FintechServer
  	  
FintechUI:
	- UI of (ok2,nok2) url show confirmation and do call to FintechServer
	
FintechServer:
	- with help of redirectCode original (ok,nok url) are retrieved from database
	- confirmation of call from fintechUI now contains original (ok,nok url)
	
FintechUI:
	- eventualy redirects to (ok,nok url)

---

This involves FintechServer to have knowledge of FintechUI endpoints (ok2, nok2 url).

Better would be, FintechServer just has knowledge of FintechUI URL PREFIX (e.g. https://obg-fintechui/).

Changes which need to be done:

FinTechUI: 
	- defines (ok,nok url) which are real endpoints in UI
	- sends (ok,nok url) to FinTechServer

FintechServer: 
	- add FINTECH_SERVER PREFIX to (ok,nok url) 
	- sends FINTECH_SERVER PREFIX(ok,nok url) to TPP
           so Entitiy for storing redirect URLs can be removed. It is no more needed.

	  
ConsentUI:
	- after whole call is done consentUI eventually redirects to 
	  FINTECH_SERVER PREFIX to (ok,nok url)
  	  as given from FintechUI
  	  
FintechUI:
	- UI of (ok,nok) url show confirmation and do call to FintechServer
	
FintechServer:
	- confirmation of call from fintechUI DOES NOT any redirect URL
	
FintechUI:
	- knows from previously stored information what to do next. Eg. show accounts,
	  showTransactions, or showPayment.
	  
	  
Further, to be safe regard xss attack, urls parameters should be known by fintechServer and checked.
	  

[gatiskalnins]

https://jira.adorsys.de/browse/OBG-68