Enhance sample to show method authorization.

samples/tutorial/src/main/java/bigbank/Account.java

@@ -0,0 +1,51 @@
+package bigbank;
+
+/**
+ * Note this class does not represent best practice, as we are failing to
+ * encapsulate business logic (methods) and state in the domain object.
+ * Nevertheless, this demo is intended to reflect what people usually do,
+ * as opposed to what they ideally would be doing.
+ * 
+ * @author Ben Alex
+ * @version $Id$
+ */
+public class Account {
+	private long id = -1;
+	private String holder;
+	private double balance;
+	
+	public Account(String holder) {
+		super();
+		this.holder = holder;
+	}
+
+	public long getId() {
+		return id;
+	}
+
+	public void setId(long id) {
+		this.id = id;
+	}
+
+	public String getHolder() {
+		return holder;
+	}
+
+	public void setHolder(String holder) {
+		this.holder = holder;
+	}
+
+	public double getBalance() {
+		return balance;
+	}
+
+	public void setBalance(double balance) {
+		this.balance = balance;
+	}
+
+	public String toString() {
+		return "Account[id=" + id + ",balance=" + balance +",holder=" + holder + "]";
+	}
+
+	
+}

samples/tutorial/src/main/java/bigbank/BankDao.java

@@ -0,0 +1,7 @@
+package bigbank;
+
+public interface BankDao {
+	public Account readAccount(Long id);
+	public void createOrUpdateAccount(Account account);
+	public Account[] findAccounts();
+}

samples/tutorial/src/main/java/bigbank/BankDaoStub.java

@@ -0,0 +1,32 @@
+package bigbank;
+
+import java.util.HashMap;
+import java.util.Map;
+
+public class BankDaoStub implements BankDao {
+	private long id = 0;
+	private Map accounts = new HashMap();
+	
+	public void createOrUpdateAccount(Account account) {
+		if (account.getId() == -1) {
+			id++;
+			account.setId(id);
+		}
+		accounts.put(new Long(account.getId()), account);
+		System.out.println("SAVE: " + account);
+	}
+
+	public Account[] findAccounts() {
+		Account[] a = (Account[]) accounts.values().toArray(new Account[] {});
+		System.out.println("Returning " + a.length + " account(s):");
+		for (int i = 0; i < a.length; i++) {
+			System.out.println(" > " + a[i]);
+		}
+		return a;
+	}
+
+	public Account readAccount(Long id) {
+		return (Account) accounts.get(id);
+	}
+
+}

samples/tutorial/src/main/java/bigbank/BankService.java

@@ -0,0 +1,15 @@
+package bigbank;
+
+import org.springframework.security.annotation.Secured;
+
+public interface BankService {
+	
+	@Secured("IS_AUTHENTICATED_REMEMBERED")
+	public Account readAccount(Long id);
+		
+	@Secured("IS_AUTHENTICATED_REMEMBERED")
+	public Account[] findAccounts();
+	
+	@Secured("ROLE_TELLER")
+	public Account post(Account account, double amount);
+}

samples/tutorial/src/main/java/bigbank/BankServiceImpl.java

@@ -0,0 +1,35 @@
+package bigbank;
+
+import org.springframework.util.Assert;
+
+public class BankServiceImpl implements BankService {
+	private BankDao bankDao;
+	
+	public BankServiceImpl(BankDao bankDao) {
+		Assert.notNull(bankDao);
+		this.bankDao = bankDao;
+	}
+
+	public Account[] findAccounts() {
+		return this.bankDao.findAccounts();
+	}
+
+	public Account post(Account account, double amount) {
+		Assert.notNull(account);
+		Assert.notNull(account.getId());
+		
+		// We read account bank from DAO so it reflects the latest balance
+		Account a = bankDao.readAccount(account.getId());
+		if (account == null) {
+			throw new IllegalArgumentException("Couldn't find requested account");
+		}
+		
+		a.setBalance(a.getBalance() + amount);
+		bankDao.createOrUpdateAccount(a);
+		return a;
+	}
+
+	public Account readAccount(Long id) {
+		return bankDao.readAccount(id);
+	}
+}

samples/tutorial/src/main/java/bigbank/SeedData.java

@@ -0,0 +1,21 @@
+package bigbank;
+
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.util.Assert;
+
+public class SeedData implements InitializingBean{
+	private BankDao bankDao;
+
+	public void afterPropertiesSet() throws Exception {
+		Assert.notNull(bankDao);
+		bankDao.createOrUpdateAccount(new Account("rod"));
+		bankDao.createOrUpdateAccount(new Account("dianne"));
+		bankDao.createOrUpdateAccount(new Account("scott"));
+		bankDao.createOrUpdateAccount(new Account("peter"));
+	}
+	
+	public void setBankDao(BankDao bankDao) {
+		this.bankDao = bankDao;
+	}
+	
+}

samples/tutorial/src/main/java/bigbank/web/ListAccounts.java

@@ -0,0 +1,34 @@
+package bigbank.web;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.util.Assert;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.Controller;
+
+import bigbank.BankService;
+
+public class ListAccounts implements Controller {
+
+	private BankService bankService;
+	
+	public ListAccounts(BankService bankService) {
+		Assert.notNull(bankService);
+		this.bankService = bankService;
+	}
+
+	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
+		// Security check (this is unnecessary if Spring Security is performing the authorization)
+//		if (request.getUserPrincipal() == null) {
+//			response.sendError(HttpServletResponse.SC_FORBIDDEN, "You must login to view the account list");
+//			return null;
+//		}
+		
+		// Actual business logic
+		ModelAndView mav = new ModelAndView("listAccounts");
+		mav.addObject("accounts", bankService.findAccounts());
+		return mav;
+	}
+
+}

samples/tutorial/src/main/java/bigbank/web/PostAccounts.java

@@ -0,0 +1,39 @@
+package bigbank.web;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.util.Assert;
+import org.springframework.web.bind.ServletRequestUtils;
+import org.springframework.web.servlet.ModelAndView;
+import org.springframework.web.servlet.mvc.Controller;
+
+import bigbank.Account;
+import bigbank.BankService;
+
+public class PostAccounts implements Controller {
+
+	private BankService bankService;
+	
+	public PostAccounts(BankService bankService) {
+		Assert.notNull(bankService);
+		this.bankService = bankService;
+	}
+
+	public ModelAndView handleRequest(HttpServletRequest request, HttpServletResponse response) throws Exception {
+		// Security check (this is unnecessary if Spring Security is performing the authorization)
+//		if (request.isUserInRole("ROLE_TELLER")) {
+//			response.sendError(HttpServletResponse.SC_FORBIDDEN, "You must be a teller to post transactions");
+//			return null;
+//		}
+		
+		// Actual business logic
+		Long id = ServletRequestUtils.getRequiredLongParameter(request, "id");
+		Double amount = ServletRequestUtils.getRequiredDoubleParameter(request, "amount");
+		Account a = bankService.readAccount(id);
+		bankService.post(a, amount);
+		
+		return new ModelAndView("redirect:listAccounts.html");
+	}
+
+}

samples/tutorial/src/main/resources/applicationContext-business.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:security="http://www.springframework.org/schema/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
+http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd">
+
+	<bean id="bankDao" class="bigbank.BankDaoStub"/>
+
+	<bean id="seedData" class="bigbank.SeedData">
+		<property name="bankDao" ref="bankDao"/>
+	</bean>
+
+	<bean id="bankService" class="bigbank.BankServiceImpl">
+		<constructor-arg ref="bankDao"/>
+	</bean>
+
+</beans>

samples/tutorial/src/main/webapp/WEB-INF/bank-servlet.xml

@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd">
+
+	<bean name="/listAccounts.html" class="bigbank.web.ListAccounts">
+		<constructor-arg ref="bankService"/>
+	</bean>
+	
+	<bean name="/post.html" class="bigbank.web.PostAccounts">
+		<constructor-arg ref="bankService"/>
+	</bean>
+	
+	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+		<property name="prefix" value="/WEB-INF/jsp/"/>
+		<property name="suffix" value=".jsp"/>
+	</bean>
+
+</beans>

samples/tutorial/src/main/webapp/WEB-INF/jsp/listAccounts.jsp

@@ -0,0 +1,27 @@
+<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
+
+<h1>Accounts</h1>
+
+<a href="index.jsp">Home3</a><br><br>
+
+<table>
+<c:forEach var="account" items="${accounts}">
+  <tr>
+  <td>
+      <c:out value="${account.id}"/>
+  </td>
+  <td>
+      <c:out value="${account.holder}"/>
+  </td>
+  <td>
+      <c:out value="${account.balance}"/>
+  </td>
+  <td>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=-20.00">-$20</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=-5.00">-$5</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=5.00">+$5</a>
+      <a href="post.html?id=<c:out value="${account.id}"/>&amount=20.00">+$20</a>
+  </td>
+  </tr>
+</c:forEach>
+</table>