Add web security restrictions for demonstration page

Signed-off-by: Pekka Helenius <fincer89@hotmail.com>

bookstore/src/main/java/com/fjordtek/bookstore/web/BookBasePathAwareController.java

@@ -24,6 +24,7 @@ import com.fjordtek.bookstore.model.book.BookRepository;
 import com.fjordtek.bookstore.model.book.CategoryRepository;
 import com.fjordtek.bookstore.service.BookAuthorHelper;
 import com.fjordtek.bookstore.service.HttpServerLogger;
+import com.fjordtek.bookstore.service.session.BookStoreWebRestrictions;
 
 /**
  *
@@ -56,6 +57,9 @@ public class BookBasePathAwareController {
 	@Autowired
 	private HttpServerLogger httpServerLogger;
 
+	@Autowired
+	private BookStoreWebRestrictions webRestrictions;
+
 	//////////////////////////////
 	private void bookGetAndSetNestedJSON(Book book, JsonNode bookNode) {
 		// Nested data: Determine nested JSON keys & their values
@@ -108,6 +112,22 @@ public class BookBasePathAwareController {
 			HttpServletResponse responseData
 			) {
 
+		////////////
+		/*
+		 * Hard-coded book count limit.
+		 * Added as we expose all accounts to internet
+		 * due to course requirements & demo purposes.
+		 *
+		 * It is assumed that admin account is exposed, too.
+		 *
+		 * In real life, this must never be a case!
+		 * Instead, we should have a proper admin-only
+		 * configuration panel where to set these values.
+		 */
+		if (webRestrictions.limitBookMaxCount("prod")) {
+			return new ResponseEntity<>(HttpStatus.BAD_REQUEST);
+		}
+
 		try {
 
 			/*

bookstore/src/main/java/com/fjordtek/bookstore/web/BookController.java

@@ -39,6 +39,7 @@ import com.fjordtek.bookstore.model.book.CategoryRepository;
 import com.fjordtek.bookstore.service.BigDecimalPropertyEditor;
 import com.fjordtek.bookstore.service.BookAuthorHelper;
 import com.fjordtek.bookstore.service.HttpServerLogger;
+import com.fjordtek.bookstore.service.session.BookStoreWebRestrictions;
 
 /**
 *
@@ -85,6 +86,9 @@ public class BookController {
 	@Autowired
 	private BookEventHandler     bookEventHandler;
 
+	@Autowired
+	private BookStoreWebRestrictions webRestrictions;
+
 /*
 	private Map<String,String> globalModelMap = new HashMap<String,String>() {
 		private static final long serialVersionUID = 1L;
@@ -190,9 +194,38 @@ public class BookController {
 			@Valid @ModelAttribute("book") Book book,
 			BindingResult bindingResult,
 			HttpServletRequest requestData,
-			HttpServletResponse responseData
+			HttpServletResponse responseData,
+			RedirectAttributes redirectAttributes
 			) {
 
+		////////////
+		/*
+		 * Hard-coded book count limit.
+		 * Added as we expose all accounts to internet
+		 * due to course requirements & demo purposes.
+		 *
+		 * It is assumed that admin account is exposed, too.
+		 *
+		 * In real life, this must never be a case!
+		 * Instead, we should have a proper admin-only
+		 * configuration panel where to set these values.
+		 */
+		if (webRestrictions.limitBookMaxCount("prod")) {
+			redirectAttributes.addFlashAttribute(
+					"bookmaxcount",
+					msg.getMessage(
+							"security.book.count.max.msg",
+							null,
+							"security.book.count.max.msg [placeholder]",
+							requestData.getLocale()
+						)
+					+ " " + env.getProperty("security.book.count.max") + "."
+					);
+
+			return "redirect:" + env.getProperty("page.url.add");
+		}
+
+
 		// TODO consider better solution. Add custom Hibernate annotation for Book class?
 		if (bookRepository.existsByIsbn(book.getIsbn())) {
 			bindingResult.rejectValue(

bookstore/src/main/resources/templates/fragments/bookfields.html

@@ -11,6 +11,12 @@
 	<th:block th:fragment="bookfields">
 
 			<div class="bookform-section">
+			
+				<div class="alert alert-danger mt-2" th:if="${bookmaxcount != null}"
+				th:text="${bookmaxcount}">
+				Unable to add more books. Book count limit is X.
+				</div>
+			
 				<div>
 					<h3 th:text="${#messages.msgOrNull('book.author')} ?: 'book.author'">
 					book.author