From d97657cf840ee146418036727cbdeb6e3c5d04ad Mon Sep 17 00:00:00 2001
From: GlyzinAI <glizin.art@gmail.com>
Date: Sun, 8 Sep 2019 19:10:53 +0300
Subject: [PATCH] 11_10_auth_user

---
 .../web/GlobalControllerExceptionHandler.java |  7 ------
 .../web/interceptor/ModelInterceptor.java     | 25 -------------------
 .../web/user/ProfileRestController.java       | 16 ++++++------
 .../topjava/web/user/ProfileUIController.java | 12 +++++----
 src/main/resources/spring/spring-mvc.xml      |  5 ++--
 .../WEB-INF/jsp/fragments/bodyHeader.jsp      |  2 +-
 6 files changed, 19 insertions(+), 48 deletions(-)
 delete mode 100644 src/main/java/ru/javawebinar/topjava/web/interceptor/ModelInterceptor.java

diff --git a/src/main/java/ru/javawebinar/topjava/web/GlobalControllerExceptionHandler.java b/src/main/java/ru/javawebinar/topjava/web/GlobalControllerExceptionHandler.java
index d8c72f5d9527..dc1a731169a0 100644
--- a/src/main/java/ru/javawebinar/topjava/web/GlobalControllerExceptionHandler.java
+++ b/src/main/java/ru/javawebinar/topjava/web/GlobalControllerExceptionHandler.java
@@ -7,7 +7,6 @@
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.NoHandlerFoundException;
-import ru.javawebinar.topjava.AuthorizedUser;
 import ru.javawebinar.topjava.util.ValidationUtil;
 import ru.javawebinar.topjava.util.exception.ErrorType;
 
@@ -37,12 +36,6 @@ private ModelAndView logAndGetExceptionView(HttpServletRequest req, Exception e,
         mav.addObject("typeMessage", messageUtil.getMessage(errorType.getErrorCode()));
         mav.addObject("exception", rootCause);
         mav.addObject("message", ValidationUtil.getMessage(rootCause));
-
-        // Interceptor is not invoked, put userTo
-        AuthorizedUser authorizedUser = SecurityUtil.safeGet();
-        if (authorizedUser != null) {
-            mav.addObject("userTo", authorizedUser.getUserTo());
-        }
         return mav;
     }
 }
diff --git a/src/main/java/ru/javawebinar/topjava/web/interceptor/ModelInterceptor.java b/src/main/java/ru/javawebinar/topjava/web/interceptor/ModelInterceptor.java
deleted file mode 100644
index 881dfaa4448e..000000000000
--- a/src/main/java/ru/javawebinar/topjava/web/interceptor/ModelInterceptor.java
+++ /dev/null
@@ -1,25 +0,0 @@
-package ru.javawebinar.topjava.web.interceptor;
-
-import org.springframework.web.servlet.ModelAndView;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-import ru.javawebinar.topjava.AuthorizedUser;
-import ru.javawebinar.topjava.web.SecurityUtil;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * This interceptor adds userTo to the model of every requests
- */
-public class ModelInterceptor extends HandlerInterceptorAdapter {
-
-    @Override
-    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
-        if (modelAndView != null && !modelAndView.isEmpty()) {
-            AuthorizedUser authorizedUser = SecurityUtil.safeGet();
-            if (authorizedUser != null) {
-                modelAndView.getModelMap().addAttribute("userTo", authorizedUser.getUserTo());
-            }
-        }
-    }
-}
diff --git a/src/main/java/ru/javawebinar/topjava/web/user/ProfileRestController.java b/src/main/java/ru/javawebinar/topjava/web/user/ProfileRestController.java
index 9062dcc02b20..bf240d353b0b 100644
--- a/src/main/java/ru/javawebinar/topjava/web/user/ProfileRestController.java
+++ b/src/main/java/ru/javawebinar/topjava/web/user/ProfileRestController.java
@@ -3,30 +3,30 @@
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
+import ru.javawebinar.topjava.AuthorizedUser;
 import ru.javawebinar.topjava.model.User;
 import ru.javawebinar.topjava.to.UserTo;
 
 import javax.validation.Valid;
 import java.net.URI;
 
-import static ru.javawebinar.topjava.web.SecurityUtil.authUserId;
-
 @RestController
 @RequestMapping(ProfileRestController.REST_URL)
 public class ProfileRestController extends AbstractUserController {
     static final String REST_URL = "/rest/profile";
 
     @GetMapping(produces = MediaType.APPLICATION_JSON_VALUE)
-    public User get() {
-        return super.get(authUserId());
+    public User get(@AuthenticationPrincipal AuthorizedUser authUser) {
+        return super.get(authUser.getId());
     }
 
     @DeleteMapping
     @ResponseStatus(HttpStatus.NO_CONTENT)
-    public void delete() {
-        super.delete(authUserId());
+    public void delete(@AuthenticationPrincipal AuthorizedUser authUser) {
+        super.delete(authUser.getId());
     }
 
     @PostMapping(value = "/register", consumes = MediaType.APPLICATION_JSON_VALUE)
@@ -42,8 +42,8 @@ public ResponseEntity<User> register(@Valid @RequestBody UserTo userTo) {
 
     @PutMapping(consumes = MediaType.APPLICATION_JSON_VALUE)
     @ResponseStatus(HttpStatus.NO_CONTENT)
-    public void update(@Valid @RequestBody UserTo userTo) {
-        super.update(userTo, authUserId());
+    public void update(@Valid @RequestBody UserTo userTo, @AuthenticationPrincipal AuthorizedUser authUser) {
+        super.update(userTo, authUser.getId());
     }
 
     @GetMapping(value = "/text")
diff --git a/src/main/java/ru/javawebinar/topjava/web/user/ProfileUIController.java b/src/main/java/ru/javawebinar/topjava/web/user/ProfileUIController.java
index 8cf633c89554..47d670ec9df3 100644
--- a/src/main/java/ru/javawebinar/topjava/web/user/ProfileUIController.java
+++ b/src/main/java/ru/javawebinar/topjava/web/user/ProfileUIController.java
@@ -1,5 +1,6 @@
 package ru.javawebinar.topjava.web.user;
 
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.ModelMap;
 import org.springframework.validation.BindingResult;
@@ -7,8 +8,8 @@
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.support.SessionStatus;
+import ru.javawebinar.topjava.AuthorizedUser;
 import ru.javawebinar.topjava.to.UserTo;
-import ru.javawebinar.topjava.web.SecurityUtil;
 
 import javax.validation.Valid;
 
@@ -17,17 +18,18 @@
 public class ProfileUIController extends AbstractUserController {
 
     @GetMapping
-    public String profile() {
+    public String profile(ModelMap model, @AuthenticationPrincipal AuthorizedUser authUser) {
+        model.addAttribute("userTo", authUser.getUserTo());
         return "profile";
     }
 
     @PostMapping
-    public String updateProfile(@Valid UserTo userTo, BindingResult result, SessionStatus status) {
+    public String updateProfile(@Valid UserTo userTo, BindingResult result, SessionStatus status, @AuthenticationPrincipal AuthorizedUser authUser) {
         if (result.hasErrors()) {
             return "profile";
         }
-        super.update(userTo, SecurityUtil.authUserId());
-        SecurityUtil.get().update(userTo);
+        super.update(userTo, authUser.getId());
+        authUser.update(userTo);
         status.setComplete();
         return "redirect:/meals";
     }
diff --git a/src/main/resources/spring/spring-mvc.xml b/src/main/resources/spring/spring-mvc.xml
index 85f4329d6eb9..6c4d643119f4 100644
--- a/src/main/resources/spring/spring-mvc.xml
+++ b/src/main/resources/spring/spring-mvc.xml
@@ -30,6 +30,9 @@
 <!--                </property>-->
             </bean>
         </mvc:message-converters>
+        <mvc:argument-resolvers>
+            <bean class="org.springframework.security.web.method.annotation.AuthenticationPrincipalArgumentResolver "/>
+        </mvc:argument-resolvers>
     </mvc:annotation-driven>
 
     <bean class="org.springframework.format.support.FormattingConversionServiceFactoryBean" id="conversionService">
@@ -76,8 +79,6 @@
     </bean>
 
     <mvc:interceptors>
-        <bean class="ru.javawebinar.topjava.web.interceptor.ModelInterceptor"/>
-
         <bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
             <property name="paramName" value="lang"/>
         </bean>
diff --git a/src/main/webapp/WEB-INF/jsp/fragments/bodyHeader.jsp b/src/main/webapp/WEB-INF/jsp/fragments/bodyHeader.jsp
index 8c5c4303333b..772d4e91a274 100644
--- a/src/main/webapp/WEB-INF/jsp/fragments/bodyHeader.jsp
+++ b/src/main/webapp/WEB-INF/jsp/fragments/bodyHeader.jsp
@@ -19,7 +19,7 @@
                             <sec:authorize access="hasRole('ROLE_ADMIN')">
                                 <a class="btn btn-info mr-1" href="users"><spring:message code="user.title"/></a>
                             </sec:authorize>
-                            <a class="btn btn-info mr-1" href="profile">${userTo.name} <spring:message code="app.profile"/></a>
+                            <a class="btn btn-info mr-1" href="profile"><sec:authentication property="principal.userTo.name"/> <spring:message code="app.profile"/></a>
                             <button class="btn btn-primary my-1" type="submit">
                                 <span class="fa fa-sign-out"></span>
                             </button>