rename folders

2024-10-06 18:28:31 +02:00
parent 8482770998
commit b6bff9ff7e
42 changed files with 3092 additions and 0 deletions
@@ -0,0 +1,11 @@
 bin/
 target/
 .settings/
 .project
 .classpath
 hs_err*.log
 application.properties
 usernames.txt
 lucene
 .vscode
@@ -0,0 +1,138 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project xmlns="http://maven.apache.org/POM/4.0.0"
 	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>de.champonthis</groupId>
 	<artifactId>buntspecht</artifactId>
 	<version>${revision}</version>
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<java.version>17</java.version>
 		<maven.compiler.release></maven.compiler.release>
 		<maven.compiler.source>${java.version}</maven.compiler.source>
 		<maven.compiler.target>${java.version}</maven.compiler.target>
 		<querydsl.version>5.1.0</querydsl.version>
 		<revision>0.4.0</revision>
 	</properties>
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
 		<version>3.3.4</version>
 		<relativePath />
 	</parent>
 	<dependencies>
 		<!-- Spring -->
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-web</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-data-jpa</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-webflux</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-mail</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.session</groupId>
 			<artifactId>spring-session-jdbc</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-oauth2-client</artifactId>
 		</dependency>
 		<!-- Query DSL -->
 		<dependency>
 			<groupId>com.querydsl</groupId>
 			<artifactId>querydsl-apt</artifactId>
 			<version>${querydsl.version}</version>
 			<classifier>jakarta</classifier>
 		</dependency>
 		<dependency>
 			<groupId>com.querydsl</groupId>
 			<artifactId>querydsl-jpa</artifactId>
 			<version>${querydsl.version}</version>
 			<classifier>jakarta</classifier>
 		</dependency>
 		<!-- Utils -->
 		<dependency>
 			<groupId>commons-validator</groupId>
 			<artifactId>commons-validator</artifactId>
 			<version>1.9.0</version>
 		</dependency>
 		<dependency>
 			<groupId>com.google.code.gson</groupId>
 			<artifactId>gson</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.commons</groupId>
 			<artifactId>commons-lang3</artifactId>
 		</dependency>
 		<dependency>
 			<groupId>org.bouncycastle</groupId>
 			<artifactId>bcprov-jdk18on</artifactId>
 			<version>1.78.1</version>
 		</dependency>
 		<dependency>
 			<groupId>org.passay</groupId>
 			<artifactId>passay</artifactId>
 			<version>1.6.5</version>
 		</dependency>
 		<!-- Datbase -->
 		<dependency>
 			<groupId>org.postgresql</groupId>
 			<artifactId>postgresql</artifactId>
 			<scope>runtime</scope>
 		</dependency>
 	</dependencies>
 	<build>
 		<plugins>
 			<plugin>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 				<configuration>
 					<mainClass>de.champonthis.buntspecht.Application</mainClass>
 					<finalName>buntspecht</finalName>
 					<executable>true</executable>
 					<layout>ZIP</layout>
 				</configuration>
 				<executions>
 					<execution>
 						<id>build-info</id>
 						<goals>
 							<goal>build-info</goal>
 						</goals>
 					</execution>
 				</executions>
 			</plugin>
 		</plugins>
 	</build>
 </project>
@@ -0,0 +1,16 @@
 package de.champonthis.buntspecht;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
@SpringBootApplication
 public class Application extends SpringBootServletInitializer {
 	public static void main(String[] args) {
 		SpringApplication.run(Application.class, args);
 	}
 }
@@ -0,0 +1,24 @@
 package de.champonthis.buntspecht;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.data.jpa.repository.config.EnableJpaAuditing;
 import com.querydsl.jpa.impl.JPAQueryFactory;
 import jakarta.persistence.EntityManager;
@Configuration
@EnableJpaAuditing
 public class JPAConfig {
 	@Autowired
 	private EntityManager em;
 	@Bean
 	public JPAQueryFactory jpaQueryFactory() {
 		return new JPAQueryFactory(em);
 	}
 }
@@ -0,0 +1,74 @@
 package de.champonthis.buntspecht.businesslogic;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.Assert;
 import de.champonthis.buntspecht.model.SystemProperty;
 import de.champonthis.buntspecht.repository.SystemPropertyRepository;
@Component
 public class SystemPropertyManager {
 	@Autowired
 	private SystemPropertyRepository systemPropertyRepository;
 	public boolean has(String key) {
 		return systemPropertyRepository.existsById(key);
 	}
 	public String get(String key) {
 		return systemPropertyRepository.findById(key).orElse(new SystemProperty()).getValue();
 	}
 	public String get(String key, String defaultValue) {
 		return systemPropertyRepository.findById(key).orElse(new SystemProperty(key, defaultValue)).getValue();
 	}
 	public boolean getBoolean(String key) {
 		return getBoolean(key, false);
 	}
 	public boolean getBoolean(String key, boolean defaultValue) {
 		return Boolean.valueOf(get(key, String.valueOf(defaultValue)));
 	}
 	public int getInteger(String key) {
 		return getInteger(key, 0);
 	}
 	public int getInteger(String key, int defaultValue) {
 		return Integer.valueOf(get(key, String.valueOf(defaultValue)));
 	}
 	public long getLong(String key) {
 		return getLong(key, 0L);
 	}
 	public long getLong(String key, long defaultValue) {
 		return Long.valueOf(get(key, String.valueOf(defaultValue)));
 	}
 	public void add(String key, String value) {
 		Assert.isTrue(!systemPropertyRepository.existsById(key),
 				"System Property already exists, use update method to change value!");
 		systemPropertyRepository.save(new SystemProperty(key, value));
 	}
 	public void update(String key, String value) {
 		Assert.isTrue(systemPropertyRepository.existsById(key),
 				"System Property does not exists, use add method to add new!");
 		SystemProperty systemProperty = systemPropertyRepository.findById(key).get();
 		systemProperty.setValue(value);
 		systemPropertyRepository.save(systemProperty);
 	}
 	public void set(String key, String value) {
 		if (systemPropertyRepository.existsById(key)) {
 			update(key, value);
 		} else {
 			add(key, value);
 		}
 	}
 }
@@ -0,0 +1,202 @@
 package de.champonthis.buntspecht.businesslogic;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Service;
 import org.springframework.util.StringUtils;
 import com.querydsl.core.BooleanBuilder;
 import com.querydsl.core.QueryResults;
 import com.querydsl.core.Tuple;
 import com.querydsl.core.types.Order;
 import com.querydsl.core.types.OrderSpecifier;
 import com.querydsl.core.types.Path;
 import com.querydsl.core.types.Predicate;
 import com.querydsl.jpa.impl.JPAQuery;
 import com.querydsl.jpa.impl.JPAQueryFactory;
 import de.champonthis.buntspecht.controller.model.TurnoverFilterModel;
 import de.champonthis.buntspecht.model.QTurnover;
 import de.champonthis.buntspecht.model.Turnover;
 import de.champonthis.buntspecht.repository.TurnoverRepository;
@Service
 public class TurnoverManager {
 	@Autowired
 	private TurnoverRepository turnoverRepository;
 	@Autowired
 	private JPAQueryFactory jpaQueryFactory;
 	private QTurnover qTurnover = QTurnover.turnover;
 	public QueryResults<Turnover> fetch(long limit, long offset, String sortBy, boolean descending,
 			TurnoverFilterModel filter) {
 		return fetch(null, limit, offset, sortBy, descending, filter);
 	}
 	public QueryResults<Turnover> fetch(String username, long limit, long offset, String sortBy, boolean descending,
 			TurnoverFilterModel filter) {
 		BooleanBuilder builder = new BooleanBuilder();
 		if (StringUtils.hasText(username)) {
 			builder.and(qTurnover.username.eq(username));
 		}
 		builder.and(buildFilter(filter));
 		JPAQuery<Turnover> query = jpaQueryFactory.from(qTurnover).where(builder.getValue()).select(qTurnover);
 		Long total = query.clone().select(qTurnover.id.countDistinct()).fetchOne();
 		if (StringUtils.hasText(sortBy)) {
 			Path<? extends Comparable<?>> path = null;
 			switch (sortBy) {
 				case "created":
 					path = qTurnover.created;
 					break;
 				case "dueDate":
 					path = qTurnover.dueDate;
 					break;
 				case "updated":
 					path = qTurnover.updated;
 					break;
 				case "customer":
 					path = qTurnover.customer;
 					break;
 				case "price":
 					path = qTurnover.price;
 					break;
 				case "timeInvestment":
 					path = qTurnover.timeInvestment;
 					break;
 			}
 			if (path != null) {
 				query.orderBy(new OrderSpecifier<>(descending ? Order.DESC : Order.ASC, path));
 			}
 		}
 		List<Turnover> result = query.limit(limit).offset(offset).fetch();
 		return new QueryResults<Turnover>(result, limit, offset, total == null ? 0L : total);
 	}
 	protected Predicate buildFilter(TurnoverFilterModel filter) {
 		BooleanBuilder builder = new BooleanBuilder();
 		if (filter != null) {
 			if (filter.getCreated() != null) {
 				if (filter.getCreated().getMin() != null) {
 					builder.and(qTurnover.created.after(filter.getCreated().getMin()));
 				}
 				if (filter.getCreated().getMax() != null) {
 					builder.and(qTurnover.created.before(filter.getCreated().getMax()));
 				}
 			}
 			if (filter.getDueDate() != null) {
 				if (filter.getDueDate().getMin() != null) {
 					builder.and(qTurnover.dueDate.after(filter.getDueDate().getMin()));
 				}
 				if (filter.getDueDate().getMax() != null) {
 					builder.and(qTurnover.dueDate.before(filter.getDueDate().getMax()));
 				}
 			}
 			if (filter.getUpdated() != null) {
 				if (filter.getUpdated().getMin() != null) {
 					builder.and(qTurnover.updated.after(filter.getUpdated().getMin()));
 				}
 				if (filter.getUpdated().getMax() != null) {
 					builder.and(qTurnover.updated.before(filter.getUpdated().getMax()));
 				}
 			}
 			if (filter.getCustomer() != null) {
 				builder.and(qTurnover.customer.contains(filter.getCustomer()));
 			}
 			if (filter.getMotif() != null) {
 				builder.and(qTurnover.motif.contains(filter.getMotif()));
 			}
 			if (filter.getPrice() != null) {
 				if (filter.getPrice().getMin() != null) {
 					builder.and(qTurnover.price.goe(filter.getPrice().getMin()));
 				}
 				if (filter.getPrice().getMax() != null) {
 					builder.and(qTurnover.price.loe(filter.getPrice().getMax()));
 				}
 			}
 			if (filter.getTimeInvestment() != null) {
 				if (filter.getTimeInvestment().getMin() != null) {
 					builder.and(qTurnover.timeInvestment.goe(filter.getTimeInvestment().getMin()));
 				}
 				if (filter.getTimeInvestment().getMax() != null) {
 					builder.and(qTurnover.timeInvestment.loe(filter.getTimeInvestment().getMax()));
 				}
 			}
 		}
 		return builder.getValue();
 	}
 	public Turnover get(Long id) {
 		return turnoverRepository.findById(id).orElse(null);
 	}
 	public Turnover save(Turnover turnover) {
 		return turnoverRepository.save(turnover);
 	}
 	public boolean exists(Long id) {
 		return turnoverRepository.existsById(id);
 	}
 	public void delete(Turnover turnover) {
 		turnoverRepository.delete(turnover);
 	}
 	public void deleteById(Long id) {
 		turnoverRepository.deleteById(id);
 	}
 	public void deleteByUsername(String username) {
 		turnoverRepository.deleteAllInBatch(turnoverRepository.findAll(qTurnover.username.eq(username)));
 	}
 	public QueryResults<Tuple> overview(String username, long limit, long offset, String sortBy, boolean descending,
 			TurnoverFilterModel filter) {
 		BooleanBuilder builder = new BooleanBuilder();
 		if (StringUtils.hasText(username)) {
 			builder.and(qTurnover.username.eq(username));
 		}
 		builder.and(buildFilter(filter));
 		JPAQuery<Tuple> query = jpaQueryFactory.from(qTurnover).where(builder.getValue()).groupBy(qTurnover.username)
 				.select(qTurnover.username.as("username"), qTurnover.price.sum().as("price"),
 						qTurnover.timeInvestment.sum().as("timeInvestment"));
 		Long total = query.clone().select(qTurnover.username.countDistinct()).fetchOne();
 		if (StringUtils.hasText(sortBy)) {
 			Path<? extends Comparable<?>> path = null;
 			switch (sortBy) {
 				case "username":
 					path = qTurnover.username;
 					break;
 				case "price":
 					path = qTurnover.price;
 					break;
 				case "timeInvestment":
 					path = qTurnover.timeInvestment;
 					break;
 			}
 			if (path != null) {
 				query.orderBy(new OrderSpecifier<>(descending ? Order.DESC : Order.ASC, path));
 			}
 		}
 		List<Tuple> result = query.limit(limit).offset(offset)
 				.fetch();
 		return new QueryResults<Tuple>(result, limit, offset, total == null ? 0L : total);
 	}
 }
@@ -0,0 +1,211 @@
 package de.champonthis.buntspecht.businesslogic;
 import java.util.ArrayList;
 import java.util.List;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.SmartInitializingSingleton;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
 import org.springframework.stereotype.Service;
 import org.springframework.util.Assert;
 import org.springframework.util.StringUtils;
 import com.querydsl.core.BooleanBuilder;
 import com.querydsl.core.QueryResults;
 import com.querydsl.core.types.Order;
 import com.querydsl.core.types.OrderSpecifier;
 import com.querydsl.core.types.Path;
 import com.querydsl.jpa.impl.JPAQuery;
 import com.querydsl.jpa.impl.JPAQueryFactory;
 import de.champonthis.buntspecht.model.QUser;
 import de.champonthis.buntspecht.model.User;
 import de.champonthis.buntspecht.repository.UserRepository;
 import de.champonthis.buntspecht.security.LocalUserDetails;
 import jakarta.transaction.Transactional;
@Service
 public class UserManager implements UserDetailsService, SmartInitializingSingleton {
 	private Logger logger = LoggerFactory.getLogger(UserManager.class);
 	@Autowired
 	private UserRepository userRepository;
 	@Autowired
 	private PasswordEncoder passwordEncoder;
 	@Autowired
 	private JPAQueryFactory jpaQueryFactory;
 	@Autowired
 	private TurnoverManager turnoverManager;
 	private QUser qUser = QUser.user;
 	@Value("${admin.password:}")
 	private String adminPassword;
 	public QueryResults<User> fetch(long limit, long offset, String sortBy, boolean descending, String usernameFilter) {
 		BooleanBuilder builder = new BooleanBuilder();
 		if (StringUtils.hasText(usernameFilter)) {
 			builder.and(qUser.username.contains(usernameFilter));
 		}
 		JPAQuery<User> query = jpaQueryFactory.from(qUser).where(builder.getValue()).select(qUser);
 		Long total = query.clone().select(qUser.username.countDistinct()).fetchOne();
 		if (StringUtils.hasText(sortBy)) {
 			Path<? extends Comparable<?>> path = null;
 			switch (sortBy) {
 				case "username":
 					path = qUser.username;
 					break;
 				case "name":
 					path = qUser.name;
 					break;
 			}
 			if (path != null) {
 				query.orderBy(new OrderSpecifier<>(descending ? Order.DESC : Order.ASC, path));
 			}
 		}
 		List<User> result = query.limit(limit).offset(offset).fetch();
 		return new QueryResults<User>(result, limit, offset, total == null ? 0L : total);
 	}
 	@Override
 	@Transactional
 	public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
 		User user = getByUsername(username);
 		if (user == null) {
 			throw new UsernameNotFoundException(username);
 		}
 		List<GrantedAuthority> authorities = new ArrayList<>();
 		if (user.getRoles() != null) {
 			for (String role : user.getRoles()) {
 				authorities.add(new SimpleGrantedAuthority(role));
 			}
 		}
 		String passwordHash = user.getPasswordHash();
 		if (passwordHash == null) {
 			passwordHash = "";
 		}
 		LocalUserDetails userDetails = new LocalUserDetails(username, passwordHash, authorities);
 		return userDetails;
 	}
 	@Override
 	public void afterSingletonsInstantiated() {
 		if (!userRepository.exists(qUser.roles.contains("ROLE_ADMIN"))) {
 			if (!StringUtils.hasText(adminPassword)) {
 				adminPassword = RandomStringUtils.random(24, true, true);
 				logger.error("password for 'admin': " + adminPassword);
 			}
 			User admin = new User();
 			admin.setUsername("admin");
 			admin.setRoles(List.of("ROLE_ADMIN", "ROLE_DEBUG"));
 			admin.setPasswordHash(passwordEncoder.encode(adminPassword));
 			admin.setLocale("de");
 			userRepository.save(admin);
 		}
 	}
 	@Transactional
 	public User getByUsername(String username) {
 		return userRepository.findOne(qUser.username.equalsIgnoreCase(username)).orElse(null);
 	}
 	public User getByExternalId(String externalId) {
 		return userRepository.findOne(qUser.externalId.eq(externalId)).orElse(null);
 	}
 	public User getByAuth(Authentication authentication) {
 		if (authentication != null) {
 			if (authentication instanceof UsernamePasswordAuthenticationToken) {
 				UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
 				return getByUsername(token.getName());
 			} else if (authentication instanceof OAuth2AuthenticationToken) {
 				OAuth2AuthenticationToken token = (OAuth2AuthenticationToken) authentication;
 				String externalId = token.getAuthorizedClientRegistrationId() + "-" +
 						token.getName();
 				User user = getByExternalId(externalId);
 				if (user == null) {
 					user = new User();
 					user.setExternalId(externalId);
 					String tmpUsername = token.getPrincipal().getAttribute("preferred_username");
 					if (!StringUtils.hasText(tmpUsername)) {
 						tmpUsername = token.getPrincipal().getAttribute("username");
 					}
 					if (!StringUtils.hasText(tmpUsername)) {
 						tmpUsername = token.getPrincipal().getAttribute("name");
 					} else {
 						user.setName(token.getPrincipal().getAttribute("name"));
 					}
 					if (!StringUtils.hasText(tmpUsername)) {
 						tmpUsername = token.getName();
 					}
 					if (!StringUtils.hasText(tmpUsername)) {
 						tmpUsername = "user";
 					}
 					int count = 1;
 					String username = tmpUsername;
 					while (userRepository.exists(qUser.username.equalsIgnoreCase(username))) {
 						username = tmpUsername + "-" + count;
 						count++;
 					}
 					user.setUsername(username);
 					user.setEmail(token.getPrincipal().getAttribute("email"));
 					user = userRepository.save(user);
 				}
 				return user;
 			}
 		}
 		return null;
 	}
 	public User save(User user) {
 		if (exists(user.getUsername())) {
 			user.setPasswordHash(this.getPasswordHash(user.getUsername()));
 		}
 		return userRepository.save(user);
 	}
 	public boolean exists(String username) {
 		return userRepository.exists(qUser.username.equalsIgnoreCase(username));
 	}
 	public void delete(User user) {
 		turnoverManager.deleteByUsername(user.getUsername());
 		userRepository.delete(user);
 	}
 	@Transactional
 	public String getPasswordHash(String username) {
 		Assert.isTrue(userRepository.existsById(username), "User with username '" + username + "' not exists!");
 		return userRepository.findById(username).get().getPasswordHash();
 	}
 	public User setPassword(String username, String password) {
 		Assert.isTrue(userRepository.existsById(username), "User with username '" + username + "' not exists!");
 		User user = userRepository.findById(username).get();
 		user.setPasswordHash(passwordEncoder.encode(password));
 		return userRepository.save(user);
 	}
 }
@@ -0,0 +1,85 @@
 package de.champonthis.buntspecht.controller;
 import java.util.ArrayList;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.ResolvableType;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.client.registration.ClientRegistration;
 import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import de.champonthis.buntspecht.controller.support.EntityResponseStatusException;
 import de.champonthis.buntspecht.security.LocalUserDetails;
@RestController
@RequestMapping("/auth")
 public class AuthenticationController extends BaseController {
 	private static String authorizationRequestBaseUri = "oauth2/authorization";
 	@Autowired(required = false)
 	private ClientRegistrationRepository clientRegistrationRepository;
 	@GetMapping
 	public Object me() {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		if (auth != null && auth.getPrincipal() instanceof LocalUserDetails) {
 			return (LocalUserDetails) auth.getPrincipal();
 		}
 		throw new EntityResponseStatusException(HttpStatus.UNAUTHORIZED);
 	}
 	@SuppressWarnings("unchecked")
 	@GetMapping("external")
 	public List<Client> getExternalLoginUrls() {
 		List<Client> clients = new ArrayList<>();
 		if (clientRegistrationRepository != null) {
 			Iterable<ClientRegistration> clientRegistrations = null;
 			ResolvableType type = ResolvableType.forInstance(clientRegistrationRepository).as(Iterable.class);
 			if (type != ResolvableType.NONE && ClientRegistration.class.isAssignableFrom(type.resolveGenerics()[0])) {
 				clientRegistrations = (Iterable<ClientRegistration>) clientRegistrationRepository;
 				clientRegistrations.forEach(registration -> clients.add(new Client(registration.getRegistrationId(),
 						authorizationRequestBaseUri + "/" + registration.getRegistrationId())));
 			}
 		}
 		return clients;
 	}
 	protected static class Client {
 		private String id;
 		private String loginUrl;
 		public Client(String id, String loginUrl) {
 			super();
 			this.id = id;
 			this.loginUrl = loginUrl;
 		}
 		public String getId() {
 			return id;
 		}
 		public void setId(String id) {
 			this.id = id;
 		}
 		public String getLoginUrl() {
 			return loginUrl;
 		}
 		public void setLoginUrl(String loginUrl) {
 			this.loginUrl = loginUrl;
 		}
 	}
 }
@@ -0,0 +1,32 @@
 package de.champonthis.buntspecht.controller;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import de.champonthis.buntspecht.security.LocalUserDetails;
 public class BaseController {
 	protected boolean authenticated() {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		return auth != null && auth.isAuthenticated();
 	}
 	protected String getCurrentUsername() {
 		LocalUserDetails userDetails = getLocalUserDetails();
 		return userDetails != null ? userDetails.getUsername() : null;
 	}
 	protected boolean hasRole(String role) {
 		LocalUserDetails userDetails = getLocalUserDetails();
 		return userDetails != null ? userDetails.getAuthorities().contains(new SimpleGrantedAuthority(role)) : false;
 	}
 	protected LocalUserDetails getLocalUserDetails() {
 		Authentication auth = SecurityContextHolder.getContext().getAuthentication();
 		return (auth != null && auth.getPrincipal() instanceof LocalUserDetails)
 				? (LocalUserDetails) auth.getPrincipal()
 				: null;
 	}
 }
@@ -0,0 +1,174 @@
 package de.champonthis.buntspecht.controller;
 import java.time.Instant;
 import java.util.List;
 import java.util.Optional;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.util.StringUtils;
 import org.springframework.validation.Errors;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import com.querydsl.core.QueryResults;
 import com.querydsl.core.Tuple;
 import de.champonthis.buntspecht.businesslogic.TurnoverManager;
 import de.champonthis.buntspecht.businesslogic.UserManager;
 import de.champonthis.buntspecht.controller.model.TurnoverFilterModel;
 import de.champonthis.buntspecht.controller.model.TurnoverFilterModel.MinMax;
 import de.champonthis.buntspecht.controller.support.EntityResponseStatusException;
 import de.champonthis.buntspecht.controller.support.RequestBodyErrors;
 import de.champonthis.buntspecht.controller.validation.TurnoverValidator;
 import de.champonthis.buntspecht.model.Turnover;
 import jakarta.transaction.Transactional;
@RestController
@RequestMapping("/turnovers")
 public class TurnoverController extends BaseController {
 	@Autowired
 	private TurnoverManager turnoverManager;
 	@Autowired
 	private UserManager userManager;
 	@Autowired
 	private TurnoverValidator turnoverValidator;
 	@PreAuthorize("isAuthenticated()")
 	@GetMapping
 	@Transactional
 	public QueryResults<Turnover> fetch(
 			@RequestParam("limit") Optional<Long> limitParameter,
 			@RequestParam("offset") Optional<Long> offsetParameter,
 			@RequestParam("sort") Optional<String> sort,
 			@RequestParam("descending") Optional<Boolean> descending,
 			@RequestParam("from") Optional<Instant> from,
 			@RequestParam("to") Optional<Instant> to,
 			@RequestParam("created_from") Optional<Instant> fromCreated,
 			@RequestParam("created_to") Optional<Instant> toCreated,
 			@RequestParam("customer") Optional<String> customer,
 			@RequestParam("motif") Optional<String> motif) {
 		TurnoverFilterModel filter = new TurnoverFilterModel();
 		filter.setDueDate(new MinMax<Instant>(from.orElse(null), to.orElse(null)));
 		filter.setCreated(new MinMax<Instant>(fromCreated.orElse(null), toCreated.orElse(null)));
 		filter.setCustomer(customer.orElse(null));
 		filter.setMotif(motif.orElse(null));
 		return turnoverManager.fetch(getCurrentUsername(), limitParameter.orElse(15L), offsetParameter.orElse(0L),
 				sort.orElse("dueDate"), descending.orElse(false), filter);
 	}
 	@PreAuthorize("isAuthenticated()")
 	@GetMapping("/overview")
 	@Transactional
 	public Tuple overview(
 			@RequestParam("limit") Optional<Long> limitParameter,
 			@RequestParam("offset") Optional<Long> offsetParameter,
 			@RequestParam("sort") Optional<String> sort,
 			@RequestParam("descending") Optional<Boolean> descending,
 			@RequestParam("from") Optional<Instant> from,
 			@RequestParam("to") Optional<Instant> to,
 			@RequestParam("created_from") Optional<Instant> fromCreated,
 			@RequestParam("created_to") Optional<Instant> toCreated,
 			@RequestParam("customer") Optional<String> customer,
 			@RequestParam("motif") Optional<String> motif) {
 		TurnoverFilterModel filter = new TurnoverFilterModel();
 		filter.setDueDate(new MinMax<Instant>(from.orElse(null), to.orElse(null)));
 		filter.setCreated(new MinMax<Instant>(fromCreated.orElse(null), toCreated.orElse(null)));
 		filter.setCustomer(customer.orElse(null));
 		filter.setMotif(motif.orElse(null));
 		List<Tuple> result = turnoverManager.overview(getCurrentUsername(), limitParameter.orElse(15L),
 				offsetParameter.orElse(0L), sort.orElse("username"),
 				descending.orElse(false), filter).getResults();
 		if (result.isEmpty()) {
 			return null;
 		}
 		return result.get(0);
 	}
 	@PreAuthorize("isAuthenticated()")
 	@GetMapping("/{id}")
 	@Transactional
 	public Turnover get(@PathVariable("id") Long id) {
 		Turnover turnover = turnoverManager.get(id);
 		if (turnover == null || !getCurrentUsername().equals(turnover.getUsername())) {
 			throw new EntityResponseStatusException(HttpStatus.FORBIDDEN);
 		}
 		return turnover;
 	}
 	@PreAuthorize("isAuthenticated()")
 	@PostMapping
 	@Transactional
 	public Turnover create(@RequestBody Turnover turnover) {
 		Errors errors = new RequestBodyErrors(turnover);
 		turnoverValidator.validate(turnover, errors);
 		if (errors.hasErrors()) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		if (!hasRole("ROLE_ADMIN") || !StringUtils.hasText(turnover.getUsername())
 				|| !userManager.exists(turnover.getUsername())) {
 			turnover.setUsername(getCurrentUsername());
 		}
 		turnover.setCreated(Instant.now());
 		turnover.setUpdated(turnover.getCreated());
 		if (turnover.getDueDate() == null) {
 			turnover.setDueDate(turnover.getCreated());
 		}
 		return turnoverManager.save(turnover);
 	}
 	@PreAuthorize("isAuthenticated()")
 	@PatchMapping
 	@Transactional
 	public Turnover update(@RequestBody Turnover turnover) {
 		Errors errors = new RequestBodyErrors(turnover);
 		turnoverValidator.validate(turnover, errors);
 		if (errors.hasErrors() || turnover.getId() == null || turnover.getId() == 0L
 				|| !turnoverManager.exists(turnover.getId())) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		if (!hasRole("ROLE_ADMIN")) {
 			Turnover existing = turnoverManager.get(turnover.getId());
 			if (!getCurrentUsername().equals(existing.getUsername())) {
 				throw new EntityResponseStatusException(HttpStatus.FORBIDDEN);
 			}
 			turnover.setUsername(getCurrentUsername());
 		}
 		Turnover existing = turnoverManager.get(turnover.getId());
 		if (existing.equals(turnover)) {
 			throw new EntityResponseStatusException(HttpStatus.NOT_MODIFIED);
 		}
 		if (turnover.getDueDate() == null) {
 			turnover.setDueDate(turnover.getCreated());
 		}
 		turnover.setUpdated(Instant.now());
 		return turnoverManager.save(turnover);
 	}
 }
@@ -0,0 +1,84 @@
 package de.champonthis.buntspecht.controller;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.util.StringUtils;
 import org.springframework.validation.Errors;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import de.champonthis.buntspecht.businesslogic.UserManager;
 import de.champonthis.buntspecht.controller.model.UserPasswordModel;
 import de.champonthis.buntspecht.controller.support.EntityResponseStatusException;
 import de.champonthis.buntspecht.controller.support.RequestBodyErrors;
 import de.champonthis.buntspecht.controller.validation.PasswordModelValidator;
 import de.champonthis.buntspecht.model.User;
 import jakarta.transaction.Transactional;
@RestController
@RequestMapping("/users")
 public class UserController extends BaseController {
 	@Autowired
 	private UserManager userManager;
 	@Autowired
 	private PasswordEncoder passwordEncoder;
 	@Autowired
 	private PasswordModelValidator passwordModelValidator;
 	@PreAuthorize("isAuthenticated()")
 	@GetMapping("/user")
 	@Transactional
 	public User get() {
 		return userManager.getByUsername(getCurrentUsername());
 	}
 	@PreAuthorize("isAuthenticated()")
 	@PatchMapping("/user")
 	@Transactional
 	public User updateUser(@RequestBody User user) {
 		if (!getCurrentUsername().equals(user.getUsername())) {
 			throw new EntityResponseStatusException(HttpStatus.UNPROCESSABLE_ENTITY);
 		}
 		User orgUser = userManager.getByUsername(user.getUsername());
 		orgUser.setName(user.getName());
 		orgUser.setAbout(user.getAbout());
 		orgUser.setDarkTheme(user.isDarkTheme());
 		orgUser.setEmail(user.getEmail());
 		orgUser.setLocale(user.getLocale());
 		user = userManager.save(orgUser);
 		return user;
 	}
 	@PreAuthorize("isAuthenticated()")
 	@PostMapping("/password")
 	public void changePassword(@RequestBody UserPasswordModel passwordModel) {
 		Errors errors = new RequestBodyErrors(passwordModel);
 		User user = userManager.getByUsername(getCurrentUsername());
 		if (!StringUtils.hasText(passwordModel.getOld())
 				|| !passwordEncoder.matches(passwordModel.getOld(), userManager.getPasswordHash(user.getUsername()))) {
 			errors.rejectValue("old", "UNAUTHORIZED");
 		}
 		passwordModelValidator.validate(passwordModel, errors);
 		if (errors.hasErrors()) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		userManager.setPassword(user.getUsername(), passwordModel.getPassword());
 	}
 }
@@ -0,0 +1,118 @@
 package de.champonthis.buntspecht.controller.admin;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
 import java.util.SplittableRandom;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import de.champonthis.buntspecht.model.QUser;
 import de.champonthis.buntspecht.model.Turnover;
 import de.champonthis.buntspecht.model.User;
 import de.champonthis.buntspecht.repository.TurnoverRepository;
 import de.champonthis.buntspecht.repository.UserRepository;
@RestController
@RequestMapping("/debug")
 public class DebugController {
    private Logger logger = LoggerFactory.getLogger(DebugController.class);
    @Autowired
    private PasswordEncoder passwordEncoder;
    @Autowired
    private UserRepository userRepository;
    @Autowired
    private TurnoverRepository turnoverRepository;
    SplittableRandom splittableRandom = new SplittableRandom();
    @PreAuthorize("hasRole('ROLE_DEBUG')")
    @GetMapping("/random")
    public void random(
            @RequestParam("users") Optional<Integer> usersParameter,
            @RequestParam("minEntries") Optional<Integer> minEntriesParameter,
            @RequestParam("maxEntries") Optional<Integer> maxEntriesParameter,
            @RequestParam("days") Optional<Integer> daysParameter) {
        logger.warn("start random generation");
        long userCount = userRepository.count(QUser.user.username.startsWith("Tätowier"));
        List<String> newUser = new ArrayList<>();
        for (long i = userCount + 1; i <= userCount + usersParameter.orElse(5); i++) {
            User user = new User();
            String username = (splittableRandom.nextBoolean() ? "Tätowiererin " : "Tätowierer ") + i;
            String name = "Random " + RandomStringUtils.randomAlphanumeric(splittableRandom.nextInt(4, 8));
            user.setUsername(username);
            user.setName(name);
            user.setPasswordHash(passwordEncoder.encode(username));
            user = userRepository.save(user);
            logger.trace("Created user: '" + username + "'");
            newUser.add(user.getUsername());
        }
        logger.info("Created " + usersParameter.orElse(5) + " users");
        Instant startInclusive = Instant.now().minus(daysParameter.orElse(350), ChronoUnit.DAYS);
        Instant endExclusive = Instant.now();
        for (String username : newUser) {
            long numEntries = splittableRandom.nextLong(minEntriesParameter.orElse(3), maxEntriesParameter.orElse(20));
            for (int i = 0; i < numEntries; i++) {
                Turnover turnover = new Turnover();
                turnover.setUsername(username);
                turnover.setCreated(randomDate(startInclusive, endExclusive));
                turnover.setUpdated(splittableRandom.nextBoolean() ? turnover.getCreated()
                        : randomDate(turnover.getCreated(), endExclusive));
                turnover.setDueDate(splittableRandom.nextBoolean() ? turnover.getCreated()
                        : randomDate(startInclusive, turnover.getCreated()));
                turnover.setCustomer(RandomStringUtils.randomAlphabetic(splittableRandom.nextInt(3, 10)));
                turnover.setMotif(RandomStringUtils.randomAlphabetic(splittableRandom.nextInt(5, 30)));
                turnover.setPrice(Float.valueOf(String.format("%.2f", splittableRandom.nextFloat(0.01f, 2000f))));
                if (splittableRandom.nextBoolean()) {
                    turnover.setTimeInvestment(
                            Float.valueOf(String.format("%.2f", splittableRandom.nextFloat(0.01f, 20f))));
                }
                if (splittableRandom.nextBoolean()) {
                    turnover.setRemark(RandomStringUtils.randomAlphabetic(splittableRandom.nextInt(10, 50)));
                }
                if (splittableRandom.nextInt(5) < 3) {
                    turnover.setMaterialConsumption(
                            RandomStringUtils.randomAlphabetic(splittableRandom.nextInt(10, 250)));
                }
                turnover = turnoverRepository.save(turnover);
                logger.trace("Created turnover: '" + turnover.getId() + "'");
            }
            logger.info("Created " + numEntries + " turnovers of '" + username + "'");
        }
        logger.warn("finished random generation");
    }
    protected Instant randomDate(Instant startInclusive, Instant endExclusive) {
        long startSeconds = startInclusive.getEpochSecond();
        long endSeconds = endExclusive.getEpochSecond();
        long random = splittableRandom.nextLong(startSeconds, endSeconds);
        return Instant.ofEpochSecond(random);
    }
 }
@@ -0,0 +1,78 @@
 package de.champonthis.buntspecht.controller.admin;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Optional;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Sort;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import de.champonthis.buntspecht.controller.BaseController;
 import de.champonthis.buntspecht.controller.support.EntityResponseStatusException;
 import de.champonthis.buntspecht.model.SystemProperty;
 import de.champonthis.buntspecht.repository.SystemPropertyRepository;
@RestController
@RequestMapping("/system/properties")
 public class SystemPropertiesController extends BaseController {
 	@Autowired
 	private SystemPropertyRepository systemPropertyRepository;
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping()
 	public List<SystemProperty> getProperties(@RequestParam("page") Optional<Integer> pageParameter,
 			@RequestParam("size") Optional<Integer> sizeParameter) {
 		Sort sort = Sort.by("key").ascending();
 		return systemPropertyRepository.findAll(PageRequest.of(pageParameter.orElse(0), sizeParameter.orElse(10), sort))
 				.getContent();
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{key}")
 	public SystemProperty getProperty(@PathVariable("key") String key) {
 		if (!systemPropertyRepository.existsById(key)) {
 			throw new EntityResponseStatusException(HttpStatus.NO_CONTENT);
 		}
 		return systemPropertyRepository.findById(key).get();
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("")
 	public SystemProperty createOrUpdate(@RequestBody SystemProperty systemProperty) {
 		return systemPropertyRepository.save(systemProperty);
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/list")
 	public List<SystemProperty> createOrUpdateList(@RequestBody List<SystemProperty> systemProperties) {
 		List<SystemProperty> result = new ArrayList<>();
 		for (SystemProperty systemProperty : systemProperties) {
 			result.add(
 					systemPropertyRepository.save(systemProperty));
 		}
 		return result;
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{key}")
 	public void deleteProperty(@PathVariable("key") String key) {
 		if (!systemPropertyRepository.existsById(key)) {
 			throw new EntityResponseStatusException(HttpStatus.NOT_MODIFIED);
 		}
 		systemPropertyRepository.deleteById(key);
 	}
 }
@@ -0,0 +1,139 @@
 package de.champonthis.buntspecht.controller.admin;
 import java.time.Instant;
 import java.util.Optional;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.Errors;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import com.querydsl.core.QueryResults;
 import com.querydsl.core.Tuple;
 import de.champonthis.buntspecht.businesslogic.TurnoverManager;
 import de.champonthis.buntspecht.controller.BaseController;
 import de.champonthis.buntspecht.controller.model.TurnoverFilterModel;
 import de.champonthis.buntspecht.controller.model.TurnoverFilterModel.MinMax;
 import de.champonthis.buntspecht.controller.support.EntityResponseStatusException;
 import de.champonthis.buntspecht.controller.support.RequestBodyErrors;
 import de.champonthis.buntspecht.controller.validation.TurnoverValidator;
 import de.champonthis.buntspecht.model.Turnover;
 import jakarta.transaction.Transactional;
@RestController
@RequestMapping("/turnovers/manage")
 public class TurnoverManagementController extends BaseController {
 	@Autowired
 	private TurnoverManager turnoverManager;
 	@Autowired
 	private TurnoverValidator turnoverValidator;
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping
 	@Transactional
 	public QueryResults<Turnover> fetch(
 			@RequestParam("username") Optional<String> usernameParameter,
 			@RequestParam("limit") Optional<Long> limitParameter,
 			@RequestParam("offset") Optional<Long> offsetParameter,
 			@RequestParam("sort") Optional<String> sort,
 			@RequestParam("descending") Optional<Boolean> descending,
 			@RequestParam("from") Optional<Instant> from,
 			@RequestParam("to") Optional<Instant> to,
 			@RequestParam("created_from") Optional<Instant> fromCreated,
 			@RequestParam("created_to") Optional<Instant> toCreated,
 			@RequestParam("customer") Optional<String> customer,
 			@RequestParam("motif") Optional<String> motif) {
 		TurnoverFilterModel filter = new TurnoverFilterModel();
 		filter.setDueDate(new MinMax<Instant>(from.orElse(null), to.orElse(null)));
 		filter.setCreated(new MinMax<Instant>(fromCreated.orElse(null), toCreated.orElse(null)));
 		filter.setCustomer(customer.orElse(null));
 		filter.setMotif(motif.orElse(null));
 		return turnoverManager.fetch(usernameParameter.orElse(null), limitParameter.orElse(15L),
 				offsetParameter.orElse(0L), sort.orElse("dueDate"), descending.orElse(false), filter);
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/overview")
 	@Transactional
 	public QueryResults<Tuple> overview(
 			@RequestParam("username") Optional<String> usernameParameter,
 			@RequestParam("limit") Optional<Long> limitParameter,
 			@RequestParam("offset") Optional<Long> offsetParameter,
 			@RequestParam("sort") Optional<String> sort,
 			@RequestParam("descending") Optional<Boolean> descending,
 			@RequestParam("from") Optional<Instant> from,
 			@RequestParam("to") Optional<Instant> to,
 			@RequestParam("created_from") Optional<Instant> fromCreated,
 			@RequestParam("created_to") Optional<Instant> toCreated,
 			@RequestParam("customer") Optional<String> customer,
 			@RequestParam("motif") Optional<String> motif) {
 		TurnoverFilterModel filter = new TurnoverFilterModel();
 		filter.setDueDate(new MinMax<Instant>(from.orElse(null), to.orElse(null)));
 		filter.setCreated(new MinMax<Instant>(fromCreated.orElse(null), toCreated.orElse(null)));
 		filter.setCustomer(customer.orElse(null));
 		filter.setMotif(motif.orElse(null));
 		return turnoverManager.overview(usernameParameter.orElse(null), limitParameter.orElse(15L),
 				offsetParameter.orElse(0L), sort.orElse("username"),
 				descending.orElse(false), filter);
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{id}")
 	@Transactional
 	public Turnover getById(@PathVariable("id") Long id) {
 		if (!turnoverManager.exists(id)) {
 			throw new EntityResponseStatusException(HttpStatus.NO_CONTENT);
 		}
 		return turnoverManager.get(id);
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PatchMapping
 	@Transactional
 	public Turnover update(@RequestBody Turnover turnover) {
 		Errors errors = new RequestBodyErrors(turnover);
 		turnoverValidator.validate(turnover, errors);
 		if (errors.hasErrors()) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		Turnover existing = turnoverManager.get(turnover.getId());
 		if (existing.equals(turnover)) {
 			throw new EntityResponseStatusException(HttpStatus.NOT_MODIFIED);
 		}
 		if (turnover.getDueDate() == null) {
 			turnover.setDueDate(turnover.getCreated());
 		}
 		turnover.setUpdated(Instant.now());
 		return turnoverManager.save(turnover);
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{id}")
 	@Transactional
 	public void deleteById(@PathVariable("id") Long id) {
 		if (!turnoverManager.exists(id)) {
 			throw new EntityResponseStatusException(HttpStatus.NO_CONTENT);
 		}
 		turnoverManager.deleteById(id);
 	}
 }
@@ -0,0 +1,148 @@
 package de.champonthis.buntspecht.controller.admin;
 import java.util.List;
 import java.util.Optional;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.Errors;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.RestController;
 import com.querydsl.core.QueryResults;
 import de.champonthis.buntspecht.businesslogic.UserManager;
 import de.champonthis.buntspecht.controller.BaseController;
 import de.champonthis.buntspecht.controller.admin.validation.UserValidator;
 import de.champonthis.buntspecht.controller.model.UserPasswordModel;
 import de.champonthis.buntspecht.controller.support.EntityResponseStatusException;
 import de.champonthis.buntspecht.controller.support.RequestBodyErrors;
 import de.champonthis.buntspecht.controller.validation.PasswordModelValidator;
 import de.champonthis.buntspecht.model.User;
 import jakarta.transaction.Transactional;
@RestController
@RequestMapping("/users/manage")
 public class UserManagementController extends BaseController {
 	@Autowired
 	private UserManager userManager;
 	@Autowired
 	private UserValidator userValidator;
 	@Autowired
 	private PasswordModelValidator passwordModelValidator;
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping
 	@Transactional
 	public QueryResults<User> fetch(
 			@RequestParam("limit") Optional<Long> limitParameter,
 			@RequestParam("offset") Optional<Long> offsetParameter,
 			@RequestParam("sort") Optional<String> sort,
 			@RequestParam("descending") Optional<Boolean> descending,
 			@RequestParam("filter") Optional<String> search) {
 		return userManager.fetch(limitParameter.orElse(15L), offsetParameter.orElse(0L), sort.orElse("username"),
 				descending.orElse(false), search.orElse(""));
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/pick")
 	@Transactional
 	public List<User> pick(
 			@RequestParam("filter") Optional<String> search) {
 		return userManager.fetch(5L, 0L, "", false, search.orElse("")).getResults();
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@GetMapping("/{username}")
 	@Transactional
 	public User get(@PathVariable("username") String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null) {
 			throw new EntityResponseStatusException(HttpStatus.NO_CONTENT);
 		}
 		return user;
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping
 	@Transactional
 	public User create(@RequestBody User user) {
 		Errors errors = new RequestBodyErrors(user);
 		userValidator.validateNew(user, errors);
 		if (errors.hasErrors()) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		if (user.getLocale() == null) {
 			user.setLocale("de");
 		}
 		return userManager.save(user);
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PatchMapping
 	@Transactional
 	public User update(@RequestBody User user) {
 		Errors errors = new RequestBodyErrors(user);
 		userValidator.validate(user, errors);
 		if (errors.hasErrors()) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		if (getCurrentUsername().equals(user.getUsername()) && user.getRoles().indexOf("ROLE_ADMIN") == -1) {
 			user.getRoles().add("ROLE_ADMIN");
 		}
 		return userManager.save(user);
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{username}")
 	@Transactional
 	public void delete(@PathVariable("username") String username) {
 		User user = userManager.getByUsername(username);
 		if (user == null || getCurrentUsername().equals(username)) {
 			throw new EntityResponseStatusException(HttpStatus.NOT_MODIFIED);
 		}
 		userManager.delete(user);
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/{username}/password")
 	public void password(@PathVariable("username") String username,
 			@RequestBody UserPasswordModel passwordModel) {
 		Errors errors = new RequestBodyErrors(passwordModel);
 		User user = userManager.getByUsername(username);
 		if (user == null) {
 			throw new EntityResponseStatusException(HttpStatus.NO_CONTENT);
 		}
 		passwordModelValidator.validate(passwordModel, errors);
 		if (errors.hasErrors()) {
 			throw new EntityResponseStatusException(errors.getAllErrors(), HttpStatus.CONFLICT);
 		}
 		userManager.setPassword(user.getUsername(), passwordModel.getPassword());
 	}
 }
@@ -0,0 +1,46 @@
 package de.champonthis.buntspecht.controller.admin.validation;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 import org.springframework.validation.Errors;
 import org.springframework.validation.Validator;
 import de.champonthis.buntspecht.businesslogic.UserManager;
 import de.champonthis.buntspecht.model.User;
@Component
 public class UserValidator implements Validator {
    @Autowired
    private UserManager userManager;
    @Override
    public boolean supports(Class<?> clazz) {
        return clazz.isAssignableFrom(User.class);
    }
    @Override
    public void validate(Object target, Errors errors) {
        User user = (User) target;
        if (!StringUtils.hasText(user.getUsername())) {
            errors.rejectValue("username", "REQUIRED");
            return;
        }
    }
    public void validateNew(Object target, Errors errors) {
        validate(target, errors);
        if (errors.hasErrors()) {
            return;
        }
        User user = (User) target;
        if (userManager.exists(user.getUsername())) {
            errors.rejectValue("username", "ALREADY_EXISTS");
            return;
        }
    }
 }
@@ -0,0 +1,28 @@
 package de.champonthis.buntspecht.controller.model;
 import java.io.IOException;
 import org.springframework.boot.jackson.JsonComponent;
 import com.fasterxml.jackson.core.JsonGenerator;
 import com.fasterxml.jackson.databind.JsonSerializer;
 import com.fasterxml.jackson.databind.SerializerProvider;
 import com.querydsl.core.Tuple;
@JsonComponent
 public class TupleSerializer extends JsonSerializer<Tuple> {
    @Override
    public void serialize(Tuple value, JsonGenerator gen, SerializerProvider serializers) throws IOException {
        if (value.toArray().length > 1) {
            gen.writeStartArray();
        }
        for (Object object : value.toArray()) {
            gen.writeObject(object);
        }
        if (value.toArray().length > 1) {
            gen.writeEndArray();
        }
    }
 }
@@ -0,0 +1,98 @@
 package de.champonthis.buntspecht.controller.model;
 import java.time.Instant;
 public class TurnoverFilterModel {
    private MinMax<Instant> created;
    private MinMax<Instant> dueDate;
    private MinMax<Instant> updated;
    private String customer;
    private String motif;
    private MinMax<Float> price;
    private MinMax<Float> timeInvestment;
    public MinMax<Instant> getCreated() {
        return created;
    }
    public void setCreated(MinMax<Instant> created) {
        this.created = created;
    }
    public MinMax<Instant> getDueDate() {
        return dueDate;
    }
    public void setDueDate(MinMax<Instant> dueDate) {
        this.dueDate = dueDate;
    }
    public MinMax<Instant> getUpdated() {
        return updated;
    }
    public void setUpdated(MinMax<Instant> updated) {
        this.updated = updated;
    }
    public String getCustomer() {
        return customer;
    }
    public void setCustomer(String customer) {
        this.customer = customer;
    }
    public String getMotif() {
        return motif;
    }
    public void setMotif(String motif) {
        this.motif = motif;
    }
    public MinMax<Float> getPrice() {
        return price;
    }
    public void setPrice(MinMax<Float> price) {
        this.price = price;
    }
    public MinMax<Float> getTimeInvestment() {
        return timeInvestment;
    }
    public void setTimeInvestment(MinMax<Float> timeInvestment) {
        this.timeInvestment = timeInvestment;
    }
    public static class MinMax<T> {
        private T min;
        private T max;
        public MinMax(T min, T max) {
            this.min = min;
            this.max = max;
        }
        public T getMin() {
            return min;
        }
        public void setMin(T min) {
            this.min = min;
        }
        public T getMax() {
            return max;
        }
        public void setMax(T max) {
            this.max = max;
        }
    }
 }
@@ -0,0 +1,32 @@
 package de.champonthis.buntspecht.controller.model;
 public class UserPasswordModel {
    private String old;
    private String password;
    private String password2;
    public String getOld() {
        return old;
    }
    public void setOld(String old) {
        this.old = old;
    }
    public String getPassword() {
        return password;
    }
    public void setPassword(String password) {
        this.password = password;
    }
    public String getPassword2() {
        return password2;
    }
    public void setPassword2(String password2) {
        this.password2 = password2;
    }
 }
@@ -0,0 +1,23 @@
 package de.champonthis.buntspecht.controller.support;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.bind.annotation.ExceptionHandler;
 import org.springframework.web.context.request.WebRequest;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseEntityExceptionHandler;
@ControllerAdvice
 public class ControllerExceptionHandler extends ResponseEntityExceptionHandler {
 	@ExceptionHandler(value = { EntityResponseStatusException.class })
 	protected ResponseEntity<Object> handleResponseEntityStatusException(RuntimeException exception,
 			WebRequest request) {
 		EntityResponseStatusException entityResponseStatusException = (EntityResponseStatusException) exception;
 		return handleExceptionInternal(exception, entityResponseStatusException.getBody(), new HttpHeaders(),
 				entityResponseStatusException.getStatus(), request);
 	}
 }
@@ -0,0 +1,56 @@
 package de.champonthis.buntspecht.controller.support;
 import org.springframework.core.NestedRuntimeException;
 import org.springframework.http.HttpStatus;
 import org.springframework.util.Assert;
 import jakarta.annotation.Nullable;
 public class EntityResponseStatusException extends NestedRuntimeException {
 	private static final long serialVersionUID = 1L;
 	private final HttpStatus status;
 	@Nullable
 	private final Object body;
 	public EntityResponseStatusException(HttpStatus status) {
 		this(null, status);
 	}
 	public EntityResponseStatusException(@Nullable Object body, HttpStatus status) {
 		this(body, status, null);
 	}
 	public EntityResponseStatusException(@Nullable Object body, HttpStatus status, @Nullable Throwable cause) {
 		super(null, cause);
 		Assert.notNull(status, "HttpStatus is required");
 		this.status = status;
 		this.body = body;
 	}
 	public HttpStatus getStatus() {
 		return this.status;
 	}
 	@Nullable
 	public Object getBody() {
 		return this.body;
 	}
 	/*
 	 * @see org.springframework.core.NestedRuntimeException#getMessage()
 	 */
 	@Override
 	public String getMessage() {
 		return this.status + (this.body != null ? " \"" + this.body + "\"" : "");
 	}
 }
@@ -0,0 +1,101 @@
 package de.champonthis.buntspecht.controller.support;
 import java.io.IOException;
 import java.lang.reflect.Type;
 import org.springframework.core.MethodParameter;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpInputMessage;
 import org.springframework.http.MediaType;
 import org.springframework.http.converter.HttpMessageConverter;
 import org.springframework.http.converter.StringHttpMessageConverter;
 import org.springframework.http.server.ServerHttpRequest;
 import org.springframework.http.server.ServerHttpResponse;
 import org.springframework.web.bind.annotation.ControllerAdvice;
 import org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice;
 import org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice;
 import com.google.gson.Gson;
 import com.google.gson.JsonPrimitive;
@ControllerAdvice
 public class JsonStringBodyControllerAdvice implements RequestBodyAdvice, ResponseBodyAdvice<String> {
 	private Gson gson = new Gson();
 	/*
 	 * @see org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice#
 	 * supports(org.springframework.core.MethodParameter, java.lang.reflect.Type,
 	 * java.lang.Class)
 	 */
 	@Override
 	public boolean supports(MethodParameter methodParameter, Type targetType,
 			Class<? extends HttpMessageConverter<?>> converterType) {
 		return targetType instanceof Class && String.class.equals((Class<?>) targetType);
 	}
 	/*
 	 * @see org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice#
 	 * beforeBodyRead(org.springframework.http.HttpInputMessage,
 	 * org.springframework.core.MethodParameter, java.lang.reflect.Type,
 	 * java.lang.Class)
 	 */
 	@Override
 	public HttpInputMessage beforeBodyRead(HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
 			Class<? extends HttpMessageConverter<?>> converterType) throws IOException {
 		return inputMessage;
 	}
 	/*
 	 * @see org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice#
 	 * afterBodyRead(java.lang.Object, org.springframework.http.HttpInputMessage,
 	 * org.springframework.core.MethodParameter, java.lang.reflect.Type,
 	 * java.lang.Class)
 	 */
 	@Override
 	public Object afterBodyRead(Object body, HttpInputMessage inputMessage, MethodParameter parameter, Type targetType,
 			Class<? extends HttpMessageConverter<?>> converterType) {
 		body = ((String) body).replaceAll("^\"|\"$", "");
 		return body;
 	}
 	/*
 	 * @see org.springframework.web.servlet.mvc.method.annotation.RequestBodyAdvice#
 	 * handleEmptyBody(java.lang.Object, org.springframework.http.HttpInputMessage,
 	 * org.springframework.core.MethodParameter, java.lang.reflect.Type,
 	 * java.lang.Class)
 	 */
 	@Override
 	public Object handleEmptyBody(Object body, HttpInputMessage inputMessage, MethodParameter parameter,
 			Type targetType, Class<? extends HttpMessageConverter<?>> converterType) {
 		return body;
 	}
 	/*
 	 * @see
 	 * org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice#
 	 * supports(org.springframework.core.MethodParameter, java.lang.Class)
 	 */
 	@Override
 	public boolean supports(MethodParameter returnType, Class<? extends HttpMessageConverter<?>> converterType) {
 		return converterType == StringHttpMessageConverter.class;
 	}
 	/*
 	 * @see
 	 * org.springframework.web.servlet.mvc.method.annotation.ResponseBodyAdvice#
 	 * beforeBodyWrite(java.lang.Object, org.springframework.core.MethodParameter,
 	 * org.springframework.http.MediaType, java.lang.Class,
 	 * org.springframework.http.server.ServerHttpRequest,
 	 * org.springframework.http.server.ServerHttpResponse)
 	 */
 	@Override
 	public String beforeBodyWrite(String body, MethodParameter returnType, MediaType selectedContentType,
 			Class<? extends HttpMessageConverter<?>> selectedConverterType, ServerHttpRequest request,
 			ServerHttpResponse response) {
 		response.getHeaders().set(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE);
 		return gson.toJson(new JsonPrimitive(body));
 	}
 }
@@ -0,0 +1,37 @@
 package de.champonthis.buntspecht.controller.support;
 import org.springframework.lang.Nullable;
 import org.springframework.validation.AbstractBindingResult;
 public class RequestBodyErrors extends AbstractBindingResult {
 	@Nullable
 	private final Object target;
 	public RequestBodyErrors(@Nullable Object target) {
 		super("request-body");
 		this.target = target;
 	}
 	/*
 	 * @see org.springframework.validation.AbstractBindingResult#getTarget()
 	 */
 	@Override
 	public Object getTarget() {
 		return target;
 	}
 	/*
 	 * @see
 	 * org.springframework.validation.AbstractBindingResult#getActualFieldValue(java
 	 * .lang.String)
 	 */
 	@Override
 	protected Object getActualFieldValue(String field) {
 		// Not necessary
 		return null;
 	}
 }
@@ -0,0 +1,85 @@
 package de.champonthis.buntspecht.controller.validation;
 import java.util.ArrayList;
 import java.util.List;
 import org.passay.CharacterRule;
 import org.passay.EnglishCharacterData;
 import org.passay.LengthRule;
 import org.passay.PasswordData;
 import org.passay.PasswordValidator;
 import org.passay.Rule;
 import org.passay.RuleResult;
 import org.passay.RuleResultDetail;
 import org.passay.WhitespaceRule;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.validation.Errors;
 import org.springframework.validation.Validator;
 import de.champonthis.buntspecht.businesslogic.SystemPropertyManager;
 import de.champonthis.buntspecht.controller.model.UserPasswordModel;
@Component
 public class PasswordModelValidator implements Validator {
    @Autowired
    private SystemPropertyManager systemPropertyManager;
    public static final String SYSTEM_PROPERTY_PASSWORD_RULE_WHITESPACE = "password.rule.whitespace";
    public static final String SYSTEM_PROPERTY_PASSWORD_RULE_LENGTH = "password.rule.length";
    public static final String SYSTEM_PROPERTY_PASSWORD_RULE_UPPERCASE = "password.rule.uppercase";
    public static final String SYSTEM_PROPERTY_PASSWORD_RULE_DIGIT = "password.rule.digit";
    public static final String SYSTEM_PROPERTY_PASSWORD_RULE_SPECIAL = "password.rule.special";
    @Override
    public boolean supports(Class<?> clazz) {
        return clazz.isAssignableFrom(UserPasswordModel.class);
    }
    @Override
    public void validate(Object target, Errors errors) {
        UserPasswordModel passwordModel = (UserPasswordModel) target;
        List<Rule> rules = new ArrayList<Rule>();
        if (systemPropertyManager.getBoolean(SYSTEM_PROPERTY_PASSWORD_RULE_WHITESPACE, true)) {
            rules.add(new WhitespaceRule());
        }
        int length = systemPropertyManager.getInteger(SYSTEM_PROPERTY_PASSWORD_RULE_LENGTH, 8);
        if (length > 0) {
            rules.add(new LengthRule(length, 4096));
        }
        int uppercase = systemPropertyManager.getInteger(SYSTEM_PROPERTY_PASSWORD_RULE_UPPERCASE, 1);
        if (uppercase > 0) {
            rules.add(new CharacterRule(EnglishCharacterData.UpperCase, uppercase));
        }
        int digit = systemPropertyManager.getInteger(SYSTEM_PROPERTY_PASSWORD_RULE_DIGIT, 1);
        if (digit > 0) {
            rules.add(new CharacterRule(EnglishCharacterData.Digit, digit));
        }
        int special = systemPropertyManager.getInteger(SYSTEM_PROPERTY_PASSWORD_RULE_SPECIAL, 1);
        if (special > 0) {
            rules.add(new CharacterRule(EnglishCharacterData.Special, special));
        }
        PasswordValidator validator = new PasswordValidator(rules);
        PasswordData password = new PasswordData(passwordModel.getPassword());
        RuleResult result = validator.validate(password);
        if (!result.isValid()) {
            for (RuleResultDetail ruleResultDetail : result.getDetails()) {
                errors.rejectValue("password", ruleResultDetail.getErrorCode());
            }
        }
        if (!passwordModel.getPassword().equals(passwordModel.getPassword2())) {
            errors.rejectValue("password2", "NOT_MATCH");
        }
    }
 }
@@ -0,0 +1,38 @@
 package de.champonthis.buntspecht.controller.validation;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 import org.springframework.validation.Errors;
 import org.springframework.validation.Validator;
 import de.champonthis.buntspecht.model.Turnover;
@Component
 public class TurnoverValidator implements Validator {
    @Override
    public boolean supports(Class<?> clazz) {
        return clazz.isAssignableFrom(Turnover.class);
    }
    @Override
    public void validate(Object target, Errors errors) {
        Turnover turnover = (Turnover) target;
        if (!StringUtils.hasText(turnover.getCustomer())) {
            errors.rejectValue("customer", "REQUIRED");
        }
        if (!StringUtils.hasText(turnover.getMotif())) {
            errors.rejectValue("motif", "REQUIRED");
        }
        if (turnover.getPrice() == 0) {
            errors.rejectValue("price", "REQUIRED");
        }
        if (turnover.getPrice() < 0) {
            errors.rejectValue("price", "POSITIVE_VALUE");
        }
    }
 }
@@ -0,0 +1,143 @@
 package de.champonthis.buntspecht.i18n.businesslogic;
 import java.io.File;
 import java.io.FileReader;
 import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
 import java.util.Map.Entry;
 import java.util.stream.Collectors;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.SmartInitializingSingleton;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.core.io.Resource;
 import org.springframework.core.io.ResourceLoader;
 import org.springframework.stereotype.Component;
 import org.springframework.util.StringUtils;
 import com.google.gson.Gson;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonObject;
 import com.google.gson.JsonParser;
 import de.champonthis.buntspecht.i18n.model.I18n;
 import de.champonthis.buntspecht.i18n.repository.I18nRepository;
@Component
 public class I18nManager implements SmartInitializingSingleton {
 	private Logger logger = LoggerFactory.getLogger(I18nManager.class);
 	@Autowired
 	private I18nRepository i18nRepository;
 	@Autowired
 	private ResourceLoader resourceLoader;
 	private Gson gson = new Gson();
 	public I18n get(String locale) {
 		return i18nRepository.findById(locale).orElse(null);
 	}
 	public JsonObject getLabel(String locale) {
 		I18n i18n = get(locale);
 		if (i18n != null && StringUtils.hasText(i18n.getLabel())) {
 			JsonElement element = JsonParser.parseString(i18n.getLabel());
 			if (element != null && element.isJsonObject()) {
 				return element.getAsJsonObject();
 			}
 		}
 		return null;
 	}
 	public List<String> getLocales() {
 		return i18nRepository.findAll().stream().map(I18n::getLocale).collect(Collectors.toList());
 	}
 	protected void extendJsonObject(JsonObject dest, JsonObject src) {
 		for (Entry<String, JsonElement> srcEntry : src.entrySet()) {
 			String srcKey = srcEntry.getKey();
 			JsonElement srcValue = srcEntry.getValue();
 			if (dest.has(srcKey)) {
 				JsonElement destValue = dest.get(srcKey);
 				if (destValue.isJsonObject() && srcValue.isJsonObject()) {
 					extendJsonObject(destValue.getAsJsonObject(), srcValue.getAsJsonObject());
 				} else {
 					dest.add(srcKey, srcValue);
 				}
 			} else {
 				dest.add(srcKey, srcValue);
 			}
 		}
 	}
 	public I18n addLabel(String locale, JsonObject newLabel) {
 		JsonObject label = getLabel(locale);
 		if (label == null || label.size() == 0 || label.entrySet().isEmpty()) {
 			label = newLabel;
 		} else {
 			extendJsonObject(label, newLabel);
 		}
 		I18n i18n = new I18n();
 		i18n.setLocale(locale);
 		i18n.setLabel(gson.toJson(label));
 		return i18nRepository.save(i18n);
 	}
 	public I18n setLabel(String locale, JsonObject label) {
 		I18n i18n = new I18n();
 		i18n.setLocale(locale);
 		i18n.setLabel(gson.toJson(label));
 		return i18nRepository.save(i18n);
 	}
 	public void deleteLabel(String locale) {
 		if (i18nRepository.existsById(locale)) {
 			i18nRepository.deleteById(locale);
 		}
 	}
 	/*
 	 * @see org.springframework.beans.factory.SmartInitializingSingleton#
 	 * afterSingletonsInstantiated()
 	 */
 	@Override
 	public void afterSingletonsInstantiated() {
 		try {
 			Resource resource = resourceLoader.getResource("classpath:label");
 			if (resource.exists()) {
 				File labelFolder = resource.getFile();
 				if (labelFolder.exists() && labelFolder.isDirectory()) {
 					for (File labelFile : labelFolder.listFiles()) {
 						JsonObject label = JsonParser.parseReader(new FileReader(labelFile, StandardCharsets.UTF_8))
 								.getAsJsonObject();
 						String locale = labelFile.getName().replace(".json", "");
 						addLabel(locale, label);
 					}
 				}
 			}
 		} catch (IOException e) {
 			logger.warn("cannot read in label folder", e.getMessage());
 		}
 	}
 }
@@ -0,0 +1,83 @@
 package de.champonthis.buntspecht.i18n.controller;
 import java.io.IOException;
 import java.util.List;
 import jakarta.servlet.http.HttpServletResponse;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import com.google.gson.Gson;
 import com.google.gson.JsonElement;
 import com.google.gson.JsonIOException;
 import com.google.gson.JsonObject;
 import de.champonthis.buntspecht.controller.BaseController;
 import de.champonthis.buntspecht.i18n.businesslogic.I18nManager;
@RestController
@RequestMapping("/i18n")
 public class I18nController extends BaseController {
 	@Autowired
 	private I18nManager i18nManager;
 	private Gson gson = new Gson();
 	@GetMapping
 	public List<String> getLocales() {
 		return i18nManager.getLocales();
 	}
 	@GetMapping("/{locale}")
 	public void getLabel(@PathVariable("locale") String locale, HttpServletResponse response)
 			throws JsonIOException, IOException {
 		JsonObject label = i18nManager.getLabel(locale);
 		if (label != null) {
 			response.setCharacterEncoding("utf-8");
 			gson.toJson(label, response.getWriter());
 		}
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PostMapping("/{locale}")
 	public void setLabel(@PathVariable("locale") String locale, @RequestBody Object label) {
 		JsonElement element = gson.toJsonTree(label);
 		if (element != null && element.isJsonObject()) {
 			i18nManager.setLabel(locale, element.getAsJsonObject());
 		}
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@PutMapping("/{locale}")
 	public void addLabel(@PathVariable("locale") String locale, @RequestBody Object label) {
 		JsonElement element = gson.toJsonTree(label);
 		if (element != null && element.isJsonObject()) {
 			i18nManager.addLabel(locale, element.getAsJsonObject());
 		}
 	}
 	@PreAuthorize("hasRole('ROLE_ADMIN')")
 	@DeleteMapping("/{locale}")
 	public void deleteLocale(@PathVariable("locale") String locale) {
 		i18nManager.deleteLabel(locale);
 	}
 }
@@ -0,0 +1,43 @@
 package de.champonthis.buntspecht.i18n.model;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Id;
 import jakarta.persistence.Lob;
 import jakarta.persistence.Table;
 import jakarta.persistence.UniqueConstraint;
@Entity
@Table(name = "i18n", uniqueConstraints = @UniqueConstraint(columnNames = { "locale" }))
 public class I18n {
 	@Id
 	@Column(name = "locale", unique = true, nullable = false)
 	private String locale;
 	@Lob
 	@Column(name = "label", length = 100000)
 	private String label;
 	public String getLocale() {
 		return locale;
 	}
 	public void setLocale(String locale) {
 		this.locale = locale;
 	}
 	public String getLabel() {
 		return label;
 	}
 	public void setLabel(String label) {
 		this.label = label;
 	}
 }
@@ -0,0 +1,13 @@
 package de.champonthis.buntspecht.i18n.repository;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.querydsl.QuerydslPredicateExecutor;
 import org.springframework.stereotype.Repository;
 import de.champonthis.buntspecht.i18n.model.I18n;
@Repository
 public interface I18nRepository extends JpaRepository<I18n, String>, QuerydslPredicateExecutor<I18n> {
 }
@@ -0,0 +1,56 @@
 package de.champonthis.buntspecht.model;
 import java.time.Instant;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Id;
 import jakarta.persistence.Table;
@Entity
@Table(name = "persistent_logins")
 public class PersistentLogin {
 	@Column(name = "username", length = 64, nullable = false)
 	private String username;
 	@Id
 	@Column(name = "series", length = 64)
 	private String series;
 	@Column(name = "token", length = 64, nullable = false)
 	private String token;
 	@Column(name = "last_used", nullable = false)
 	private Instant last_used;
 	public String getUsername() {
 		return username;
 	}
 	public void setUsername(String username) {
 		this.username = username;
 	}
 	public String getSeries() {
 		return series;
 	}
 	public void setSeries(String series) {
 		this.series = series;
 	}
 	public String getToken() {
 		return token;
 	}
 	public void setToken(String token) {
 		this.token = token;
 	}
 	public Instant getLast_used() {
 		return last_used;
 	}
 	public void setLast_used(Instant last_used) {
 		this.last_used = last_used;
 	}
 }
@@ -0,0 +1,53 @@
 package de.champonthis.buntspecht.model;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.Id;
 import jakarta.persistence.Lob;
 import jakarta.persistence.Table;
@Entity
@Table(name = "system_properties")
 public class SystemProperty {
 	@Id
 	@Column(name = "id")
 	private String key;
 	@Lob
 	@Column(name = "value", length = 100000)
 	private String value;
 	public SystemProperty() {
 		super();
 	}
 	public SystemProperty(String key, String value) {
 		super();
 		this.key = key;
 		this.value = value;
 	}
 	public String getKey() {
 		return key;
 	}
 	public void setKey(String key) {
 		this.key = key;
 	}
 	public String getValue() {
 		return value;
 	}
 	public void setValue(String value) {
 		this.value = value;
 	}
 }
@@ -0,0 +1,171 @@
 package de.champonthis.buntspecht.model;
 import java.time.Instant;
 import jakarta.persistence.Column;
 import jakarta.persistence.Entity;
 import jakarta.persistence.GeneratedValue;
 import jakarta.persistence.GenerationType;
 import jakarta.persistence.Id;
 import jakarta.persistence.Lob;
 import jakarta.persistence.Table;
@Entity
@Table(name = "turnovers")
 public class Turnover {
    @Id
    @Column(name = "id", updatable = false, unique = true, nullable = false)
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;
    @Column(name = "username", nullable = false)
    private String username;
    @Column(name = "created", nullable = false, updatable = false)
    private Instant created;
    @Column(name = "due_date", nullable = false)
    private Instant dueDate;
    @Column(name = "updated", nullable = false)
    private Instant updated;
    @Column(name = "customer", nullable = false)
    private String customer;
    @Column(name = "motif", nullable = false)
    private String motif;
    @Column(name = "price", nullable = false)
    private float price;
    @Column(name = "time_investment", nullable = true)
    private float timeInvestment;
    @Lob
    @Column(name = "remark", nullable = true, length = 5000)
    private String remark;
    @Lob
    @Column(name = "material_consumption", nullable = true, length = 5000)
    private String materialConsumption;
    public Long getId() {
        return id;
    }
    public void setId(Long id) {
        this.id = id;
    }
    public String getUsername() {
        return username;
    }
    public void setUsername(String username) {
        this.username = username;
    }
    public Instant getCreated() {
        return created;
    }
    public void setCreated(Instant created) {
        this.created = created;
    }
    public Instant getDueDate() {
        return dueDate;
    }
    public void setDueDate(Instant dueDate) {
        this.dueDate = dueDate;
    }
    public Instant getUpdated() {
        return updated;
    }
    public void setUpdated(Instant updated) {
        this.updated = updated;
    }
    public String getCustomer() {
        return customer;
    }
    public void setCustomer(String customer) {
        this.customer = customer;
    }
    public String getMotif() {
        return motif;
    }
    public void setMotif(String motif) {
        this.motif = motif;
    }
    public float getPrice() {
        return price;
    }
    public void setPrice(float price) {
        this.price = price;
    }
    public float getTimeInvestment() {
        return timeInvestment;
    }
    public void setTimeInvestment(float timeInvestment) {
        this.timeInvestment = timeInvestment;
    }
    public String getRemark() {
        return remark;
    }
    public void setRemark(String remark) {
        this.remark = remark;
    }
    public String getMaterialConsumption() {
        return materialConsumption;
    }
    public void setMaterialConsumption(String materialConsumption) {
        this.materialConsumption = materialConsumption;
    }
    @Override
    public boolean equals(Object obj) {
        if (!(obj instanceof Turnover)) {
            return false;
        }
        Turnover turnover = (Turnover) obj;
        boolean equals = true;
        equals &= dueDate.equals(turnover.getDueDate());
        equals &= id == null && turnover.getId() == null || id.equals(turnover.getId());
        equals &= username == null && turnover.getUsername() == null || username.equals(turnover.getUsername());
        equals &= customer == null && turnover.getCustomer() == null || customer.equals(turnover.getCustomer());
        equals &= motif == null && turnover.getMotif() == null || motif.equals(turnover.getMotif());
        equals &= price == turnover.getPrice();
        equals &= timeInvestment == turnover.getTimeInvestment();
        equals &= remark == null && turnover.getRemark() == null || remark.equals(turnover.getRemark());
        equals &= materialConsumption == null && turnover.getMaterialConsumption() == null
                || materialConsumption.equals(turnover.getMaterialConsumption());
        return equals;
    }
 }
@@ -0,0 +1,133 @@
 package de.champonthis.buntspecht.model;
 import java.util.List;
 import java.util.Map;
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonInclude;
 import com.fasterxml.jackson.annotation.JsonInclude.Include;
 import jakarta.persistence.CollectionTable;
 import jakarta.persistence.Column;
 import jakarta.persistence.ElementCollection;
 import jakarta.persistence.Entity;
 import jakarta.persistence.FetchType;
 import jakarta.persistence.Id;
 import jakarta.persistence.Lob;
 import jakarta.persistence.Table;
 import jakarta.persistence.Transient;
@Entity
@Table(name = "users")
@JsonInclude(Include.NON_EMPTY)
 public class User {
 	@Id
 	@Column(name = "username", nullable = false)
 	private String username;
 	@Column(name = "external_id", nullable = true)
 	private String externalId;
 	@Column(name = "name", nullable = true)
 	private String name;
 	@JsonIgnore
 	@Column(name = "password_hash", nullable = true)
 	private String passwordHash;
 	@ElementCollection(fetch = FetchType.EAGER)
 	@CollectionTable(name = "users_roles")
 	private List<String> roles;
 	@Lob
 	@Column(name = "about", nullable = true, length = 100000)
 	private String about;
 	@Column(name = "email", nullable = true)
 	private String email;
 	@Column(name = "locale", nullable = true, columnDefinition = "varchar(255) default 'de'")
 	private String locale;
 	@Column(name = "dark_theme", nullable = true, columnDefinition = "boolean default false")
 	private boolean darkTheme;
 	@Transient
 	private Map<String, Object> metadata;
 	public String getUsername() {
 		return username;
 	}
 	public void setUsername(String username) {
 		this.username = username;
 	}
 	public String getExternalId() {
 		return externalId;
 	}
 	public void setExternalId(String externalId) {
 		this.externalId = externalId;
 	}
 	public String getName() {
 		return name;
 	}
 	public void setName(String name) {
 		this.name = name;
 	}
 	public String getPasswordHash() {
 		return passwordHash;
 	}
 	public void setPasswordHash(String passwordHash) {
 		this.passwordHash = passwordHash;
 	}
 	public List<String> getRoles() {
 		return roles;
 	}
 	public void setRoles(List<String> roles) {
 		this.roles = roles;
 	}
 	public String getAbout() {
 		return about;
 	}
 	public void setAbout(String about) {
 		this.about = about;
 	}
 	public String getEmail() {
 		return email;
 	}
 	public void setEmail(String email) {
 		this.email = email;
 	}
 	public String getLocale() {
 		return locale;
 	}
 	public void setLocale(String locale) {
 		this.locale = locale;
 	}
 	public boolean isDarkTheme() {
 		return darkTheme;
 	}
 	public void setDarkTheme(boolean darkTheme) {
 		this.darkTheme = darkTheme;
 	}
 	public Map<String, Object> getMetadata() {
 		if (metadata == null) {
 			metadata = Map.of();
 		}
 		return metadata;
 	}
 	public void setMetadata(Map<String, Object> metadata) {
 		this.metadata = metadata;
 	}
 }
@@ -0,0 +1,14 @@
 package de.champonthis.buntspecht.repository;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.querydsl.QuerydslPredicateExecutor;
 import org.springframework.stereotype.Repository;
 import de.champonthis.buntspecht.model.SystemProperty;
@Repository
 public interface SystemPropertyRepository
 		extends JpaRepository<SystemProperty, String>, QuerydslPredicateExecutor<SystemProperty> {
 }
@@ -0,0 +1,12 @@
 package de.champonthis.buntspecht.repository;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.querydsl.QuerydslPredicateExecutor;
 import org.springframework.stereotype.Repository;
 import de.champonthis.buntspecht.model.Turnover;
@Repository
 public interface TurnoverRepository extends JpaRepository<Turnover, Long>, QuerydslPredicateExecutor<Turnover> {
 }
@@ -0,0 +1,13 @@
 package de.champonthis.buntspecht.repository;
 import org.springframework.data.jpa.repository.JpaRepository;
 import org.springframework.data.querydsl.QuerydslPredicateExecutor;
 import org.springframework.stereotype.Repository;
 import de.champonthis.buntspecht.model.User;
@Repository
 public interface UserRepository extends JpaRepository<User, String>, QuerydslPredicateExecutor<User> {
 }
@@ -0,0 +1,37 @@
 package de.champonthis.buntspecht.security;
 import jakarta.servlet.http.HttpServletRequest;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 public class LocalRememberMeServices extends PersistentTokenBasedRememberMeServices {
 	public LocalRememberMeServices(String key, UserDetailsService userDetailsService,
 			PersistentTokenRepository tokenRepository) {
 		super(key, userDetailsService, tokenRepository);
 	}
 	/*
 	 * @see org.springframework.security.web.authentication.rememberme.
 	 * AbstractRememberMeServices#rememberMeRequested(javax.servlet.http.
 	 * HttpServletRequest, java.lang.String)
 	 */
 	@Override
 	protected boolean rememberMeRequested(HttpServletRequest request, String parameter) {
 		Object value = request.getAttribute(parameter);
 		if (value != null) {
 			String paramValue = value.toString();
 			if (paramValue.equalsIgnoreCase("true") || paramValue.equalsIgnoreCase("on")
 					|| paramValue.equalsIgnoreCase("yes") || paramValue.equals("1")) {
 				return true;
 			}
 		}
 		return super.rememberMeRequested(request, parameter);
 	}
 }
@@ -0,0 +1,19 @@
 package de.champonthis.buntspecht.security;
 import java.util.Collection;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 public class LocalUserDetails extends User {
 	private static final long serialVersionUID = 1L;
 	public LocalUserDetails(String username, String password, Collection<? extends GrantedAuthority> authorities) {
 		super(username, password, authorities);
 	}
 }
@@ -0,0 +1,15 @@
 package de.champonthis.buntspecht.security;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.security.crypto.argon2.Argon2PasswordEncoder;
@Configuration
 public class PasswordEncoderConfig {
 	@Bean(name = "passwordEncoder")
 	public Argon2PasswordEncoder passwordEncoder() {
 		return Argon2PasswordEncoder.defaultsForSpringSecurity_v5_8();
 	}
 }
@@ -0,0 +1,113 @@
 package de.champonthis.buntspecht.security;
 import java.util.Collections;
 import java.util.List;
 import javax.sql.DataSource;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpStatus;
 import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.web.SecurityFilterChain;
 import org.springframework.security.web.authentication.HttpStatusEntryPoint;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import org.springframework.security.web.authentication.logout.HttpStatusReturningLogoutSuccessHandler;
 import org.springframework.security.web.authentication.rememberme.JdbcTokenRepositoryImpl;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenBasedRememberMeServices;
 import org.springframework.security.web.authentication.rememberme.PersistentTokenRepository;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.web.cors.CorsConfiguration;
 import org.springframework.web.cors.CorsConfigurationSource;
 import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
 import de.champonthis.buntspecht.businesslogic.UserManager;
 import de.champonthis.buntspecht.security.handler.FormAuthenticationFailureHandler;
 import de.champonthis.buntspecht.security.handler.OAuth2AuthenticationSuccessHandler;
@EnableWebSecurity
@EnableMethodSecurity(prePostEnabled = true)
@Configuration
 public class SecurityConfig {
 	@Autowired
 	private UserManager userManager;
 	@Autowired
 	private OAuth2AuthenticationSuccessHandler oAuth2AuthenticationSuccessHandler;
 	@Autowired
 	private DataSource dataSource;
 	@Value("${loginUrl:/login}")
 	private String loginUrl;
 	@Value("${loginTargetUrl:/}")
 	private String loginTargetUrl;
 	@Value("${spring.security.oauth2.client:false}")
 	private boolean oauth2Enabled;
 	@Bean
 	public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
 		if (oauth2Enabled) {
 			oAuth2AuthenticationSuccessHandler.setDefaultTargetUrl(loginTargetUrl);
 			oAuth2AuthenticationSuccessHandler.setRememberMeServices(rememberMeServices());
 		}
 		http
 				// crsf
 				.csrf((csrf) -> csrf.disable())
 				// cors
 				// .cors().configurationSource(corsConfigurationSource()).and()
 				// anonymous
 				.anonymous((anonymous) -> anonymous.disable())
 				// login
 				.formLogin((formLogin) -> formLogin.loginPage("/login").defaultSuccessUrl(loginTargetUrl)
 						.failureHandler(new FormAuthenticationFailureHandler(loginUrl)))
 				// remember me
 				.rememberMe((rememberMe) -> rememberMe.rememberMeServices(rememberMeServices()))
 				// logout
 				.logout((logout) -> logout.logoutUrl("/logout")
 						.logoutSuccessHandler(new HttpStatusReturningLogoutSuccessHandler(HttpStatus.OK)))
 				// exception
 				.exceptionHandling((exceptionHandling) -> exceptionHandling
 						.defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED),
 								new AntPathRequestMatcher("/api/**")));
 		if (oauth2Enabled) {
 			http.oauth2Login((oauth2Login) -> oauth2Login.successHandler(oAuth2AuthenticationSuccessHandler)
 					.failureHandler(new SimpleUrlAuthenticationFailureHandler(loginUrl + "?externalError"))
 					.loginPage("/login"));
 		}
 		return http.build();
 	}
 	@Bean
 	public PersistentTokenRepository persistentTokenRepository() {
 		JdbcTokenRepositoryImpl tokenRepository = new JdbcTokenRepositoryImpl();
 		tokenRepository.setDataSource(dataSource);
 		return tokenRepository;
 	}
 	@Bean
 	public RememberMeServices rememberMeServices() {
 		PersistentTokenBasedRememberMeServices rememberMeServices = new LocalRememberMeServices("remember-me",
 				userManager, persistentTokenRepository());
 		return rememberMeServices;
 	}
 	@Bean
 	public CorsConfigurationSource corsConfigurationSource() {
 		CorsConfiguration configuration = new CorsConfiguration();
 		configuration.setAllowedOriginPatterns(List.of("*"));
 		configuration.setAllowedMethods(Collections.singletonList("*"));
 		configuration.setAllowCredentials(true);
 		configuration.setAllowedHeaders(Collections.singletonList("*"));
 		UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
 		source.registerCorsConfiguration("/**", configuration);
 		return source;
 	}
 }
@@ -0,0 +1,28 @@
 package de.champonthis.buntspecht.security.handler;
 import java.io.IOException;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 public class FormAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private String failureUrl;
    public FormAuthenticationFailureHandler(String failureUrl) {
        super(failureUrl);
        this.failureUrl = failureUrl;
    }
    @Override
    public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
            AuthenticationException exception) throws IOException, ServletException {
        setDefaultFailureUrl(failureUrl + "?error&username=" + request.getParameter("username"));
        super.onAuthenticationFailure(request, response, exception);
        setDefaultFailureUrl(failureUrl);
    }
 }
@@ -0,0 +1,68 @@
 package de.champonthis.buntspecht.security.handler;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.RememberMeServices;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 import de.champonthis.buntspecht.businesslogic.UserManager;
 import de.champonthis.buntspecht.model.User;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
@Component
 public class OAuth2AuthenticationSuccessHandler extends SavedRequestAwareAuthenticationSuccessHandler {
 	@Autowired
 	private UserManager userManager;
 	private RememberMeServices rememberMeServices;
 	/*
 	 * @see org.springframework.security.web.authentication.
 	 * SavedRequestAwareAuthenticationSuccessHandler#onAuthenticationSuccess(javax.
 	 * servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
 	 * org.springframework.security.core.Authentication)
 	 */
 	@Override
 	public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
 			Authentication authentication) throws IOException, ServletException {
 		User user = userManager.getByAuth(authentication);
 		UserDetails userDetails = userManager.loadUserByUsername(user.getUsername());
 		List<GrantedAuthority> authorities = new ArrayList<>();
 		authorities.addAll(authentication.getAuthorities());
 		authorities.addAll(userDetails.getAuthorities());
 		UsernamePasswordAuthenticationToken newAuthentication = new UsernamePasswordAuthenticationToken(userDetails,
 				null, authorities);
 		SecurityContextHolder.getContext().setAuthentication(newAuthentication);
 		if (rememberMeServices != null) {
 			request.setAttribute("remember-me", "true");
 			rememberMeServices.loginSuccess(request, response, newAuthentication);
 		}
 		handle(request, response, newAuthentication);
 		clearAuthenticationAttributes(request);
 	}
 	public void setRememberMeServices(RememberMeServices rememberMeServices) {
 		this.rememberMeServices = rememberMeServices;
 	}
 }