Use method in SecurityUtils to get current user

The direct use of SecurityContextHolder is discouraged.

navalplanner-webapp/src/main/java/org/navalplanner/web/common/TemplateModel.java

@@ -51,12 +51,12 @@ import org.navalplanner.business.scenarios.entities.OrderVersion;
 import org.navalplanner.business.scenarios.entities.Scenario;
 import org.navalplanner.business.users.daos.IUserDAO;
 import org.navalplanner.business.users.entities.User;
+import org.navalplanner.web.security.SecurityUtils;
 import org.navalplanner.web.users.bootstrap.MandatoryUser;
 import org.navalplanner.web.users.services.CustomUser;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanDefinition;
 import org.springframework.context.annotation.Scope;
-import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 import org.springframework.transaction.annotation.Transactional;
 import org.zkoss.ganttz.adapters.PlannerConfiguration;
@@ -231,8 +231,9 @@ public class TemplateModel implements ITemplateModel {
     private void associateToUser(Scenario scenario, User user) {
         user.setLastConnectedScenario(scenario);
         userDAO.save(user);
-        CustomUser customUser = (CustomUser) SecurityContextHolder.getContext()
-                .getAuthentication().getPrincipal();
+        CustomUser customUser = SecurityUtils.getLoggedUser();
+        assert customUser != null : "user must be logged for this method to be called";
+
         customUser.setScenario(scenario);
     }
 

navalplanner-webapp/src/main/java/org/navalplanner/web/scenarios/CurrentUserScenarioAwareManager.java

@@ -28,10 +28,9 @@ import org.navalplanner.business.scenarios.IScenarioManager;
 import org.navalplanner.business.scenarios.bootstrap.IScenariosBootstrap;
 import org.navalplanner.business.scenarios.daos.IScenarioDAO;
 import org.navalplanner.business.scenarios.entities.Scenario;
+import org.navalplanner.web.security.SecurityUtils;
 import org.navalplanner.web.users.services.CustomUser;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.Authentication;
-import org.springframework.security.context.SecurityContextHolder;
 import org.springframework.transaction.annotation.Transactional;
 
 /**
@@ -52,32 +51,33 @@ public class CurrentUserScenarioAwareManager implements IScenarioManager {
     @Override
     @Transactional(readOnly = true)
     public Scenario getCurrent() {
-        Authentication authentication = SecurityContextHolder.getContext()
-                .getAuthentication();
-        Scenario scenario = authentication == null ? scenariosBootstrap
-                .getMain() : getScenarioFrom(authentication);
+        Scenario scenario = scenarioAssociatedToLoggedUser();
+        return reload(scenario);
+    }
 
+    private Scenario scenarioAssociatedToLoggedUser() {
+        CustomUser loggedUser = SecurityUtils.getLoggedUser();
+        if (loggedUser == null) {
+            return scenariosBootstrap.getMain();
+        }
+        return loggedUser.getScenario();
+    }
+
+    private Scenario reload(Scenario scenario) {
         if (scenario.getId() == null) {
             return scenario;
         }
-
-        scenario = scenarioDAO.findExistingEntity(scenario.getId());
-        forceLoad(scenario);
-        return scenario;
+        return forceLoad(scenarioDAO.findExistingEntity(scenario.getId()));
     }
 
-    private void forceLoad(Scenario scenario) {
+    private Scenario forceLoad(Scenario scenario) {
         scenarioDAO.reattach(scenario);
         Set<Order> orders = scenario.getOrders().keySet();
         for (Order order : orders) {
             orderDAO.reattach(order);
             order.getName();
         }
-    }
-
-    private Scenario getScenarioFrom(Authentication authentication) {
-        CustomUser user = (CustomUser) authentication.getPrincipal();
-        return user.getScenario();
+        return scenario;
     }
 
 }

navalplanner-webapp/src/main/java/org/navalplanner/web/security/SecurityUtils.java

@@ -28,6 +28,7 @@ import javax.servlet.http.HttpServletRequest;
 import org.navalplanner.business.users.entities.UserRole;
 import org.navalplanner.web.users.bootstrap.MandatoryUser;
 import org.navalplanner.web.users.services.CustomUser;
+import org.springframework.security.Authentication;
 import org.springframework.security.context.SecurityContextHolder;
 import org.zkoss.zk.ui.Executions;
 
@@ -56,8 +57,18 @@ public final class SecurityUtils {
         return principal.getName();
     }
 
+    /**
+     * @return <code>null</code> if not user is logged
+     */
     public final static CustomUser getLoggedUser() {
-        return (CustomUser) SecurityContextHolder.getContext()
-                .getAuthentication().getPrincipal();
+        Authentication authentication = getAuthentication();
+        if (authentication == null) {
+            return null;
+        }
+        return (CustomUser) authentication.getPrincipal();
+    }
+
+    private static Authentication getAuthentication() {
+        return SecurityContextHolder.getContext().getAuthentication();
     }
 }