From eae09bb13a8ae70aecf237650f3ed82245efeebb Mon Sep 17 00:00:00 2001
From: maibin <michal.aibin@gmail.com>
Date: Sun, 25 Sep 2016 22:45:22 +0200
Subject: [PATCH] Fixed both Thymeleaf and Interceptors articles (#699)

* Expression-Based Access Control

PermitAll, hasRole, hasAnyRole etc.
I modified classes regards to Security

* Added test cases for Spring Security Expressions

* Handler Interceptor - logging example

* Test for logger interceptor

* Removed conflicted part

* UserInterceptor (adding user information to model)

* Spring Handler Interceptor - session timers

* Spring Security CSRF attack protection with Thymeleaf

* Fix and();

* Logger update

* Changed config for Thymeleaf
---
 .../interceptor/SessionTimerInterceptor.java  |  7 +-
 spring-thymeleaf/pom.xml                      | 53 ++++++-----
 .../thymeleaf/config/WebMVCConfig.java        | 93 ++++++++++---------
 .../thymeleaf/config/WebMVCSecurity.java      |  8 +-
 4 files changed, 87 insertions(+), 74 deletions(-)

diff --git a/spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/SessionTimerInterceptor.java b/spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/SessionTimerInterceptor.java
index 8d967ed1ef..f5c1626989 100644
--- a/spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/SessionTimerInterceptor.java
+++ b/spring-security-rest-full/src/main/java/org/baeldung/web/interceptor/SessionTimerInterceptor.java
@@ -31,9 +31,8 @@ public class SessionTimerInterceptor extends HandlerInterceptorAdapter {
 		request.setAttribute("executionTime", startTime);
 		if (UserInterceptor.isUserLogged()) {
 			session = request.getSession();
-			log.info("Who is logged in: " + SecurityContextHolder.getContext().getAuthentication().getName());
-			log.info("Time since last request in this session: "
-					+ (System.currentTimeMillis() - request.getSession().getLastAccessedTime()) + " ms");
+			log.info("Time since last request in this session: {} ms",
+					System.currentTimeMillis() - request.getSession().getLastAccessedTime());
 			if (System.currentTimeMillis() - session.getLastAccessedTime() > MAX_INACTIVE_SESSION_TIME) {
 				log.warn("Logging out, due to inactive session");
 				SecurityContextHolder.clearContext();
@@ -52,6 +51,6 @@ public class SessionTimerInterceptor extends HandlerInterceptorAdapter {
 			final ModelAndView model) throws Exception {
 		log.info("Post handle method - check execution time of handling");
 		long startTime = (Long) request.getAttribute("executionTime");
-		log.info("Execution time for handling the request was: " + (System.currentTimeMillis() - startTime) + " ms");
+		log.info("Execution time for handling the request was: {} ms", System.currentTimeMillis() - startTime);
 	}
 }
diff --git a/spring-thymeleaf/pom.xml b/spring-thymeleaf/pom.xml
index 96508eb15e..a13f1de4c7 100644
--- a/spring-thymeleaf/pom.xml
+++ b/spring-thymeleaf/pom.xml
@@ -1,10 +1,30 @@
 <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-    xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <groupId>com.baeldung</groupId>
-    <artifactId>spring-thymeleaf</artifactId>
-    <version>0.1-SNAPSHOT</version>
-    <packaging>war</packaging>
+	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+	<modelVersion>4.0.0</modelVersion>
+	<groupId>com.baeldung</groupId>
+	<artifactId>spring-thymeleaf</artifactId>
+	<version>0.1-SNAPSHOT</version>
+	<packaging>war</packaging>
+	    <properties>
+        <java-version>1.8</java-version>
+        <!-- spring -->
+        <org.springframework-version>4.3.3.RELEASE</org.springframework-version>
+        <javax.servlet-version>3.0.1</javax.servlet-version>
+        <!-- logging -->
+        <org.slf4j.version>1.7.12</org.slf4j.version>
+        <logback.version>1.1.3</logback.version>
+        <!-- thymeleaf -->
+        <org.thymeleaf-version>3.0.1.RELEASE</org.thymeleaf-version>
+        <!-- validation -->
+        <javax.validation-version>1.1.0.Final</javax.validation-version>
+        <org.hibernate-version>5.1.2.Final</org.hibernate-version>
+
+        <!-- Maven plugins -->
+        <maven-compiler-plugin.version>3.5.1</maven-compiler-plugin.version>
+        <maven-war-plugin.version>2.6</maven-war-plugin.version>
+        <maven-surefire-plugin.version>2.19.1</maven-surefire-plugin.version>
+        <cargo-maven2-plugin.version>1.4.18</cargo-maven2-plugin.version>
+    </properties>
 
     <dependencies>
         <!-- Spring -->
@@ -167,25 +187,4 @@
         </plugins>
     </build>
     
-    <properties>
-        <java-version>1.8</java-version>
-        <!-- spring -->
-        <org.springframework-version>4.3.3.RELEASE</org.springframework-version>
-        <javax.servlet-version>3.0.1</javax.servlet-version>
-        <!-- logging -->
-        <org.slf4j.version>1.7.12</org.slf4j.version>
-        <logback.version>1.1.3</logback.version>
-        <!-- thymeleaf -->
-        <org.thymeleaf-version>2.1.4.RELEASE</org.thymeleaf-version>
-        <!-- validation -->
-        <javax.validation-version>1.1.0.Final</javax.validation-version>
-        <org.hibernate-version>5.1.2.Final</org.hibernate-version>
-
-        <!-- Maven plugins -->
-        <maven-compiler-plugin.version>3.5.1</maven-compiler-plugin.version>
-        <maven-war-plugin.version>2.6</maven-war-plugin.version>
-        <maven-surefire-plugin.version>2.19.1</maven-surefire-plugin.version>
-        <cargo-maven2-plugin.version>1.4.18</cargo-maven2-plugin.version>
-    </properties>
-
 </project>
diff --git a/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCConfig.java b/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCConfig.java
index cdea671c84..547d6deee9 100644
--- a/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCConfig.java
+++ b/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCConfig.java
@@ -1,17 +1,23 @@
 package com.baeldung.thymeleaf.config;
 
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.Description;
 import org.springframework.context.support.ResourceBundleMessageSource;
 import org.springframework.format.FormatterRegistry;
+import org.springframework.web.servlet.ViewResolver;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+import org.thymeleaf.TemplateEngine;
 import org.thymeleaf.spring4.SpringTemplateEngine;
+import org.thymeleaf.spring4.templateresolver.SpringResourceTemplateResolver;
 import org.thymeleaf.spring4.view.ThymeleafViewResolver;
-import org.thymeleaf.templateresolver.ServletContextTemplateResolver;
+import org.thymeleaf.templatemode.TemplateMode;
+import org.thymeleaf.templateresolver.ITemplateResolver;
 
 import com.baeldung.thymeleaf.formatter.NameFormatter;
 
@@ -22,53 +28,56 @@ import com.baeldung.thymeleaf.formatter.NameFormatter;
  * Java configuration file that is used for Spring MVC and Thymeleaf
  * configurations
  */
-public class WebMVCConfig extends WebMvcConfigurerAdapter {
+public class WebMVCConfig extends WebMvcConfigurerAdapter implements ApplicationContextAware {
 
-    @Bean
-    @Description("Thymeleaf Template Resolver")
-    public ServletContextTemplateResolver templateResolver() {
-        ServletContextTemplateResolver templateResolver = new ServletContextTemplateResolver();
-        templateResolver.setPrefix("/WEB-INF/views/");
-        templateResolver.setSuffix(".html");
-        templateResolver.setTemplateMode("HTML5");
+	private ApplicationContext applicationContext;
 
-        return templateResolver;
-    }
+	public void setApplicationContext(ApplicationContext applicationContext) {
+		this.applicationContext = applicationContext;
+	}
 
-    @Bean
-    @Description("Thymeleaf Template Engine")
-    public SpringTemplateEngine templateEngine() {
-        SpringTemplateEngine templateEngine = new SpringTemplateEngine();
-        templateEngine.setTemplateResolver(templateResolver());
+	@Bean
+	public ViewResolver viewResolver() {
+		ThymeleafViewResolver resolver = new ThymeleafViewResolver();
+		resolver.setTemplateEngine(templateEngine());
+		resolver.setCharacterEncoding("UTF-8");
+		resolver.setOrder(1);
+		return resolver;
+	}
 
-        return templateEngine;
-    }
+	@Bean
+	public TemplateEngine templateEngine() {
+		SpringTemplateEngine engine = new SpringTemplateEngine();
+		engine.setEnableSpringELCompiler(true);
+		engine.setTemplateResolver(templateResolver());
+		return engine;
+	}
 
-    @Bean
-    @Description("Thymeleaf View Resolver")
-    public ThymeleafViewResolver viewResolver() {
-        ThymeleafViewResolver viewResolver = new ThymeleafViewResolver();
-        viewResolver.setTemplateEngine(templateEngine());
-        viewResolver.setOrder(1);
-        return viewResolver;
-    }
+	private ITemplateResolver templateResolver() {
+		SpringResourceTemplateResolver resolver = new SpringResourceTemplateResolver();
+		resolver.setApplicationContext(applicationContext);
+		resolver.setPrefix("/WEB-INF/views/");
+		resolver.setSuffix(".html");
+		resolver.setTemplateMode(TemplateMode.HTML);
+		return resolver;
+	}
 
-    @Bean
-    @Description("Spring Message Resolver")
-    public ResourceBundleMessageSource messageSource() {
-        ResourceBundleMessageSource messageSource = new ResourceBundleMessageSource();
-        messageSource.setBasename("messages");
-        return messageSource;
-    }
+	@Bean
+	@Description("Spring Message Resolver")
+	public ResourceBundleMessageSource messageSource() {
+		ResourceBundleMessageSource messageSource = new ResourceBundleMessageSource();
+		messageSource.setBasename("messages");
+		return messageSource;
+	}
 
-    @Override
-    public void addResourceHandlers(ResourceHandlerRegistry registry) {
-        registry.addResourceHandler("/resources/**").addResourceLocations("/WEB-INF/resources/");
-    }
+	@Override
+	public void addResourceHandlers(ResourceHandlerRegistry registry) {
+		registry.addResourceHandler("/resources/**").addResourceLocations("/WEB-INF/resources/");
+	}
 
-    @Override
-    @Description("Custom Conversion Service")
-    public void addFormatters(FormatterRegistry registry) {
-        registry.addFormatter(new NameFormatter());
-    }
+	@Override
+	@Description("Custom Conversion Service")
+	public void addFormatters(FormatterRegistry registry) {
+		registry.addFormatter(new NameFormatter());
+	}
 }
diff --git a/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCSecurity.java b/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCSecurity.java
index 46bff38a3f..37844a2976 100644
--- a/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCSecurity.java
+++ b/spring-thymeleaf/src/main/java/com/baeldung/thymeleaf/config/WebMVCSecurity.java
@@ -37,7 +37,13 @@ public class WebMVCSecurity extends WebSecurityConfigurerAdapter {
 
     @Override
     protected void configure(final HttpSecurity http) throws Exception {
-        http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
+        http
+        .authorizeRequests()
+        .anyRequest()
+        .authenticated()
+        .and()
+        .httpBasic()
+        ;
     }
 
 }