From 48ca412a067798d8c607d9915886106dc0862b4c Mon Sep 17 00:00:00 2001
From: mac <trongduc0903@gmail.com>
Date: Tue, 29 Aug 2023 22:40:09 +0700
Subject: [PATCH 1/4] first commit

---
 logs/myapp.log                                | 195 +++++++++++++++++
 starter_code/auth-course.iml                  | 159 --------------
 starter_code/logs/myapp.log                   | 165 ++++++++++++++
 starter_code/pom.xml                          |  39 +++-
 .../com/example/demo/SareetaApplication.java  |  10 +-
 .../demo/controllers/OrderController.java     |  13 +-
 .../demo/controllers/UserController.java      |  16 +-
 .../example/demo/model/persistence/User.java  |  10 +-
 .../model/requests/CreateUserRequest.java     |  19 ++
 .../security/JWTAuthenticationFilter.java     |  61 ++++++
 .../JWTAuthenticationVerficationFilter.java   |  66 ++++++
 .../demo/security/SecurityConstants.java      |  10 +
 .../demo/security/UserDetailsServiceImpl.java |  28 +++
 .../security/WebSecurityConfiguration.java    |  48 ++++
 .../src/main/resources/application.properties |   6 +-
 .../src/main/resources/logback-spring.xml     |  25 +++
 .../test/java/com/example/demo/TestUtils.java |  27 +++
 .../demo/controllers/CartControllerTest.java  | 205 ++++++++++++++++++
 .../demo/controllers/ItemControllerTest.java  |  95 ++++++++
 .../demo/controllers/OrderControllerTest.java | 126 +++++++++++
 .../demo/controllers/UserControllerTest.java  | 102 +++++++++
 .../target/classes/application.properties     |   6 +-
 .../com/example/demo/SareetaApplication.class | Bin 995 -> 1393 bytes
 .../demo/controllers/CartController.class     | Bin 4918 -> 4918 bytes
 .../demo/controllers/ItemController.class     | Bin 2756 -> 2756 bytes
 .../demo/controllers/OrderController.class    | Bin 3018 -> 3607 bytes
 .../demo/controllers/UserController.class     | Bin 3643 -> 4708 bytes
 .../example/demo/model/persistence/Cart.class | Bin 2977 -> 2977 bytes
 .../example/demo/model/persistence/Item.class | Bin 2322 -> 2322 bytes
 .../example/demo/model/persistence/User.class | Bin 1771 -> 2232 bytes
 .../demo/model/persistence/UserOrder.class    | Bin 3034 -> 3034 bytes
 .../repositories/CartRepository.class         | Bin 518 -> 604 bytes
 .../repositories/ItemRepository.class         | Bin 560 -> 646 bytes
 .../repositories/OrderRepository.class        | Bin 618 -> 704 bytes
 .../repositories/UserRepository.class         | Bin 503 -> 589 bytes
 .../model/requests/CreateUserRequest.class    | Bin 722 -> 1177 bytes
 .../model/requests/ModifyCartRequest.class    | Bin 1184 -> 1184 bytes
 .../demo/SareetaApplicationTests.class        | Bin 631 -> 631 bytes
 38 files changed, 1263 insertions(+), 168 deletions(-)
 create mode 100644 logs/myapp.log
 delete mode 100644 starter_code/auth-course.iml
 create mode 100644 starter_code/logs/myapp.log
 create mode 100644 starter_code/src/main/java/com/example/demo/security/JWTAuthenticationFilter.java
 create mode 100644 starter_code/src/main/java/com/example/demo/security/JWTAuthenticationVerficationFilter.java
 create mode 100644 starter_code/src/main/java/com/example/demo/security/SecurityConstants.java
 create mode 100644 starter_code/src/main/java/com/example/demo/security/UserDetailsServiceImpl.java
 create mode 100644 starter_code/src/main/java/com/example/demo/security/WebSecurityConfiguration.java
 create mode 100644 starter_code/src/main/resources/logback-spring.xml
 create mode 100644 starter_code/src/test/java/com/example/demo/TestUtils.java
 create mode 100644 starter_code/src/test/java/com/example/demo/controllers/CartControllerTest.java
 create mode 100644 starter_code/src/test/java/com/example/demo/controllers/ItemControllerTest.java
 create mode 100644 starter_code/src/test/java/com/example/demo/controllers/OrderControllerTest.java
 create mode 100644 starter_code/src/test/java/com/example/demo/controllers/UserControllerTest.java

diff --git a/logs/myapp.log b/logs/myapp.log
new file mode 100644
index 000000000..b9dc355eb
--- /dev/null
+++ b/logs/myapp.log
@@ -0,0 +1,195 @@
+00:09:02.740 [main] INFO  com.example.demo.SareetaApplication - Starting SareetaApplication on Duc-Than-Trong.local with PID 44418 (/Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code/target/classes started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps)
+00:09:02.743 [main] INFO  com.example.demo.SareetaApplication - No active profile set, falling back to default profiles: default
+00:09:03.376 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+00:09:03.461 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 75ms. Found 4 repository interfaces.
+00:09:04.052 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$2ee56919] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+00:09:04.380 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8080 (http)
+00:09:04.397 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8080"]
+00:09:04.410 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+00:09:04.411 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.19]
+00:09:04.511 [main] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
+00:09:04.511 [main] INFO  o.s.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 1716 ms
+00:09:04.712 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+00:09:04.884 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+00:09:04.957 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+00:09:05.034 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+00:09:05.036 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+00:09:05.207 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+00:09:05.363 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+00:09:06.183 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+00:09:06.768 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+00:09:06.836 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1820f274, org.springframework.security.web.context.SecurityContextPersistenceFilter@14624acc, org.springframework.security.web.header.HeaderWriterFilter@3e5b2630, org.springframework.web.filter.CorsFilter@221cdd87, org.springframework.security.web.authentication.logout.LogoutFilter@165454f7, com.example.demo.security.JWTAuthenticationFilter@4d66cb, com.example.demo.security.JWTAuthenticationVerficationFilter@7c79f2cf, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@f453129, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2c8f65da, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@63551c66, org.springframework.security.web.session.SessionManagementFilter@75ac326f, org.springframework.security.web.access.ExceptionTranslationFilter@49741274, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@276aa33f]
+00:09:06.942 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+00:09:07.127 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8080"]
+00:09:07.174 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8080 (http) with context path ''
+00:09:07.177 [main] INFO  com.example.demo.SareetaApplication - Started SareetaApplication in 4.972 seconds (JVM running for 5.507)
+00:09:18.249 [http-nio-8080-exec-1] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring DispatcherServlet 'dispatcherServlet'
+00:09:18.249 [http-nio-8080-exec-1] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
+00:09:18.264 [http-nio-8080-exec-1] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 15 ms
+00:09:18.523 [http-nio-8080-exec-1] INFO  c.e.demo.controllers.UserController - Create user name is : ductt18 success 
+00:09:49.062 [http-nio-8080-exec-3] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
+00:09:49.064 [http-nio-8080-exec-3] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
+00:09:49.083 [http-nio-8080-exec-3] INFO  o.h.h.i.QueryTranslatorFactoryInitiator - HHH000397: Using ASTQueryTranslatorFactory
+00:09:49.169 [http-nio-8080-exec-3] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException: Cannot invoke "com.example.demo.model.persistence.User.getUsername()" because "user" is null] with root cause
+java.lang.NullPointerException: Cannot invoke "com.example.demo.model.persistence.User.getUsername()" because "user" is null
+	at com.example.demo.controllers.OrderController.submit(OrderController.java:38)
+	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
+	at java.base/java.lang.reflect.Method.invoke(Method.java:578)
+	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
+	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
+	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
+	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892)
+	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)
+	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
+	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1039)
+	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
+	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
+	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908)
+	at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
+	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
+	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
+	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
+	at com.example.demo.security.JWTAuthenticationVerficationFilter.doFilterInternal(JWTAuthenticationVerficationFilter.java:45)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
+	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
+	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at com.example.demo.security.JWTAuthenticationVerficationFilter.doFilterInternal(JWTAuthenticationVerficationFilter.java:45)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
+	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
+	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
+	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
+	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
+	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
+	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
+	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
+	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
+	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
+	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
+	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
+	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
+	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
+	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
+	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
+	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
+	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
+	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
+	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
+	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
+	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
+	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1747)
+	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
+	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
+	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
+	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
+	at java.base/java.lang.Thread.run(Thread.java:1623)
+00:15:13.493 [http-nio-8080-exec-10] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
+00:15:13.494 [http-nio-8080-exec-10] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
+00:15:13.515 [http-nio-8080-exec-10] INFO  c.e.demo.controllers.OrderController - Order request of ductt18 success 
+00:28:20.117 [Thread-3] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+00:28:20.119 [Thread-3] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+00:28:20.121 [Thread-3] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+00:28:20.123 [Thread-3] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
+00:28:22.015 [main] INFO  com.example.demo.SareetaApplication - Starting SareetaApplication on Duc-Than-Trong.local with PID 45831 (/Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code/target/classes started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps)
+00:28:22.019 [main] INFO  com.example.demo.SareetaApplication - No active profile set, falling back to default profiles: default
+00:28:22.603 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+00:28:22.677 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 63ms. Found 4 repository interfaces.
+00:28:23.234 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$637374b9] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+00:28:23.538 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8080 (http)
+00:28:23.554 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8080"]
+00:28:23.572 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+00:28:23.573 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.19]
+00:28:23.674 [main] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
+00:28:23.675 [main] INFO  o.s.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 1604 ms
+00:28:23.863 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+00:28:24.032 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+00:28:24.096 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+00:28:24.163 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+00:28:24.165 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+00:28:24.328 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+00:28:24.478 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+00:28:25.250 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+00:28:25.887 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+00:28:25.963 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7fad28ac, org.springframework.security.web.context.SecurityContextPersistenceFilter@5fd31df7, org.springframework.security.web.header.HeaderWriterFilter@656302c, org.springframework.web.filter.CorsFilter@3450bd13, org.springframework.security.web.authentication.logout.LogoutFilter@66589252, com.example.demo.security.JWTAuthenticationFilter@1bb51492, com.example.demo.security.JWTAuthenticationVerficationFilter@5da1a97f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2c8f65da, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5ff29e8b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4b5f022f, org.springframework.security.web.session.SessionManagementFilter@49809275, org.springframework.security.web.access.ExceptionTranslationFilter@f453129, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@39c1e7b7]
+00:28:26.082 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+00:28:26.262 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8080"]
+00:28:26.309 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8080 (http) with context path ''
+00:28:26.313 [main] INFO  com.example.demo.SareetaApplication - Started SareetaApplication in 4.846 seconds (JVM running for 5.444)
+00:28:43.497 [http-nio-8080-exec-2] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring DispatcherServlet 'dispatcherServlet'
+00:28:43.498 [http-nio-8080-exec-2] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
+00:28:43.506 [http-nio-8080-exec-2] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 8 ms
+00:28:43.736 [http-nio-8080-exec-2] INFO  c.e.demo.controllers.UserController - Create user name is : ductt18 success 
+00:28:53.461 [http-nio-8080-exec-3] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
+00:28:53.463 [http-nio-8080-exec-3] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
+00:28:53.485 [http-nio-8080-exec-3] INFO  o.h.h.i.QueryTranslatorFactoryInitiator - HHH000397: Using ASTQueryTranslatorFactory
+00:28:53.569 [http-nio-8080-exec-3] ERROR c.e.demo.controllers.OrderController - Order request of failed. Because user not exists 
+00:30:52.524 [http-nio-8080-exec-6] ERROR c.e.demo.controllers.UserController - Create user failed
+00:31:18.496 [http-nio-8080-exec-8] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
+00:31:18.497 [http-nio-8080-exec-8] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
+00:31:18.520 [http-nio-8080-exec-8] INFO  c.e.demo.controllers.OrderController - Order request of ductt18 success 
+01:39:17.238 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=30m22s311ms).
+02:39:34.207 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1h16s971ms).
+02:57:24.010 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=17m19s792ms).
+03:13:21.803 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=15m57s793ms).
+03:32:06.549 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=18m14s744ms).
+05:20:22.266 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1h47m45s702ms).
+07:08:38.979 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1h47m46s694ms).
+07:26:08.664 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=17m29s685ms).
+07:36:08.599 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=9m29s851ms).
+11:44:18.185 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=4h39s263ms).
+13:15:49.175 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Retrograde clock change detected (housekeeper delta=28s1ms), soft-evicting connections from pool.
+14:16:35.549 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1h16s415ms).
+14:33:47.836 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=16m42s279ms).
+14:54:26.500 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=17m8s643ms).
+15:12:08.418 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=16m11s891ms).
+15:30:14.105 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=17m4s240ms).
+15:55:31.803 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=25m17s698ms).
+16:23:51.820 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=27m49s726ms).
diff --git a/starter_code/auth-course.iml b/starter_code/auth-course.iml
deleted file mode 100644
index c9b8a2ac9..000000000
--- a/starter_code/auth-course.iml
+++ /dev/null
@@ -1,159 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module org.jetbrains.idea.maven.project.MavenProjectsManager.isMavenModule="true" type="JAVA_MODULE" version="4">
-  <component name="NewModuleRootManager" LANGUAGE_LEVEL="JDK_1_8">
-    <output url="file://$MODULE_DIR$/target/classes" />
-    <output-test url="file://$MODULE_DIR$/target/test-classes" />
-    <content url="file://$MODULE_DIR$">
-      <sourceFolder url="file://$MODULE_DIR$/src/main/java" isTestSource="false" />
-      <sourceFolder url="file://$MODULE_DIR$/src/main/resources" type="java-resource" />
-      <sourceFolder url="file://$MODULE_DIR$/src/test/java" isTestSource="true" />
-      <excludeFolder url="file://$MODULE_DIR$/target" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-data-jpa:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-aop:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-aop:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.aspectj:aspectjweaver:1.9.4" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-jdbc:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: com.zaxxer:HikariCP:3.2.0" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-jdbc:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: javax.transaction:javax.transaction-api:1.3" level="project" />
-    <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.3.1" level="project" />
-    <orderEntry type="library" name="Maven: javax.activation:javax.activation-api:1.2.0" level="project" />
-    <orderEntry type="library" name="Maven: org.hibernate:hibernate-core:5.3.10.Final" level="project" />
-    <orderEntry type="library" name="Maven: org.jboss.logging:jboss-logging:3.3.2.Final" level="project" />
-    <orderEntry type="library" name="Maven: javax.persistence:javax.persistence-api:2.2" level="project" />
-    <orderEntry type="library" name="Maven: org.javassist:javassist:3.23.2-GA" level="project" />
-    <orderEntry type="library" name="Maven: net.bytebuddy:byte-buddy:1.9.12" level="project" />
-    <orderEntry type="library" name="Maven: org.jboss:jandex:2.0.5.Final" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml:classmate:1.4.0" level="project" />
-    <orderEntry type="library" name="Maven: org.dom4j:dom4j:2.1.1" level="project" />
-    <orderEntry type="library" name="Maven: org.hibernate.common:hibernate-commons-annotations:5.0.4.Final" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-jpa:2.1.8.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-commons:2.1.8.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-orm:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-context:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-tx:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-beans:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.26" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-aspects:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.11.2" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.11.2" level="project" />
-    <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.26" level="project" />
-    <orderEntry type="library" scope="RUNTIME" name="Maven: org.yaml:snakeyaml:1.23" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.9.0" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: org.hibernate.validator:hibernate-validator:6.0.16.Final" level="project" />
-    <orderEntry type="library" name="Maven: javax.validation:validation-api:2.0.1.Final" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-web:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-webmvc:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-expression:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: javax.annotation:javax.annotation-api:1.3.2" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.19" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.19" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.19" level="project" />
-    <orderEntry type="library" scope="RUNTIME" name="Maven: com.h2database:h2:1.4.199" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: junit:junit:4.12" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.11.1" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:2.23.4" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.9.12" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-core:1.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-library:1.3" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-core:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-jcl:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.6.2" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-data-jpa:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-aop:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-aop:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.aspectj:aspectjweaver:1.9.4" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-jdbc:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: com.zaxxer:HikariCP:3.2.0" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-jdbc:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: javax.transaction:javax.transaction-api:1.3" level="project" />
-    <orderEntry type="library" name="Maven: javax.xml.bind:jaxb-api:2.3.1" level="project" />
-    <orderEntry type="library" name="Maven: javax.activation:javax.activation-api:1.2.0" level="project" />
-    <orderEntry type="library" name="Maven: org.hibernate:hibernate-core:5.3.10.Final" level="project" />
-    <orderEntry type="library" name="Maven: org.jboss.logging:jboss-logging:3.3.2.Final" level="project" />
-    <orderEntry type="library" name="Maven: javax.persistence:javax.persistence-api:2.2" level="project" />
-    <orderEntry type="library" name="Maven: org.javassist:javassist:3.23.2-GA" level="project" />
-    <orderEntry type="library" name="Maven: net.bytebuddy:byte-buddy:1.9.12" level="project" />
-    <orderEntry type="library" name="Maven: antlr:antlr:2.7.7" level="project" />
-    <orderEntry type="library" name="Maven: org.jboss:jandex:2.0.5.Final" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml:classmate:1.4.0" level="project" />
-    <orderEntry type="library" name="Maven: org.dom4j:dom4j:2.1.1" level="project" />
-    <orderEntry type="library" name="Maven: org.hibernate.common:hibernate-commons-annotations:5.0.4.Final" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-jpa:2.1.8.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.data:spring-data-commons:2.1.8.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-orm:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-context:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-tx:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-beans:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.slf4j:slf4j-api:1.7.26" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-aspects:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-web:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-autoconfigure:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-logging:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: ch.qos.logback:logback-classic:1.2.3" level="project" />
-    <orderEntry type="library" name="Maven: ch.qos.logback:logback-core:1.2.3" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-to-slf4j:2.11.2" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.logging.log4j:log4j-api:2.11.2" level="project" />
-    <orderEntry type="library" name="Maven: org.slf4j:jul-to-slf4j:1.7.26" level="project" />
-    <orderEntry type="library" scope="RUNTIME" name="Maven: org.yaml:snakeyaml:1.23" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-json:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-databind:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-annotations:2.9.0" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.core:jackson-core:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jdk8:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.datatype:jackson-datatype-jsr310:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: com.fasterxml.jackson.module:jackson-module-parameter-names:2.9.8" level="project" />
-    <orderEntry type="library" name="Maven: org.hibernate.validator:hibernate-validator:6.0.16.Final" level="project" />
-    <orderEntry type="library" name="Maven: javax.validation:validation-api:2.0.1.Final" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-web:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-webmvc:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-expression:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework.boot:spring-boot-starter-tomcat:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: javax.annotation:javax.annotation-api:1.3.2" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-core:9.0.19" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-el:9.0.19" level="project" />
-    <orderEntry type="library" name="Maven: org.apache.tomcat.embed:tomcat-embed-websocket:9.0.19" level="project" />
-    <orderEntry type="library" scope="RUNTIME" name="Maven: com.h2database:h2:1.4.199" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-starter-test:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.springframework.boot:spring-boot-test-autoconfigure:2.1.5.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.jayway.jsonpath:json-path:2.4.0" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: net.minidev:json-smart:2.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: net.minidev:accessors-smart:1.2" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.ow2.asm:asm:5.0.4" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: junit:junit:4.12" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.assertj:assertj-core:3.11.1" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.mockito:mockito-core:2.23.4" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: net.bytebuddy:byte-buddy-agent:1.9.12" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.objenesis:objenesis:2.6" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-core:1.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.hamcrest:hamcrest-library:1.3" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.skyscreamer:jsonassert:1.5.0" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: com.vaadin.external.google:android-json:0.0.20131108.vaadin1" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-core:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" name="Maven: org.springframework:spring-jcl:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.springframework:spring-test:5.1.7.RELEASE" level="project" />
-    <orderEntry type="library" scope="TEST" name="Maven: org.xmlunit:xmlunit-core:2.6.2" level="project" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/starter_code/logs/myapp.log b/starter_code/logs/myapp.log
new file mode 100644
index 000000000..6b295325a
--- /dev/null
+++ b/starter_code/logs/myapp.log
@@ -0,0 +1,165 @@
+00:49:14.090 [main] INFO  c.e.demo.SareetaApplicationTests - Starting SareetaApplicationTests on Duc-Than-Trong.local with PID 47780 (started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code)
+00:49:14.091 [main] INFO  c.e.demo.SareetaApplicationTests - No active profile set, falling back to default profiles: default
+00:49:14.574 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+00:49:14.646 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 64ms. Found 4 repository interfaces.
+00:49:15.310 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$4606383f] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+00:49:15.562 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+00:49:15.719 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+00:49:15.778 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+00:49:15.865 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+00:49:15.867 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+00:49:16.014 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+00:49:16.128 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+00:49:16.834 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+00:49:17.511 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+00:49:17.608 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7f8f5d37, org.springframework.security.web.context.SecurityContextPersistenceFilter@91a1005, org.springframework.security.web.header.HeaderWriterFilter@41581c3f, org.springframework.web.filter.CorsFilter@f9cd1e6, org.springframework.security.web.authentication.logout.LogoutFilter@582ca1e2, com.example.demo.security.JWTAuthenticationFilter@3ff53704, com.example.demo.security.JWTAuthenticationVerficationFilter@34d11c92, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@48aaaed9, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1e1ea16d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@31b289da, org.springframework.security.web.session.SessionManagementFilter@63636de0, org.springframework.security.web.access.ExceptionTranslationFilter@52f7fa65, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4e0802e0]
+00:49:17.954 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+00:49:18.163 [main] INFO  c.e.demo.SareetaApplicationTests - Started SareetaApplicationTests in 4.503 seconds (JVM running for 5.355)
+00:49:18.269 [Thread-4] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+00:49:18.270 [Thread-4] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+00:49:18.272 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+00:49:18.274 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
+12:25:13.471 [main] INFO  c.e.demo.SareetaApplicationTests - Starting SareetaApplicationTests on Duc-Than-Trong.local with PID 53920 (started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code)
+12:25:13.473 [main] INFO  c.e.demo.SareetaApplicationTests - No active profile set, falling back to default profiles: default
+12:25:13.942 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+12:25:14.017 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 67ms. Found 4 repository interfaces.
+12:25:14.517 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$72130427] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+12:25:14.700 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+12:25:14.852 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+12:25:14.915 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+12:25:14.984 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+12:25:14.985 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+12:25:15.141 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+12:25:15.254 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+12:25:15.957 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+12:25:16.634 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+12:25:16.739 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@c7269ad, org.springframework.security.web.context.SecurityContextPersistenceFilter@4a45ca1c, org.springframework.security.web.header.HeaderWriterFilter@65e92505, org.springframework.web.filter.CorsFilter@1c23e369, org.springframework.security.web.authentication.logout.LogoutFilter@3ad558bf, com.example.demo.security.JWTAuthenticationFilter@38445703, com.example.demo.security.JWTAuthenticationVerficationFilter@44ae6b66, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@7c4a03a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@66226ab, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5b0e5d5f, org.springframework.security.web.session.SessionManagementFilter@29394966, org.springframework.security.web.access.ExceptionTranslationFilter@76d0a290, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@1614499b]
+12:25:17.080 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+12:25:17.286 [main] INFO  c.e.demo.SareetaApplicationTests - Started SareetaApplicationTests in 4.235 seconds (JVM running for 5.327)
+12:25:17.398 [Thread-4] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+12:25:17.399 [Thread-4] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+12:25:17.401 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+12:25:17.403 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
+12:36:47.726 [main] INFO  c.e.demo.SareetaApplicationTests - Starting SareetaApplicationTests on Duc-Than-Trong.local with PID 54870 (started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code)
+12:36:47.727 [main] INFO  c.e.demo.SareetaApplicationTests - No active profile set, falling back to default profiles: default
+12:36:48.172 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+12:36:48.248 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 67ms. Found 4 repository interfaces.
+12:36:48.730 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$2da77b1] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+12:36:48.917 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+12:36:49.068 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+12:36:49.138 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+12:36:49.207 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+12:36:49.208 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+12:36:49.335 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+12:36:49.449 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+12:36:50.133 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+12:36:50.788 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+12:36:50.879 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@4deca78, org.springframework.security.web.context.SecurityContextPersistenceFilter@63636de0, org.springframework.security.web.header.HeaderWriterFilter@7bfcc108, org.springframework.web.filter.CorsFilter@5f65e0c0, org.springframework.security.web.authentication.logout.LogoutFilter@4c91a008, com.example.demo.security.JWTAuthenticationFilter@566cc6af, com.example.demo.security.JWTAuthenticationVerficationFilter@d70dbeb, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@716e6fa5, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2fcffc05, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7f8f5d37, org.springframework.security.web.session.SessionManagementFilter@87f6ab5, org.springframework.security.web.access.ExceptionTranslationFilter@105dc246, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@e4348c0]
+12:36:51.232 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+12:36:51.441 [main] INFO  c.e.demo.SareetaApplicationTests - Started SareetaApplicationTests in 4.15 seconds (JVM running for 4.979)
+12:36:51.556 [Thread-4] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+12:36:51.558 [Thread-4] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+12:36:51.560 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+12:36:51.562 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
+12:54:39.892 [main] INFO  c.e.demo.SareetaApplicationTests - Starting SareetaApplicationTests on Duc-Than-Trong.local with PID 56252 (started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code)
+12:54:39.893 [main] INFO  c.e.demo.SareetaApplicationTests - No active profile set, falling back to default profiles: default
+12:54:40.347 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+12:54:40.422 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 67ms. Found 4 repository interfaces.
+12:54:40.913 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$6a237d8f] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+12:54:41.114 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+12:54:41.297 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+12:54:41.382 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+12:54:41.493 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+12:54:41.494 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+12:54:41.693 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+12:54:41.828 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+12:54:42.533 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+12:54:43.187 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+12:54:43.285 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@578198d9, org.springframework.security.web.context.SecurityContextPersistenceFilter@10ba9780, org.springframework.security.web.header.HeaderWriterFilter@62c6db99, org.springframework.web.filter.CorsFilter@4deca78, org.springframework.security.web.authentication.logout.LogoutFilter@3691d4da, com.example.demo.security.JWTAuthenticationFilter@5f65e0c0, com.example.demo.security.JWTAuthenticationVerficationFilter@566cc6af, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@352ce817, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@328e50eb, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@d70dbeb, org.springframework.security.web.session.SessionManagementFilter@65b680b4, org.springframework.security.web.access.ExceptionTranslationFilter@6ed7b9c5, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6f1163f7]
+12:54:43.654 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+12:54:43.867 [main] INFO  c.e.demo.SareetaApplicationTests - Started SareetaApplicationTests in 4.419 seconds (JVM running for 5.302)
+12:54:43.994 [Thread-4] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+12:54:43.996 [Thread-4] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+12:54:43.997 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+12:54:43.999 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
+16:24:12.363 [main] INFO  c.e.demo.SareetaApplicationTests - Starting SareetaApplicationTests on Duc-Than-Trong.local with PID 58913 (started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code)
+16:24:12.367 [main] INFO  c.e.demo.SareetaApplicationTests - No active profile set, falling back to default profiles: default
+16:24:13.096 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+16:24:13.169 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 63ms. Found 4 repository interfaces.
+16:24:13.751 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$4818928b] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+16:24:13.936 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+16:24:14.092 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+16:24:14.157 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+16:24:14.226 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+16:24:14.227 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+16:24:14.393 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+16:24:14.516 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+16:24:15.242 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+16:24:15.895 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+16:24:15.993 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@58b5d5fc, org.springframework.security.web.context.SecurityContextPersistenceFilter@3691d4da, org.springframework.security.web.header.HeaderWriterFilter@2954c429, org.springframework.web.filter.CorsFilter@42536da6, org.springframework.security.web.authentication.logout.LogoutFilter@79a68657, com.example.demo.security.JWTAuthenticationFilter@7591cbd1, com.example.demo.security.JWTAuthenticationVerficationFilter@5cdc8499, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2173e4d5, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@1cca3e8c, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2a30b0cb, org.springframework.security.web.session.SessionManagementFilter@4742466e, org.springframework.security.web.access.ExceptionTranslationFilter@2157889c, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4deca78]
+16:24:16.362 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+16:24:16.590 [main] INFO  c.e.demo.SareetaApplicationTests - Started SareetaApplicationTests in 4.767 seconds (JVM running for 5.986)
+16:24:16.705 [Thread-4] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+16:24:16.707 [Thread-4] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+16:24:16.709 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+16:24:16.712 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
+16:31:52.456 [main] INFO  c.e.demo.SareetaApplicationTests - Starting SareetaApplicationTests on Duc-Than-Trong.local with PID 59526 (started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code)
+16:31:52.457 [main] INFO  c.e.demo.SareetaApplicationTests - No active profile set, falling back to default profiles: default
+16:31:52.901 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+16:31:52.973 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 64ms. Found 4 repository interfaces.
+16:31:53.460 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$2e55bdda] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+16:31:53.646 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+16:31:53.808 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+16:31:53.882 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+16:31:53.953 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+16:31:53.955 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+16:31:54.102 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+16:31:54.214 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+16:31:54.923 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+16:31:55.584 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+16:31:55.696 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@34d11c92, org.springframework.security.web.context.SecurityContextPersistenceFilter@48aaaed9, org.springframework.security.web.header.HeaderWriterFilter@3494a35e, org.springframework.web.filter.CorsFilter@31b289da, org.springframework.security.web.authentication.logout.LogoutFilter@4713b631, com.example.demo.security.JWTAuthenticationFilter@58486deb, com.example.demo.security.JWTAuthenticationVerficationFilter@4e933cf1, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@328e50eb, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@65e92505, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@729a9c3d, org.springframework.security.web.session.SessionManagementFilter@716e6fa5, org.springframework.security.web.access.ExceptionTranslationFilter@65b680b4, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7857cb1d]
+16:31:56.045 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+16:31:56.261 [main] INFO  c.e.demo.SareetaApplicationTests - Started SareetaApplicationTests in 4.286 seconds (JVM running for 5.124)
+16:31:56.373 [Thread-4] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+16:31:56.375 [Thread-4] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+16:31:56.376 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+16:31:56.378 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
+17:39:31.864 [main] INFO  c.e.demo.SareetaApplicationTests - Starting SareetaApplicationTests on Duc-Than-Trong.local with PID 64741 (started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code)
+17:39:31.866 [main] INFO  c.e.demo.SareetaApplicationTests - No active profile set, falling back to default profiles: default
+17:39:32.793 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+17:39:32.892 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 80ms. Found 4 repository interfaces.
+17:39:33.706 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$d7a8b967] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+17:39:33.985 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+17:39:34.409 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+17:39:34.508 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+	name: default
+	...]
+17:39:34.634 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+17:39:34.636 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+17:39:34.845 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+17:39:35.075 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+17:39:36.289 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+17:39:37.350 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+17:39:37.492 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@510e6b93, org.springframework.security.web.context.SecurityContextPersistenceFilter@3d1b43d8, org.springframework.security.web.header.HeaderWriterFilter@69ed96e1, org.springframework.web.filter.CorsFilter@129e45eb, org.springframework.security.web.authentication.logout.LogoutFilter@354e2bff, com.example.demo.security.JWTAuthenticationFilter@15c3849f, com.example.demo.security.JWTAuthenticationVerficationFilter@4a7e469d, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@3462e99a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@6d41200c, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@688efeb2, org.springframework.security.web.session.SessionManagementFilter@3ac326c0, org.springframework.security.web.access.ExceptionTranslationFilter@6839d03b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@7eb774c3]
+17:39:38.086 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+17:39:38.360 [main] INFO  c.e.demo.SareetaApplicationTests - Started SareetaApplicationTests in 7.227 seconds (JVM running for 8.704)
+17:39:38.826 [main] ERROR c.e.demo.controllers.OrderController - Order request of failed. Because user not exists 
+17:39:38.828 [main] INFO  c.e.demo.controllers.OrderController - Order request of Username success 
+17:39:38.850 [main] ERROR c.e.demo.controllers.UserController - Create user failed
+17:39:38.851 [main] INFO  c.e.demo.controllers.UserController - Create user name is : ductt18 success 
+17:39:38.855 [Thread-4] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+17:39:38.857 [Thread-4] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+17:39:38.858 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+17:39:38.861 [Thread-4] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
diff --git a/starter_code/pom.xml b/starter_code/pom.xml
index 608bb212f..1a486b213 100644
--- a/starter_code/pom.xml
+++ b/starter_code/pom.xml
@@ -16,7 +16,7 @@
 	<description>Demo project for Spring Boot</description>
 
 	<properties>
-		<java.version>1.8</java.version>
+		<java.version>11</java.version>
     	<maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
 	</properties>
 
@@ -50,6 +50,43 @@
 		    <artifactId>tomcat-maven-plugin</artifactId>
 		    <version>1.1</version>
 		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-test</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-security</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>org.springframework.security</groupId>
+			<artifactId>spring-security-config</artifactId>
+		</dependency>
+
+		<dependency>
+			<groupId>com.auth0</groupId>
+			<artifactId>java-jwt</artifactId>
+			<version>3.11.0</version>
+		</dependency>
+		<dependency>
+			<groupId>junit</groupId>
+			<artifactId>junit</artifactId>
+			<version>4.12</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.mockito</groupId>
+			<artifactId>mockito-core</artifactId>
+			<version>2.23.4</version>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.slf4j</groupId>
+			<artifactId>slf4j-log4j12</artifactId>
+			<version>1.7.25</version>
+			<scope>test</scope>
+		</dependency>
 	</dependencies>
 
 	<build>
diff --git a/starter_code/src/main/java/com/example/demo/SareetaApplication.java b/starter_code/src/main/java/com/example/demo/SareetaApplication.java
index f161f699d..e56582b99 100644
--- a/starter_code/src/main/java/com/example/demo/SareetaApplication.java
+++ b/starter_code/src/main/java/com/example/demo/SareetaApplication.java
@@ -3,13 +3,21 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.context.annotation.Bean;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 @EnableJpaRepositories("com.example.demo.model.persistence.repositories")
 @EntityScan("com.example.demo.model.persistence")
-@SpringBootApplication
+@SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
 public class SareetaApplication {
 
+	@Bean
+	public BCryptPasswordEncoder bCryptPasswordEncoder() {
+		return new BCryptPasswordEncoder();
+	}
+
 	public static void main(String[] args) {
 		SpringApplication.run(SareetaApplication.class, args);
 	}
diff --git a/starter_code/src/main/java/com/example/demo/controllers/OrderController.java b/starter_code/src/main/java/com/example/demo/controllers/OrderController.java
index 79b8b288c..122feb90b 100644
--- a/starter_code/src/main/java/com/example/demo/controllers/OrderController.java
+++ b/starter_code/src/main/java/com/example/demo/controllers/OrderController.java
@@ -2,6 +2,9 @@
 
 import java.util.List;
 
+import com.example.demo.model.persistence.repositories.ItemRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.GetMapping;
@@ -20,21 +23,25 @@
 @RestController
 @RequestMapping("/api/order")
 public class OrderController {
-	
-	
+
+	private static final Logger log = LoggerFactory.getLogger(OrderController.class);
 	@Autowired
 	private UserRepository userRepository;
 	
 	@Autowired
 	private OrderRepository orderRepository;
-	
+
+	@Autowired
+	private ItemRepository itemRepository;
 	
 	@PostMapping("/submit/{username}")
 	public ResponseEntity<UserOrder> submit(@PathVariable String username) {
 		User user = userRepository.findByUsername(username);
 		if(user == null) {
+			log.error("Order request of failed. Because user not exists ");
 			return ResponseEntity.notFound().build();
 		}
+		log.info("Order request of {} success ",user.getUsername());
 		UserOrder order = UserOrder.createFromCart(user.getCart());
 		orderRepository.save(order);
 		return ResponseEntity.ok(order);
diff --git a/starter_code/src/main/java/com/example/demo/controllers/UserController.java b/starter_code/src/main/java/com/example/demo/controllers/UserController.java
index 87e8089df..b316cd82a 100644
--- a/starter_code/src/main/java/com/example/demo/controllers/UserController.java
+++ b/starter_code/src/main/java/com/example/demo/controllers/UserController.java
@@ -2,9 +2,12 @@
 
 import java.util.Optional;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -21,13 +24,17 @@
 @RestController
 @RequestMapping("/api/user")
 public class UserController {
-	
+
+	private static final Logger log = LoggerFactory.getLogger(UserController.class);
 	@Autowired
 	private UserRepository userRepository;
 	
 	@Autowired
 	private CartRepository cartRepository;
 
+	@Autowired
+	private BCryptPasswordEncoder bCryptPasswordEncoder;
+
 	@GetMapping("/id/{id}")
 	public ResponseEntity<User> findById(@PathVariable Long id) {
 		return ResponseEntity.of(userRepository.findById(id));
@@ -46,7 +53,14 @@ public ResponseEntity<User> createUser(@RequestBody CreateUserRequest createUser
 		Cart cart = new Cart();
 		cartRepository.save(cart);
 		user.setCart(cart);
+		if(createUserRequest.getPassword().length()<7 ||
+				!createUserRequest.getPassword().equals(createUserRequest.getConfirmPassword())){
+			log.error("Create user failed");
+			return ResponseEntity.badRequest().build();
+		}
+		user.setPassword(bCryptPasswordEncoder.encode(createUserRequest.getPassword()));
 		userRepository.save(user);
+		log.info("Create user name is : {} success ", createUserRequest.getUsername());
 		return ResponseEntity.ok(user);
 	}
 	
diff --git a/starter_code/src/main/java/com/example/demo/model/persistence/User.java b/starter_code/src/main/java/com/example/demo/model/persistence/User.java
index ab85ccc60..42314e73b 100644
--- a/starter_code/src/main/java/com/example/demo/model/persistence/User.java
+++ b/starter_code/src/main/java/com/example/demo/model/persistence/User.java
@@ -26,7 +26,15 @@ public class User {
 	@Column(nullable = false, unique = true)
 	@JsonProperty
 	private String username;
-	
+	@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
+	@Column(nullable = false)
+	private String password;
+	public String getPassword(){
+		return password;
+	}
+	public void setPassword(String password) {
+		this.password = password;
+	}
 	@OneToOne(cascade = CascadeType.ALL)
     @JoinColumn(name = "cart_id", referencedColumnName = "id")
 	@JsonIgnore
diff --git a/starter_code/src/main/java/com/example/demo/model/requests/CreateUserRequest.java b/starter_code/src/main/java/com/example/demo/model/requests/CreateUserRequest.java
index a92d0bbb6..b13b50515 100644
--- a/starter_code/src/main/java/com/example/demo/model/requests/CreateUserRequest.java
+++ b/starter_code/src/main/java/com/example/demo/model/requests/CreateUserRequest.java
@@ -6,6 +6,11 @@ public class CreateUserRequest {
 
 	@JsonProperty
 	private String username;
+	@JsonProperty
+	private String password;
+
+	@JsonProperty
+	private String confirmPassword;
 
 	public String getUsername() {
 		return username;
@@ -14,4 +19,18 @@ public String getUsername() {
 	public void setUsername(String username) {
 		this.username = username;
 	}
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	public void setConfirmPassword(String confirmPassword) {
+		this.confirmPassword = confirmPassword;
+	}
+	public String getPassword() {
+		return password;
+	}
+
+	public String getConfirmPassword() {
+		return confirmPassword;
+	}
 }
diff --git a/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationFilter.java b/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationFilter.java
new file mode 100644
index 000000000..c413c086f
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationFilter.java
@@ -0,0 +1,61 @@
+package com.example.demo.security;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import com.auth0.jwt.JWT;
+import com.example.demo.model.persistence.User;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import static com.auth0.jwt.algorithms.Algorithm.HMAC512;
+
+public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
+
+    private AuthenticationManager authenticationManager;
+
+    public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest req,
+                                                HttpServletResponse res) throws AuthenticationException {
+        try {
+            User credentials = new ObjectMapper()
+                    .readValue(req.getInputStream(), User.class);
+
+            return authenticationManager.authenticate(
+                    new UsernamePasswordAuthenticationToken(
+                            credentials.getUsername(),
+                            credentials.getPassword(),
+                            new ArrayList<>()));
+        } catch (IOException e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    @Override
+    protected void successfulAuthentication(HttpServletRequest req,
+                                            HttpServletResponse res,
+                                            FilterChain chain,
+                                            Authentication auth) throws IOException, ServletException {
+
+        String token = JWT.create()
+                .withSubject(((org.springframework.security.core.userdetails.User) auth.getPrincipal()).getUsername())
+                .withExpiresAt(new Date(System.currentTimeMillis() + SecurityConstants.EXPIRATION_TIME))
+                .sign(HMAC512(SecurityConstants.SECRET.getBytes()));
+        res.addHeader(SecurityConstants.HEADER_STRING, SecurityConstants.TOKEN_PREFIX + token);
+    }
+}
\ No newline at end of file
diff --git a/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationVerficationFilter.java b/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationVerficationFilter.java
new file mode 100644
index 000000000..fca6127d8
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationVerficationFilter.java
@@ -0,0 +1,66 @@
+package com.example.demo.security;
+
+import java.io.IOException;
+import java.util.ArrayList;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import com.example.demo.controllers.UserController;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.stereotype.Component;
+
+import com.auth0.jwt.JWT;
+
+import static com.auth0.jwt.algorithms.Algorithm.HMAC512;
+
+@Component
+public class JWTAuthenticationVerficationFilter extends BasicAuthenticationFilter {
+
+    private static final Logger log = LoggerFactory.getLogger(JWTAuthenticationVerficationFilter.class);
+    public JWTAuthenticationVerficationFilter(AuthenticationManager authManager) {
+        super(authManager);
+    }
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain)
+            throws IOException, ServletException {
+        String header = req.getHeader(SecurityConstants.HEADER_STRING);
+
+        if (header == null || !header.startsWith(SecurityConstants.TOKEN_PREFIX)) {
+            chain.doFilter(req, res);
+            return;
+        }
+
+        UsernamePasswordAuthenticationToken authentication = getAuthentication(req);
+
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+        chain.doFilter(req, res);
+    }
+
+    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req) {
+        String token = req.getHeader(SecurityConstants.HEADER_STRING);
+        if (token != null) {
+            String user = JWT.require(HMAC512(SecurityConstants.SECRET.getBytes())).build()
+                    .verify(token.replace(SecurityConstants.TOKEN_PREFIX, ""))
+                    .getSubject();
+            if (user != null) {
+                log.info("Login success");
+                return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
+
+            }
+            log.error("Login failed. Cannot found User name");
+            return null;
+        }
+        log.error("Add token authentication to login");
+        return null;
+    }
+
+}
\ No newline at end of file
diff --git a/starter_code/src/main/java/com/example/demo/security/SecurityConstants.java b/starter_code/src/main/java/com/example/demo/security/SecurityConstants.java
new file mode 100644
index 000000000..16db3794c
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/SecurityConstants.java
@@ -0,0 +1,10 @@
+package com.example.demo.security;
+
+public class SecurityConstants {
+
+    public static final String SECRET = "oursecretkey";
+    public static final long EXPIRATION_TIME = 864_000_000; // 10 days
+    public static final String TOKEN_PREFIX = "Bearer ";
+    public static final String HEADER_STRING = "Authorization";
+    public static final String SIGN_UP_URL = "/api/user/create";
+}
\ No newline at end of file
diff --git a/starter_code/src/main/java/com/example/demo/security/UserDetailsServiceImpl.java b/starter_code/src/main/java/com/example/demo/security/UserDetailsServiceImpl.java
new file mode 100644
index 000000000..4def95b68
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/UserDetailsServiceImpl.java
@@ -0,0 +1,28 @@
+package com.example.demo.security;
+
+import java.util.Collections;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import com.example.demo.model.persistence.User;
+import com.example.demo.model.persistence.repositories.UserRepository;
+
+@Service
+public class UserDetailsServiceImpl implements UserDetailsService {
+
+    @Autowired
+    private UserRepository userRepository;
+
+    @Override
+    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+        User user = userRepository.findByUsername(username);
+        if (user == null) {
+            throw new UsernameNotFoundException(username);
+        }
+        return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), Collections.emptyList());
+    }
+}
\ No newline at end of file
diff --git a/starter_code/src/main/java/com/example/demo/security/WebSecurityConfiguration.java b/starter_code/src/main/java/com/example/demo/security/WebSecurityConfiguration.java
new file mode 100644
index 000000000..ded486a1b
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/WebSecurityConfiguration.java
@@ -0,0 +1,48 @@
+package com.example.demo.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@EnableWebSecurity
+public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+
+    private UserDetailsServiceImpl userDetailsService;
+    private BCryptPasswordEncoder bCryptPasswordEncoder;
+
+    public WebSecurityConfiguration(UserDetailsServiceImpl userDetailsService,
+                                    BCryptPasswordEncoder bCryptPasswordEncoder) {
+        this.userDetailsService = userDetailsService;
+        this.bCryptPasswordEncoder = bCryptPasswordEncoder;
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.cors().and().csrf().disable().authorizeRequests()
+                .antMatchers(HttpMethod.POST, SecurityConstants.SIGN_UP_URL).permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .addFilter(new JWTAuthenticationFilter(authenticationManager()))
+                .addFilter(new JWTAuthenticationVerficationFilter(authenticationManager()))
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+    }
+
+    @Override
+    @Bean
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.parentAuthenticationManager(authenticationManagerBean())
+                .userDetailsService(userDetailsService)
+                .passwordEncoder(bCryptPasswordEncoder);
+    }
+}
\ No newline at end of file
diff --git a/starter_code/src/main/resources/application.properties b/starter_code/src/main/resources/application.properties
index ed303a7d4..b5ac87a65 100644
--- a/starter_code/src/main/resources/application.properties
+++ b/starter_code/src/main/resources/application.properties
@@ -3,4 +3,8 @@ spring.datasource.url=jdbc:h2:mem:bootapp;DB_CLOSE_DELAY=-1
 spring.datasource.username=sa
 spring.datasource.password=
 spring.jpa.hibernate.ddl-auto=update
-spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
\ No newline at end of file
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
+server.port=8080
+#logging.file=logs/myapp.log
+#logging.file.path=logs
+#logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss.SSS} %-5level [%thread] %logger{36} - %msg%n
\ No newline at end of file
diff --git a/starter_code/src/main/resources/logback-spring.xml b/starter_code/src/main/resources/logback-spring.xml
new file mode 100644
index 000000000..9d5ff1d0a
--- /dev/null
+++ b/starter_code/src/main/resources/logback-spring.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+    <appender name="CONSOLE" class="ch.qos.logback.core.ConsoleAppender">
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+    </appender>
+
+    <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
+        <file>logs/myapp.log</file>
+        <encoder>
+            <pattern>%d{HH:mm:ss.SSS} [%thread] %-5level %logger{36} - %msg%n</pattern>
+        </encoder>
+        <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+            <fileNamePattern>logs/myapp.%d{yyyy-MM-dd}.log</fileNamePattern>
+        </rollingPolicy>
+    </appender>
+
+    <root level="info">
+        <appender-ref ref="CONSOLE" />
+        <appender-ref ref="FILE" />
+    </root>
+
+</configuration>
\ No newline at end of file
diff --git a/starter_code/src/test/java/com/example/demo/TestUtils.java b/starter_code/src/test/java/com/example/demo/TestUtils.java
new file mode 100644
index 000000000..3cfcf8624
--- /dev/null
+++ b/starter_code/src/test/java/com/example/demo/TestUtils.java
@@ -0,0 +1,27 @@
+package com.example.demo;
+
+import java.lang.reflect.Field;
+
+public class TestUtils {
+    public static void injectObjects(Object target, String filedName, Object toInject)  {
+        boolean wasPrivate = false;
+        Field f = null;
+        try {
+            f = target.getClass().getDeclaredField(filedName);
+            if (!f.isAccessible()){
+                f.setAccessible(true);
+                wasPrivate = true;
+
+            }
+            f.set(target, toInject);
+            if (wasPrivate){
+                f.setAccessible(false);
+            }
+        } catch (NoSuchFieldException e) {
+            throw new RuntimeException(e);
+        } catch (IllegalAccessException e) {
+            throw new RuntimeException(e);
+        }
+
+    }
+}
diff --git a/starter_code/src/test/java/com/example/demo/controllers/CartControllerTest.java b/starter_code/src/test/java/com/example/demo/controllers/CartControllerTest.java
new file mode 100644
index 000000000..41e94c53f
--- /dev/null
+++ b/starter_code/src/test/java/com/example/demo/controllers/CartControllerTest.java
@@ -0,0 +1,205 @@
+package com.example.demo.controllers;
+
+import com.example.demo.TestUtils;
+import com.example.demo.model.persistence.Cart;
+import com.example.demo.model.persistence.Item;
+import com.example.demo.model.persistence.User;
+import com.example.demo.model.persistence.repositories.CartRepository;
+import com.example.demo.model.persistence.repositories.ItemRepository;
+import com.example.demo.model.persistence.repositories.UserRepository;
+import com.example.demo.model.requests.ModifyCartRequest;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.test.web.servlet.MockMvc;
+
+import java.math.BigDecimal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Mockito.*;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
+
+public class CartControllerTest {
+
+    private CartController cartController;
+    private final UserRepository userRepo = mock(UserRepository.class);
+    private final ItemRepository itemRepo = mock(ItemRepository.class);
+    private final CartRepository cartRepo = mock(CartRepository.class);
+
+    @Autowired
+    private MockMvc mockMvc;
+    @Before
+    public void setUp(){
+        cartController = new CartController();
+        TestUtils.injectObjects(cartController, "userRepository", userRepo);
+        TestUtils.injectObjects(cartController, "cartRepository", cartRepo);
+        TestUtils.injectObjects(cartController, "itemRepository", itemRepo);
+    }
+
+    @Test
+    public void addToCartSuccessTest(){
+
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        when(itemRepo.findById(1L)).thenReturn(Optional.of(item));
+
+        ModifyCartRequest modifyCartRequest = newModifyCartRequest("Username", 1, 2);
+        ResponseEntity<Cart> responseEntity = cartController.addTocart(modifyCartRequest);
+        assertNotNull(responseEntity);
+        assertEquals(200, responseEntity.getStatusCodeValue());
+
+        Cart responseCart = responseEntity.getBody();
+
+        assertNotNull(responseCart);
+
+        List<Item> items = responseCart.getItems();
+        assertNotNull(items);
+
+        verify(cartRepo, times(1)).save(responseCart);
+    }
+
+    @Test
+    public void addToCartFailedByInvalidUserNameTest(){
+
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        when(itemRepo.findById(1L)).thenReturn(Optional.of(item));
+
+        ModifyCartRequest modifyCartRequest = newModifyCartRequest("Username1", 1, 2);
+        ResponseEntity<Cart> responseEntity = cartController.addTocart(modifyCartRequest);
+        assertNotNull(responseEntity);
+        assertEquals(404, responseEntity.getStatusCodeValue());
+
+    }
+
+    @Test
+    public void addToCartFailedByInvalidItemIDTest(){
+
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        when(itemRepo.findById(1L)).thenReturn(Optional.of(item));
+
+        ModifyCartRequest modifyCartRequest = newModifyCartRequest("Username", 2, 2);
+        ResponseEntity<Cart> responseEntity = cartController.addTocart(modifyCartRequest);
+        assertNotNull(responseEntity);
+        assertEquals(404, responseEntity.getStatusCodeValue());
+
+    }
+
+    @Test
+    public void removeCartSuccessTest(){
+
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        when(itemRepo.findById(1L)).thenReturn(Optional.of(item));
+
+        ModifyCartRequest modifyCartRequest = newModifyCartRequest("Username", 1, 2);
+        ResponseEntity<Cart> responseEntity = cartController.removeFromcart(modifyCartRequest);
+        assertNotNull(responseEntity);
+        assertEquals(200, responseEntity.getStatusCodeValue());
+
+    }
+
+    @Test
+    public void removeCartFailedByUserNameTest(){
+
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        when(itemRepo.findById(1L)).thenReturn(Optional.of(item));
+
+        ModifyCartRequest modifyCartRequest = newModifyCartRequest("Username", 2, 2);
+        ResponseEntity<Cart> responseEntity = cartController.removeFromcart(modifyCartRequest);
+        assertNotNull(responseEntity);
+        assertEquals(404, responseEntity.getStatusCodeValue());
+
+    }
+
+    @Test
+    public void removeCartFailedByItemIdTest(){
+
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        when(itemRepo.findById(1L)).thenReturn(Optional.of(item));
+
+        ModifyCartRequest modifyCartRequest = newModifyCartRequest("Username2", 1, 2);
+        ResponseEntity<Cart> responseEntity = cartController.removeFromcart(modifyCartRequest);
+        assertNotNull(responseEntity);
+        assertEquals(404, responseEntity.getStatusCodeValue());
+
+    }
+    public static User createUser(){
+        User user = new User();
+        user.setId(1);
+        user.setUsername("Username");
+        user.setPassword("Password");
+
+        Cart cart = new Cart();
+        cart.setId(1L);
+        cart.setUser(null);
+        cart.setItems(new ArrayList<>());
+        cart.setTotal(BigDecimal.valueOf(0.0));
+        user.setCart(cart);
+
+        return user;
+    }
+
+    public static Item createItem(){
+        Item item = new Item();
+        item.setId(1L);
+        item.setName("New Item");
+        item.setDescription("Decription item");
+        item.setPrice(BigDecimal.valueOf(20.0));
+        return item;
+    }
+
+    public static ModifyCartRequest newModifyCartRequest(String username, long itemId, int quantity){
+        ModifyCartRequest modifyCartRequest = new ModifyCartRequest();
+        modifyCartRequest.setUsername(username);
+        modifyCartRequest.setItemId(itemId);
+        modifyCartRequest.setQuantity(quantity);
+        return modifyCartRequest;
+    }
+}
diff --git a/starter_code/src/test/java/com/example/demo/controllers/ItemControllerTest.java b/starter_code/src/test/java/com/example/demo/controllers/ItemControllerTest.java
new file mode 100644
index 000000000..d63ab171a
--- /dev/null
+++ b/starter_code/src/test/java/com/example/demo/controllers/ItemControllerTest.java
@@ -0,0 +1,95 @@
+package com.example.demo.controllers;
+
+import com.example.demo.TestUtils;
+import com.example.demo.model.persistence.Item;
+import com.example.demo.model.persistence.repositories.ItemRepository;
+import com.example.demo.model.persistence.repositories.UserRepository;
+import org.assertj.core.util.Lists;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+
+import java.util.List;
+import java.util.Optional;
+
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+public class ItemControllerTest {
+    private ItemController itemController;
+    private final UserRepository userRepo = mock(UserRepository.class);
+
+    private final ItemRepository itemRepo = mock(ItemRepository.class);
+
+    @Before
+    public void setup() {
+        itemController = new ItemController();
+        TestUtils.injectObjects(itemController, "itemRepository", itemRepo);
+    }
+    @Test
+    public void findItemByIdSuccessTest() {
+        Item item1 = newItem(1L, "item_test");
+        when(itemRepo.findById(1L)).thenReturn(Optional.of(item1));
+        ResponseEntity<Item> responseEntity = itemController.getItemById(1L);
+
+        Item item = responseEntity.getBody();
+
+        assertEquals(responseEntity.getStatusCodeValue(), HttpStatus.OK.value());
+        assertNotNull(item);
+        assertEquals(item.getId().longValue(), 1L);
+    }
+
+    @Test
+    public void findItemByIdFailedTest() {
+        Item item1 = newItem(1L, "item_test");
+        when(itemRepo.findById(1L)).thenReturn(Optional.of(item1));
+        ResponseEntity<Item> responseEntity = itemController.getItemById(2L);
+
+        assertEquals(responseEntity.getStatusCodeValue(), HttpStatus.NOT_FOUND.value());
+    }
+    @Test
+    public void findItemByNameSuccessTest() {
+        Item item1 = newItem(1L, "item_test_1");
+        Item item2 = newItem(1L, "item_test_2");
+        Item item3 = newItem(1L, "item_test_2");
+        when(itemRepo.findByName("item_test_2")).thenReturn(Lists.list(item2, item3));
+        ResponseEntity<List<Item>> responseEntity = itemController.getItemsByName("item_test_2");
+
+
+        List<Item> items = responseEntity.getBody();
+
+        assertEquals(responseEntity.getStatusCodeValue(), HttpStatus.OK.value());
+        assertNotNull(items);
+        assertEquals(items.size(), 2);
+    }
+
+    @Test
+    public void findItemByNameFailedTest() {
+        Item item1 = newItem(1L, "item_test_1");
+        Item item2 = newItem(1L, "item_test_2");
+        Item item3 = newItem(1L, "item_test_2");
+        when(itemRepo.findByName("item_test_2")).thenReturn(Lists.list(item2, item3));
+        ResponseEntity<List<Item>> responseEntity = itemController.getItemsByName("item_test_3");
+
+        assertEquals(responseEntity.getStatusCodeValue(), HttpStatus.NOT_FOUND.value());
+    }
+
+    @Test
+    public void findAllItemsTest() {
+        Item item1 = newItem(1L, "item_test_1");
+        Item item2 = newItem(1L, "item_test_2");
+        Item item3 = newItem(1L, "item_test_2");
+        when(itemRepo.findAll()).thenReturn(Lists.list(item1, item2, item3));
+        ResponseEntity<List<Item>> responseEntity = itemController.getItems();
+
+        assertEquals(responseEntity.getStatusCodeValue(), 200);
+    }
+    private static Item newItem(long id, String name) {
+        Item item = new Item();
+        item.setId(id);
+        item.setName(name);
+        return item;
+    }
+}
diff --git a/starter_code/src/test/java/com/example/demo/controllers/OrderControllerTest.java b/starter_code/src/test/java/com/example/demo/controllers/OrderControllerTest.java
new file mode 100644
index 000000000..2e72bace3
--- /dev/null
+++ b/starter_code/src/test/java/com/example/demo/controllers/OrderControllerTest.java
@@ -0,0 +1,126 @@
+package com.example.demo.controllers;
+
+import com.example.demo.TestUtils;
+import com.example.demo.model.persistence.Cart;
+import com.example.demo.model.persistence.Item;
+import com.example.demo.model.persistence.User;
+import com.example.demo.model.persistence.UserOrder;
+import com.example.demo.model.persistence.repositories.ItemRepository;
+import com.example.demo.model.persistence.repositories.OrderRepository;
+import com.example.demo.model.persistence.repositories.UserRepository;
+import org.assertj.core.util.Lists;
+import org.junit.Before;
+import org.junit.Test;
+import org.springframework.http.ResponseEntity;
+
+import java.math.BigDecimal;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Optional;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class OrderControllerTest {
+    private OrderController orderController;
+    private final UserRepository userRepo = mock(UserRepository.class);
+    private final OrderRepository orderRepo = mock(OrderRepository.class);;
+
+    @Before
+    public void setup() {
+        orderController = new OrderController();
+        TestUtils.injectObjects(orderController, "userRepository", userRepo);
+        TestUtils.injectObjects(orderController, "orderRepository", orderRepo);
+    }
+
+    @Test
+    public void submitSuccessTest() {
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        ResponseEntity<UserOrder> response = orderController.submit("Username");
+        UserOrder userOrder = response.getBody();
+        assertNotNull(userOrder);
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void submitFailedTest() {
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        ResponseEntity<UserOrder> response = orderController.submit("Username2");
+        assertEquals(404, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void getOrdersForUserSuccessTest() {
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        when(orderRepo.findByUser(user)).thenReturn(getUserOrders());
+        ResponseEntity<List<UserOrder>> response = orderController.getOrdersForUser("Username");
+        assertEquals(200, response.getStatusCodeValue());
+    }
+
+    @Test
+    public void getOrdersForUserFailedTest() {
+        User user = createUser();
+        Item item = createItem();
+        Cart cart = user.getCart();
+        cart.addItem(item);
+        cart.setUser(user);
+        user.setCart(cart);
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        when(orderRepo.findByUser(user)).thenReturn(getUserOrders());
+        ResponseEntity<List<UserOrder>> response = orderController.getOrdersForUser("Username2");
+        assertEquals(404, response.getStatusCodeValue());
+    }
+    public static User createUser(){
+        User user = new User();
+        user.setId(1);
+        user.setUsername("Username");
+        user.setPassword("Password");
+
+        Cart cart = new Cart();
+        cart.setId(1L);
+        cart.setUser(null);
+        cart.setItems(new ArrayList<>());
+        cart.setTotal(BigDecimal.valueOf(0.0));
+        user.setCart(cart);
+
+        return user;
+    }
+
+    public static Item createItem(){
+        Item item = new Item();
+        item.setId(1L);
+        item.setName("New Item");
+        item.setDescription("Decription item");
+        item.setPrice(BigDecimal.valueOf(20.0));
+        return item;
+    }
+
+    private static List<UserOrder> getUserOrders() {
+        UserOrder userOrder = UserOrder.createFromCart(createUser().getCart());
+        return Lists.list(userOrder);
+    }
+}
diff --git a/starter_code/src/test/java/com/example/demo/controllers/UserControllerTest.java b/starter_code/src/test/java/com/example/demo/controllers/UserControllerTest.java
new file mode 100644
index 000000000..d9db2c76c
--- /dev/null
+++ b/starter_code/src/test/java/com/example/demo/controllers/UserControllerTest.java
@@ -0,0 +1,102 @@
+package com.example.demo.controllers;
+
+import com.example.demo.TestUtils;
+import com.example.demo.model.persistence.User;
+import com.example.demo.model.persistence.repositories.CartRepository;
+import com.example.demo.model.persistence.repositories.UserRepository;
+import com.example.demo.model.requests.CreateUserRequest;
+import org.junit.Before;
+import org.junit.Test;
+import org.mockito.configuration.IMockitoConfiguration;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+import java.util.Optional;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;
+
+public class UserControllerTest {
+    private UserController userController;
+    private UserRepository userRepo = mock(UserRepository.class);
+    private CartRepository cartRepo = mock(CartRepository.class);
+
+    private BCryptPasswordEncoder encoder = mock(BCryptPasswordEncoder.class);
+
+    @Before
+    public void setUp(){
+        userController = new UserController();
+        TestUtils.injectObjects(userController, "userRepository", userRepo);
+        TestUtils.injectObjects(userController, "cartRepository", cartRepo);
+        TestUtils.injectObjects(userController, "bCryptPasswordEncoder", encoder);
+    }
+
+    @Test
+    public void creatUserSuccess(){
+        when(encoder.encode("testductt16")).thenReturn("password1");
+        CreateUserRequest createUserRequest = new CreateUserRequest();
+        createUserRequest.setUsername("ductt18");
+        createUserRequest.setPassword("testductt16");
+        createUserRequest.setConfirmPassword("testductt16");
+        ResponseEntity<User> response = userController.createUser(createUserRequest);
+        assertNotNull(response);
+        assertEquals(200,response.getStatusCodeValue());
+        User u = response.getBody();
+        assertEquals("ductt18", u.getUsername());
+        assertEquals("password1", u.getPassword());
+    }
+
+    @Test
+    public void creatUserFailed(){
+        when(encoder.encode("testductt16")).thenReturn("password1");
+        CreateUserRequest createUserRequest = new CreateUserRequest();
+        createUserRequest.setUsername("ductt18");
+        createUserRequest.setPassword("testdu");
+        createUserRequest.setConfirmPassword("testdu");
+        ResponseEntity<User> response = userController.createUser(createUserRequest);
+        assertNotNull(response);
+        assertEquals(400,response.getStatusCodeValue());
+    }
+
+    @Test
+    public void findByIdTest(){
+        User user = createUser();
+
+        when(userRepo.findById(1L)).thenReturn(Optional.of(user));
+        ResponseEntity<User> response = userController.findById(1L);
+
+        assertNotNull(response);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertEquals(user, response.getBody());
+    }
+
+    @Test
+    public void findByUsernameTest(){
+        User user = createUser();
+
+        when(userRepo.findByUsername("Username")).thenReturn(user);
+        ResponseEntity<User> response = userController.findByUserName("Username");
+
+        assertNotNull(response);
+        assertEquals(HttpStatus.OK, response.getStatusCode());
+        assertEquals(user, response.getBody());
+        assertEquals(1L, user.getId());
+        assertEquals("Username", user.getUsername());
+        assertEquals("Password", user.getPassword());
+    }
+
+
+    public static User createUser(){
+        User user = new User();
+
+        user.setId(1);
+        user.setUsername("Username");
+        user.setPassword("Password");
+
+        return user;
+    }
+
+}
diff --git a/starter_code/target/classes/application.properties b/starter_code/target/classes/application.properties
index ed303a7d4..b5ac87a65 100644
--- a/starter_code/target/classes/application.properties
+++ b/starter_code/target/classes/application.properties
@@ -3,4 +3,8 @@ spring.datasource.url=jdbc:h2:mem:bootapp;DB_CLOSE_DELAY=-1
 spring.datasource.username=sa
 spring.datasource.password=
 spring.jpa.hibernate.ddl-auto=update
-spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
\ No newline at end of file
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
+server.port=8080
+#logging.file=logs/myapp.log
+#logging.file.path=logs
+#logging.pattern.console=%d{yyyy-MM-dd HH:mm:ss.SSS} %-5level [%thread] %logger{36} - %msg%n
\ No newline at end of file
diff --git a/starter_code/target/classes/com/example/demo/SareetaApplication.class b/starter_code/target/classes/com/example/demo/SareetaApplication.class
index 388a4f339063ea1af126a63fc5041daef0059d39..23573150ef72964b45863249c089896d7fd46561 100644
GIT binary patch
delta 619
zcmb7>$x6de6o&tkTGPf_Yi*t9p|%AHis(Xd9+nD%A}%CNqeMy~N$P-t8(*O01@sLR
z7m9)p;9H1K-~%Y0Tc<AEc;TM&pPQ5Kzr&0Cs!Tt<-#-EvM^=G^fQ+gLf~Y3M_Ot^{
zEoj!Rx{}*7bdOLyX<DW?MF^xb>oP)w8UKP3qpqPB9n(8jb?12Bv(;QVt8??BT-99n
z(01~RmTu<_M}aI{YWxK$6;n`)sEoP@VyGu%nbzW8N~fjFc3U#{*YAXdbjBwsIrJaX
ziPBpq4f)SfM^v*c+tWPLw$wR8E1jRvlEB>zQ<Q26vT>vrig|;u#>?rm9~akf4hn{+
zu6><#w&>aOwzXsK7M(I~0zD8{C`JGzE|FuLE0r^G4rXsb*DNG7a1@_`C=whapAAT&
zkt;$Inz<{EGhl>;Xbe3--n>QlighI*UI7Sw0b006;9EI|(T4Ui3>f=n#g*(GA{)P(
z`P_LUKTcC6Zy6ovWJnj!AaNnQyUVc$!X?FL?PaIFEs%?T4E*R623e<hT}S2vWfOIJ

delta 307
zcmYL@Jx;?w5QV>4<E&W>G2x$tgd`LsjT=OTXep5>pa2OOgis=sh6qXyK!x0J4U__u
zf&<WU1Wv#O5VHosO8ef-ym@c;(|y>^+t>IN*rMf_VAWD})L66Bh0;!M&>QXw!Di<$
zKakV>#N6hIsg2&vhD0$TC83?)OS@`m#H`a4l74oRrB~VDGTlGxUz`sg#*cS2F`Dm>
zLA+7XYL_aDa@c)Fo(efq^fF8_sTlt(;Iv04G1D62&D%v7L>1G0AvpT?J5^vtx5_?a
n?>8jUQCWpVZz$UM@5~lhVNSVDz`VY<aEx5D$kJcE%nE!1B7z|Y

diff --git a/starter_code/target/classes/com/example/demo/controllers/CartController.class b/starter_code/target/classes/com/example/demo/controllers/CartController.class
index 2626d1e2ea899025de6723adee2cec8c383b9f44..12558e67ffe57dde0d460b5224e6f7fe1f05e227 100644
GIT binary patch
delta 1724
zcmd5+TXR!Y6#n)}n%$i2TpFMyK#^K|Z%J#VDnh|hYg2(z#3EGGLlbJ+kklpxD@swk
zqNs5zV!hS-T?)m}_Ca}b#uxbqKKSC3_~0X>ekWzdX`OL=a-7UQd#|<jTKiky{&sSe
zxyp|3f1mpXz>SzQVZb5bR49N;ATVehvcd@~IS}sNKN#!J2)H)HlkrTefTOym*NsBB
zB}@eml#a{B?8%)06F&GQ0t!V43N&RWOLW+|LYEd+1Uy)ZWfH{-C0H)dnw@Ob#|wJ`
zZmhsciB$@vSS?Vlo7^G&YhkO`#2S=IT&qxy>-1XpI(^K&k7X)RB~h(VgIa-RZm-gp
z+)6JoTTB~Ny+Q-l>JwsDjSZ(!p$XRuxCdgHNG5hL63yf9GI0aeNwg^Tev|Gqn^<{0
zZjsoaun}yM02}qUW_!Dd&A3&fO<@b#1%i2EMl<n5xO+GgPbIActH;wjMq=q$k~EQ>
zy(T(vyF{l#1YH7E*~xN!NxF22r=`wDwN+sowhMTOs%O+nX5yK#d}hRh9q5tRsc<KD
zY0J}T26;cd3cGQ)p7RWu_J+L*eYi(gsKz3@<$D$G!~FujerqJ7v!YcW5q|cwAN>+h
zg%}Q8?dOQ_=~JpPXmk63LL7qvMruf4qn=dD^iQhVAA~@!-Sa_(BvLxyEp<seINwB(
zO`(Z2G7_T-hj3Uocn>VKJ!1+F<FJ6VqEUNS_QyTbm&G4q`ZvdELtl0k`#v=B5k8jq
zMB!6>rq6hr^)KEZIs*7Yz*!xs>GiwtmC1h2D7=LUT4!zRoWkpv5Kxh1GB&a$VWrct
zG^uM#MaSAk<B4c&L?Wjz`l>148U3@bY@Ax%no13g4x@|(3=-(zmqKN4M`*b?Kf>9t
zdHb7>@>%37pv_mo@1x8La~7NnYA-;X&6hdKuN?-KW1PSIN!)>Bc#KYg$8nq%vxT2n
z3g}DKo`<Z<!8?m32Da6I2md*QW^m0cDg>q&tz$GigXUS>Y+!ps4x1(x?y1k=w)IX2
zx7{&=?vS%#4tD{wSh>dl^Y?|Ev#<>84moEqFvT;SII2T|=5Yd~{PQTTA|xI>fhUR7
z2MbT(X>t>$2%f>S#M_A~oWOI;f1a5(i}SIQjJ-gQ55^U&mgu;Ga>=Y0=_?Q{2)x8$
zAe*P%$HbR8#&sV=8n5702Bl5rDJ}$F`;SOkGi0;$Pb3W%{a;8ry?`YC!}2YVDqDwL
zB-X)M)lvb8ix|#fWU(AK+hXKn&+p6MAx++(eXq7$72d#`Fj$u_Zb4mJ#D5ijXmR22
zzbj11yv<__ypvZzkgG}B@A9a55xj@@X&2M~0YQF_FFEq7RhZ&(nn63Ml0BSvx$!kF
I@ajT;0-l>TSO5S3

delta 1737
zcmd5-Nq1C56#nY<>sQI^N>5~<C4t09CK5X_K_f$eATf=E1k{iK0uB8LoiyFC`!yJ+
z#sP3b4dsA<;w&mkAlRg{@VN6F7Y@g@(=TA*%5yj#Z*{Xtbm7Y5;?=FX-@RYmy7kq0
z*}809=9@ofzXZ^MSrdz}xfnO0-^2j6xUd!X7UMqLZ(<PJTo}TzLboe)hl!ndz=d7d
zZQ@SsG0};z0`|JF4-r2xM%8RoWsJEH!$HLo_k$s-GR8R`G?B!Dlp1Z0G{+$ZcRFPy
z<u0R3#+jR~ltV?sa@g3)35nX)!8~%t;qfpStD^C!-NoQ&XdIlrSj04g<1oiV(^KXt
zEhBIXmI_p&iep0HVLZa|sK8@*oP)q4c!J|efv0ec<G8>xcvj$M)CxR@=Q&;wIDr>A
zUJ`g2lL99p1zy3c0<Yn9j#C0};537`JCU$cb}~HPXW0i5k(9^4886OyjC#B&@D|Pq
zyp4ARs!_x7uE2YEU*H3LNO2ztoX5xVXI|$E(aAVI5%?4r1U|!s$(~l9cQkw`9E^qI
zBf<W?qt-rKh01HXQSQ$pX*(JV_K(}qL_8d0Xp_J3ipgthq)%_B-tBfU)XE=RrSgR4
zIjMEXb=vYJuI@x+qB|XpMXV%)2*u-8a(yhEN?9p}oelDPR~d!($X~UXpP_ifvQ=fF
zNWRA#<&TawVn3{)Xlfv7rL4G}hqlY#_0CcT7iDZohvRnCp2!0sIq2;5nfM$R8T5uw
z<Df}$n3Ct6W3tL<&DVO?aLYf8)*=QiF~+c3?$OKS0B>-r&`a_-ucCwRuVmoiNTkrI
z%L3EL3iM)wz+KoNV<qi^V}?YrDUldUkIQo<-;o+}3`^xtB^B~pw_E<=uF0T=I2VyN
z9nh3CNQ{eVWsqG$R#W%%Hy^2Dp3g~ZQWuSNloce)$U2*@f?dkf)YGU)frV(GQ4|6)
zXhah&8J3|LPL<6(REv{*iKZ*imSy3{LD$gN{53q6;hcey1Bri%&>}*MXJF>w(y+ND
z3vqgGOmh|`D|82ixo6-B=q<DG0y+3JP`W>$`*T>JVOv0-LFp9jsiR&7yzLoPVn?Bh
z8x>MLXu+*isT*NBVJr0}h_z_LZB%bB>d{UaI+jzWI$Qy}ov=H|<A!z}i#a;4qn6WK
zUqL=6BSK&$eHvEf+wP{s)%0b$c7Ua@hWMcl%dn0n4Bh`xld8++bm<?OH0t}mG->^u
zCV5RIe`=M|;YMn#gRE#G1(bh<iYyk+m*d*J9IFd)`8%Wpx<PfXO0EJuxEmVr(%YKD
zo0&r#m`@!1cf=%_5N)GTvFhRZX?73UO|(@(1bsMq!#_m7i>HlZT)|a*fj}iJ0?H|2
PKUF`11N0SU35@&&X!IlT

diff --git a/starter_code/target/classes/com/example/demo/controllers/ItemController.class b/starter_code/target/classes/com/example/demo/controllers/ItemController.class
index 52ac532e6aed39ad1f16ac7462a25d8f053b5955..f51dff391747b087490db5e38265dfa3500af908 100644
GIT binary patch
delta 885
zcmZuvO-~b16g_V`?Q5s67108IRKX7@P%UT$R6c}40V$%WsNljXjTur)!xR%&{Q<6U
zVvLC!S8g?!04`h+7q0vp?p-SJ%ydF(;$rT7_ug~QJ@;mIW4p2J_q{J)0rcac0S!J0
zUBQolK*LJ@c|KLlm!78P9<LOhR0INpX34A!3-}V93n2s%k}wp)Q1&l>&&K$CB#bBy
zNHi!MM5A2}JZdm-7%_<^g=Vw}bl9W84*N%7!f>ER6^`M!9g}^AgFB&c60P=(oOG+F
z6i(xe{Ys`YVYH(|BB9WUE`g}4ZM|X^Q#sS3GHF^9&&rh-uCzsmE2(e}=LLeL)k=1C
zy|iqL;1KoopjYC8!bPO*;ozt)(4DZ~>zx~~7dQ6GoA1O=ZS$qxE2;u&x>PExWr}&r
zDp(vkRmd+F)~vC0vq+CN9zf&i1T9ZMe~D3mzK>p~=N)PL8Kvk2y}xS<;u9Yl256l!
zc&f{^4gmqUf~)kRib15|bG!S!?nu{X$Q?ukwsGhqQS~e>bu1B&Wyr-0?+Y7om~joG
zoa4wEBZIR-)FJNP!4ZwjahJJTCot|(H`SmXHJjL;A>B9${DJ{cn>XRki?TGrFS`U`
zVG>iUOXmvHd<a~}j3?p^d40?!JP~agW|QCApprW{EAST4ZBScE-~(jR+g!(h{U_91
zbuQOhYu^`^Kn}AU5k?$0Fh}~EL^=1ZWo|Ju&rAfq-)NC&H!_lcjJHRQmD(P+|Fg%P
jfA{G1;V$tS7F=v2U-uZ_=d9Y^53tDCVBEtIOM%c|r$%vV

delta 923
zcmZuwO-~b16g_XI?W65$LB0_X5S7x_78FqdQCrK0f`B3lxGB<@l3EN?OiWDr8^|n-
zzrc+PjV4k}ToD&;{RJ-Fx%VTUH&Y237xV5tckVs+-1}zsn)aGfpMJgj0AL7r15h~c
zM-U@HjAAT+L0r(@xb`k;?@|y0xU69+h%~N9WF#hbN{jXrb2;Q2%NO&daRD>Zzhr+l
zx9oW{@jB!AYWO53C8k~{<e(T;ID~qI5W*7E3RiJWVFt4b*D<Fsj|GJrxT&y+TMA29
zmRM0(MVmm(R-Ra&K;1_6Q8rn~7VjtL);4nYN&;agv|Y*<k~4XWfj;|-Y_t<bgDEg>
zmu2tHi*~zNblC-wvEPef`@5L5XN)1rm3b@k;9=>pBYZ`mrnp&}*xW9zlXfbXUC(V<
zsqK7$RzOV`i@B|IA!}JVOJKxaFr)T2qmEsM|8yj-Eem+pbP;;EP{joc7<y*fS|T59
z9j%9!>)_cyl%y53-soG1S9A<C^3=&-S`$y@CZHKDL;|g7gXt8XCDM7J=o=X23Mgq8
zo|lXqWNAIX5~{Ksc5>SHg>^X0oj3xo!<-_6!B|)`$13m|WcK~b-03hkyP4%GHH*-N
zZVKxmfmaX!Zoi{WKfRC+KE10D7LMUK-%CBn2|Bz+M5-d5lGtP{QWYT$%*H=L#Ve>0
zc!uyU{1pTQo<qiW{qE!*G}=G?EoHsAZnu12SOoouvPBS`h#^k;lg!flbt4Hzl8l64
z{y?k5Kp-vo<yYtE=Nos9Q~#Oc^xty~n*6`?J)CiJ>*);>>l<_DK8HKR0pc`U-1hl@
E0~W$}LjV8(

diff --git a/starter_code/target/classes/com/example/demo/controllers/OrderController.class b/starter_code/target/classes/com/example/demo/controllers/OrderController.class
index e8501d29914cfb4992ea75b6a723bee39b1484d1..be02675eb9fd65d22516dd68c2e263488f6753d2 100644
GIT binary patch
literal 3607
zcmbtWYgZFj6x}yG62b@+pH$mMstAaTwusaq3RKh<)PiEIeNB>^Fff^k^8l??|B`*I
z7W~k!U8}#TtE>A?U`R+xr!{L$X6~Ii=j?r6_x$nK>)!xe!pk%gXi1_~LmS!!dRC2f
zL$?gOq~FP{%DgYoK55#fKPAvIIJDe>6grYfYv_a~Fp_u5x_n}kE0)v?vh3)2$M#*v
zvZU+jcie(>XQK^)uE3M-qO3Tc={xRIfot;(3d&AFT6%@@rsqpLFLifEz?7bTzfME8
z6J6*|qDRA9=oOfHGj&8*H0{F7Q)R_A%2MFU;QX#jmVDQ=OWC0~sFjMWa@QdZhjE1N
zvz(GZ@4Vxdbk8b|t?Khmsl<;`I3{o*bXLZdj|1uX8K;;j8m1)+qnR0*H|VzvFE?X5
zenvi_XS_@&-p27HPH1=s?=o_G^$N5}*L7Th!_7D>r;)+QB>FYHk5d9?Livg!SaeB!
z!*SR272mJui_)t&wkNOKzUeb)DT0`D0=pn^d2p!8=ilW{-INB?!J7$8i+4tD0B4dI
z)G&l$f$^B;_oyMsoKh%oHa--3d_>?xgU6pe&v-#TFFh}l#whe8&TF`U59pj2d8Gm_
z&{>kcda7p6A%bd19~HPU4Hq#k&}!O6hx(gDs7A0_irFE?Y!nk3KEh>zBrVMvE-O?~
zj{#79oK0gASCW|0a23~@6>wwyDLSFASRQ#-8or!!opROm!@<~=V_}SJg{3p2VHO_?
zbUUh()HaUkIA-e_N627T1@mtXH<Gxi;TAp-xEjNO`{`pSJ!72>W1u#aJArGArK-Mp
z4GXv}kZ{)aG@3{*W>ti2?rQi9ivsE09wv~D6(HqywzV)-1K+gtdA1nl%01jqVp+oj
zd@gWwZ-<#P^3^up!Bng^GlA2!{AVr0^Qd^QWLBVWF<?I_%VpCubC#U8*;NeRWTO$7
zXxdbA(y%?fST(8}k$^rO_|Asu$^zAPnZ7LVhWY;-F}Lb8P-p8b&m?ByylKnZK{+Sg
zdj=tg%{*^d%Z6*J_4a0~zhaWZXk&)%b2idSyBFljCd;|`krOu)*q?)_|Mb=*-uB@|
zI_kYZ?0O`&wy*%3lG>+VQ1HN#Z{*h&jLNoidKRR=;uP*0>WJ}q90+tQnI+rs1D6gh
z*CtPN+Qy_l+34~8z)ca}#ioh2A#-|;b3kp5-E};lG%D)+r$5#WD^LlbSA(WM+wu8x
zf&Ti;j=0vP_;`HFhQG3tVl>^uS_^xbH|MyjZUtVxnb+#8{y%$B`Ee{Zn;WvmjR$p>
zifSQs{!2~ft?iLBz2pRLUe0k65;zpn-km2$74Uy*7R_SFLB`(|C+y~ZrnzW1m+fXi
zS~n`DzFijDE!*a#tD2o;Mt9YZIylKGFu`%Vl?OjZK|Uqa_zZ!Ed~WCci*S!;UBliZ
ze7R?@m21xG{QrtlI`4w_w&7nPehAfk&42Y8=)*VsSBCfjzJ<ZNKn{7Xl<;e`5EO88
z_-7=~Zs9-z3nRbd$d5SKdvptZ32frMEu0p3rMAwF{DN~^_^<_hxU`AvZOTn^=XwGU
z&TZn;SJc%4Wxt=4fit8zh;B}JeHiB62+rdiCOE{*61c)PT(!TAjYv>{B*so$K@lZ7
zY63l2fl0lq{5}QoC;F4ru*OxJ;OBtFD}i$8%`OVtyqrf69x8aucS+?Umk$D7#Qg<D
zTDUh*&s~ccD{doOxTBm<!>l(%JVt~U$!r|Qh)^-fRJBD+1|lZMx0yuvk2S^bNBDyX
z|9U<C6gHy3pX5jC*U_8W#L`bVsDdv-=U0P&oPeHiFM+3_=3YL1$Mv&F`}cUxb(-q|
J!hg};@i$6EANv3R

delta 906
zcmaiz%TE(g6vn?h)Ap9>r7idXd1!f+Ql^wD3IbLIK@b5^1QB0V8v`LVX+d{3?p;Xk
z!o<CaJ0%dMUAS;#!oT3cf5aHS8B7yQjG4?m_ndpq`Ofc7=1tRH-OS#v@)rPocwnI#
zXR4skAHV?4S{TGo0K+(Ep&e-p=W)R~y%@j<MxE13&TdR%T;j4oaHEjT>mR=KW;vu^
z`j+$u&wNP0H@uQtSx*a?v95(}TTTg6Vq*KbKWgar*1K_q!#JW4L`Y&%;R>cCt}0C9
zn#7#Kb=**x$4!X^g+<&_sKp_PC578qR=9(^3ioh-b39cOUd=qqB-b*zC&}4|tJz2E
zy2rFdTBpo59hTLb<)E$;bGpXpZw*dlGmo?R!pO$T8m)ku%;mEA(X~vWkSz!d#`Ko#
z(q$tghV*OWss3sXm;yF?b?THSufyKFe&rq0-@Q{swD4A{d4~ocazG$V&qrJ1Mmh0c
zF_S*AxgKRkl2*`q<DVh6+>$!3P6IHZo~znVz%ew?6KF&eyl(N^B2_&M_QrQ$beCWn
zn6|$`?ZQ)nSKy=l3BFy(8J_zSB~%$$Ozgt?$Ql!lPy?laRs_(->Dwt7MFgGbM$8qD
z@Av;BP9-$sIEM(J11C_7aDWJrTiC*63&0QY6ZMj<I_PnRW|}BpgI%4w39>rIw`&=q
zfH;)^>0E-%jX<J8_ktxRW6^)X#dnJE+a&}H9AK(-XHIa&9x^4#k#bog`|T<$(F#i=
wSsaxA0Q6J<oX<vpQ4;hXBrqxFz@Bt-Yq>i`zpny(8ng5*`osK<W_(q@0WkP<nE(I)

diff --git a/starter_code/target/classes/com/example/demo/controllers/UserController.class b/starter_code/target/classes/com/example/demo/controllers/UserController.class
index 04bb6840f352f1ee645155ad4749c1ace1535f4f..bbabfb72753c4d239a9d5085865d7b5dfa7ff62f 100644
GIT binary patch
literal 4708
zcmcIo`E%S>9sj)bq4ipE9k)%>P{<}tTRXNRO3r4}9Ns2vsGS76aY+jWt@iC&j#k=A
z+N36gLZF3~`|icja+I4Mj2qJ#er1Ng2^c<4+C#S2MG3>s>`Hoi-_Q3x-u~m?fBhSP
zgLpTG40<&5>gYqi!0@7Z$uu0(tr}-bi_!`O`j6PI9Uc|v86BG+Ko$cUaykZ~3yfP{
z&5+NSwYnpXvaETA<+-8nIga!L<9s0fV*6QOsKJF<S@!}v^!z1(<J0TtYhGD8MxEq#
z5K7mQhTkHvWenLtC=6l<w`dsFu^A%*NB=iCfo#Qg%Tr6I%L1dL(`#)}7>k!0q3sxF
z>!Izrrc=n_Hr%dZi;g?6Rp36)uNpz!x7}*RH*4~;=U+4y!mw`4%AoGKfjsGkc1Z0r
zUPa(olg(<(vFVg3kp;Ht_z>=*ePijB*<ErLcrdBMT&QHC4k?VJAR@&+qGLPqG>q$o
zr@V$s!yFz>E#0n1q*<mbry91yD}~*OyEW|6aS!elIFM4wH828wB?ZXvOD{^K&8Uts
z>{gb)xW+hfu+umxMJi~Rps!P!GKX>W<Y3^V8t&KeG3*t%e*;=yKHZQ(7#KxgnxRyl
zn2nbN2CFjcc=tAH-wDyCdljqwIu76<w+G4Xw|5JMc?}Pw)1zqmVGf7Tqe{RL9S?#f
zVaVcYCm(MnqZMukfgy4nCp1jyDB_`;$mrE@0=<EGiJ5S3Qu(&CJJxG1DeIlm@h~0{
z&}cn{CNMFYCTG;%!q~iW^T%~Os(h^cb<PX|)_`&jGdQE+td4W|#HvCYdya+Hk#03y
zhzjj#1v97PF$FV17}n8>?bniM^Ew{KCrQWfFr7ePm4{nOKB4^egpMciDIz;wm3VQK
zJC%Kl#<W+hGBdMyitBO6<r|E-e8sdKSsuh^VQMJpuvA11N9mCuWG+hI_k2|ZrH%>+
zpDUT=cE}z~pQ5{_yz)|~RM@IiEDG#RnUYCzrL&`>2A5VT75$}p+YcvQi!H_%nChDA
zfwUSv%d=rABF`vAS7WLh25U+kPiydX1Yn#T?<VPu04iTb;zcpniO%AJ>CdSmz<$_j
zLQ#)SB>g2Fms?5SiW1cxPh{~qfgMTLs^*ZlgZ$zAm8<!nVOcT=^2*bn*KrkJVA9xb
z#ba4WCQXx7qT;k7j3NI;d`ZJK9bd**1nyWHB&SR(?)L)><T&62?n#0d9cD?Z`X<7w
zAaLhwgZ;85=k35QIr4<dPGqXq%YZ-B)rBQ#x`9!NnHpxBz&Ozez00;Q%Y^MMG71E4
znYLYdrco<N|1p#BQF2(OGjIB~dTuWEh6^_NO|Gv48_zprQb_7J?M2<UTa0uW4@jM{
z+2V#129FT9G$X?WuYAr_<3-5!Dljl-S6wq~_*9^B^GuJd*Khqi7R?4nDc`=X*1s%E
zMu}5Y((n(<aK^0H)%d}JamjQVlrwACW#funzACVDwU67Ht#bB()a=fg;X=!SWSAI>
z&V0aFl-@B}RUqRDYb4>GW`;1f)O&&Sla|1yxzMyO(n!sKTSz*w37mR3xiL2m8dqBS
z&=onWJ$48@wPEAicuHwy@qeFy>6*<QZtae-ccUQu0G_nD6}9SAHjg^BzzhFZ?QYBo
z`_l)v7bKENW1muEqCk3trlnQ4r3<o0ET?(E%guQW-;$@;_yulNdEPm_?NQxmql()t
z=Xu&uLre28NJia@b$8Ne1n!iK0mH1@Mx0gpY1gG-s$oc0zM<7e49;AMDFQn<2V{8A
z?Zq}V0P!xP4z3V*j`#h%J|C@dm|eHV;bF~MAD?+j=I>WYW$-F^?c4nx#M=?f*Z8Ym
zgX~`5uVTavcoARcmEn$W@JSI*Q4l5A(C)uL8(+bu46ftWx44o)2W2!u*%I$;qL2pP
z#J7m{ZSL+9d;q=^5q>w)YKX7C$M5%_gb45h{E+W7CF+lOBk*Iq)RZA0ZV%VCH)Xgp
zgPDoHW9T|Qyn-D9Z$g{6j{B5QJ&{oAzXD*A7TgmFmXFEXf^Emkc!ewmISjsv*SPy9
z+^-|^Pi)gLUevhW6#8Yph=u-X7omT)R_LGO^;l@3lV>l9uf31)3-4iaW@3C9dzP{9
zeH`NR;WJdGFu8(b89Y8Qxr~#1eR>(w!`kcEtnT@pUB>xWu;m?G82R)HKBG)uUI7R1
zw<bt^F{bdA(NKn&Siv*IQk$3fX3q+)^kB7J4qy`{+RIqmhhgl;Rvy3Z=ASF0JTC3W
z19bLbOrwDFJT#RVX&#Po&N?31aCfXt+lJTh27W;sa%yYZa4Qz^OZ<v@H?8?EOwpPe
z4vn;|`9|BCziwOeO@hQB@SBb`f6I+o{H`6tJGe=G21c^i@$9>}pyF60BJeJ<{XN$*
i_(Oy|!n;56`A=>1KSKqGTHi_czTH0no7Z>x2mS-j4{?G3

delta 1137
zcmZuvOHUI~7(I7p%Jgw*D`G`?KZHVyErJLIk%zpLhoAx#6$=zBmKHlL2^$;ZFTlHT
zr_qIRV@xneCAu|n?baO&e}ovnnHDg_OlIbM?{mI;_iA=a(%=7l{tBQ4>sAzE(1Mc~
zvSAq4thk8lIvUZ@s10Kn*U=3X6INI-XvHLM>gbk=+g9Xfi>GXu#*FR`>culE?x>h$
zu&1<eVluoI*CNSyVuPW3WFfxl6LX4pGvg5N%t0}vOgb3yIwP@2vWr1>*H1mSEOYZx
zB(~VQF}%poA%0o{TdytqOjdDs>!mF!377p%6Gt&hI8MQ(;vPp8?sLrH0Y?b)91B=d
zvCQ!h5sno+VyF{MrfN|kDNYqpj#b1s;#kWD>Iyi{;H-+r90_O~Nu)Lh{Dsby(0a%h
z4aJsy<MS)wg`}R|E!D{kT}HnrO8#cXE-INvJY$362b=IQm}BweKs*&A_V%H0Xfd47
zdQ*`o{TcXhEEZ1mMMIhv)))eA@ru=p_mV^DU}&Y@t>O#4`%=GnDhI`$T>H<gV)0Ay
ziz-ul7b@w{3h59fdT0k=I89a_{fi7QsX69T$flLiw^Z~vT<Nl0KB%&sFsBG$LIw2(
z;VM*<RZ6(mm;%@vK0@+jAWPVR@_`}}j=EGDU0md&%v={8)!-a;t0k|Akpa{hg=x3J
z*iNx}dK+fJG<e{ppvuV6NPyuyd^r*tHI~U&o+DwBFzWpV`wsFldc|9)-W`~AR<gm$
zYA~sVjRxxaDzfDV%+loaqlsqNXptAtOzAC@#v%RIZ-S*yrJJ9l?WaJNcI$swUpmgZ
z4edGBFQ}_R#cjK=1V6z#>h)~Hwhg|UMm{<0V<gAXn1NHmw6}2^Cv<t<3<`8RrzgAR
zGN{zZ3p1_8NsB3>)l`!NH;HH_0lLP9?63okXhQ%UB+*QHS&2my>%?WqO9$ElhuXRh
rwOyf_?1^+AY3rdxnJ$BV?0rUR0imm8_aCMYAWXKE>@nKjVxHwMMd+T|

diff --git a/starter_code/target/classes/com/example/demo/model/persistence/Cart.class b/starter_code/target/classes/com/example/demo/model/persistence/Cart.class
index 5f60d7edd4cf8cd1d6adfc5c733169e068892fd2..2d35bb5a4ac03531b089d3819d0a8d983f4f22c2 100644
GIT binary patch
literal 2977
zcmb7_YgZFT7{~t;0)ZGnK~SvHYHcN;uG(6w0pudu*l<xo6z@Ya#--U^&SvA0FVfG^
zo}+Twp3}FU(+}0t|I9Ao(xnYAGTE7VF28v$Gk^X4`=0=ApqfSkZ7C!(Xh(;@(RKM&
zS~clbt;Mx<RSpC?#%<RQCI#9?vZXF`qAP`T21k$)xKQ>SOTClMMon22<#?9kRaDK|
zP=4L62g)rgYgYQS(jIt$tO*Pjj0Z;sZ>$-+dPkLQN7i!MZchfiI4Y2A)RixgEwo^K
zg`!5eFN1y@7f9F@o+5N&j#2R3s*xDX-~>*R#152GZwfU6yJi&#n@i!8K)=B=i_^X@
zH}y^$LufmKGZ;?c^9;VgS%ID%IW5BI$O=6VjO=n9MlhFslERk)$Kwv3#yNbYWB)bJ
zJ(ACs(ilNDh0zSgaIv)j=XoB1&Z-KQe7md!PL5>bqpZDM)(5ZzE=Q#MGjV{bKK|7V
zuIaOP_{{WMrLBFN!F6q|v))(>e5vbY=wZVRY)6&sy1iCY)2_?R2e#)j=3(~V?WvD^
zB`0vs0Po$nr(EUBKvhbz)=(7ctkXrHs+<2QPfx|o4I`hwGq+I87gq%=Q%tWVYtnz`
z)U0(`{;BS{mTb~l_c>qkJ(g~;NoS{Gh-ST7!*RLUwQN^i88m!GI~T^fSx4io)UD20
zZjzRUW8BP3ceCi}kpib<1QuOY^f++4(~%n+sxrfvB+I7LlCx|<f!>1cs)dHLru?F0
z9t8RdURl;k(zo?IT1*CSY$m3qX49RlU9!@OVK;Zyo1a4m)l-SBHm`y=US&!8(oxI+
z9j0hRH?P1LtF_fmryf0qdKX7pR?Cv1oeuNt(7x^F*ts3JNvnFZe|P(un?tMW1M7ql
zyQ$qwHv=-UZL+y|xEjz=jO=d%G%e*cz~J7@vAUz|O-8&;@xwUQmQ%d7!uzAOaGJW+
zib>ntIxVHnC<$~g2kg3exe>vq!)qjTpI-JFep%hMb)|OcO1rG@%lJN=;{{`ybSS1d
zjCE!u>9W{xmJdsUPhFBD9|#D1$Jr3)H~9ZO=QkB@A%}5JC-_U~SAyfD`Mzz$d(eg{
z&Ua+^P(`MCDLc*YnL1{TKtex_(WZV~wNb5jgll|bIo{#S;=ka3`{)+Lulz`0j-%cN
z3GQ;#Mks)L_<{cdd0gbUSNT0szi@N6@}*ei`}mPkT6vQHIwBpTV;_*(ajjW_t8{qH
zSQreYBKI0CJXe8I?Sd1{G>?TCrtbYr*JGI$u|yyLV(Q+{bdyZC4qyrs5i#`|rU!T!
z!*pyv(?l%OGKz6b$M!Q#lWFDvrm)T;rhdb;f>LC5C-Ltwu%BrzhAAw>M?BJFtg;Yw
zymZ`}IULYzZKiy}9OlV({{S{!+yYOi5tdg6i|sa7BH9z&2pvA<;xjytsDCyM1Wb*R
z`V)Fa|G?1d7C!rc0lhNz8%`(ih@YuX=;h|Q)wV61XMK(8wXu)5@DZ1yatl$1k)p48
zjtl7HfzIFo&NFjYn1I_@*@ZvVEWs(fz)Nzyq9z-<@60y#3oZ!AL*QQdU)*nEa32$Q
mmAFrd`;55HiTjecuMUr!z#5?wD4QEb-y#*x6_4?nH_1OwvWYwZ

literal 2977
zcmb7`Yf}?f7{~t`a)A&5siJtHYA=SMuC=wT4N$Jy&;%j`6fc!SatuqeyUb?ez!&M~
zXlGEzcBXHg>4)m{e|DDy;!?v4&YsJ2`8}6&!ax81`8R-XP)%Y0g&y={Q4LFKD5~LM
z0?SFnQRu}AN(rnc(Sx-l9^tW?t*h-PYW6gNX9+yl5HTtm2J+kDmC$R#s_J>$s%A9|
zFE=dLFy)$2H#Tc>+Olj{xQ1=jH4J&;yZVlF>PFp_R$1z~3YD&f96XSgbc8D_YogYW
z6zZ<KYF*v?UwL{e?d^E-xw-kpQm(YFLC=?MQ-3Mw)7dp^`nD+lTDL7-H0ksOu8WRM
zG<T2AE`$)x+O>vh@i1n%(queA_zl;n>3Igkqn;I`Y6-XDNDWy(JI&*9k3#MWbEhWt
ziZpHAv@5c9G#@mbous9a5Q2iR_DZ%IDG+VcrK4fA6RWEfrOKrcn@g4~*&KM>ZHk>8
zS(#ymqh;Z^jMQcIY6q3mP2q0oGe&hzmJL(Xs1hGHEW@4D(3KutquMM3($JqbEV<Y)
zH>Fb&>;esgdAlrXYr-+qI@pZ5TL#nEQ3SK(QHWLPmVBo3=}|wyA5wMKn^ME+a3MuI
zP>}AHT`3Ajn3AnQmIUpqWN8?qdDS%^saKHM1U>qCH_{!eDTWvw=6IC`5287InPRl6
z4nGNkXq_olm5ZF;iB0WhvoTi_2PT`FC+k3!#lZdnK+{rI0Sp~2Dz9Bo*vWvmDSi^i
z%5p+fD$2En&eEx5J*24NX?0XOPf5e66_?LJLF@$ZNryM{mGs>wSL}vUmiG<S#67AB
zZ>c9Q{DGL~%jdlw!y)&~v(BnSEjC*U*O5-)3w)Wv6<kf>GzL?+h)b-s_oRB6n|2(r
zryiCBeo5g4HZ+{^PTM+OSrZ9trcj2i1S=^>Y^3lKY@X{Kbg>GI_o4NgFKuqiGPn9#
zGzx_GoR!gV_HaY`vf0rm3@)8h<?F<ypI_C(MaL*JySI+Jso@uxZ;xLn^~=!M<ZnaS
z#Z~^64e+Nfiik=nm`<*Sxjw`1S+0j9&fz?_fD8PKsHAhe?9E3!@ji6nQ?6SwEKy*p
zpR(6D|E!MBJ%NZSVsMz`p)#rzd%4FNa~$PL=U3x5mU#>94^AS;aEyDK=P<^3$``;5
z+~kVs@RW`!?<4YioAS+2<=gm*E|l^lzY%`pnX%W1v|KAzP%4Hyo`oS_DsZpR{J8E=
zDyDIvn7-!!5bXi&qpO|iZYa}Td`ll6Fm<&v-6PWv$1wSY2$-&TOyA-A5T<B5(?lrK
zJ$edZincRNlWFD{Ccn=Drqdo%7UO~0R^j&%YiF7dVe%Vsf+0=fM>e9$SCPh=HH;~?
zF0Xz38s^Bha15JjZVgk^@Y^fSb|2wRKzoq~zQbv5&R{m6{>{5Uz*L6R@6ng}3-R^0
zNW5kPb7$-wx+8eRY2-cndDyew^%hC?S4QoPy+Q9Aq=I(yQAd!VuL8$KUdtlAKI8>j
z#%+`s=ISB*sb&jKVGi@;x=&4B=)ube*mK;_@Zbcvr#_0?7lQkkxa-7yO5A6}eNNmL
c#N9YKZUjFOI)a?{!l+kdf$N_cMxHOpe=>i9I{*Lx

diff --git a/starter_code/target/classes/com/example/demo/model/persistence/Item.class b/starter_code/target/classes/com/example/demo/model/persistence/Item.class
index 5bce916c6eeaeafeeb4d27346ef5a6c46d063e44..bcd0494161065db1419d2263909e1ca74d4cadd0 100644
GIT binary patch
literal 2322
zcma)-S#KLv6vzMLC3cd@LN<~#!Chz@+ij<13D7KUnxw6ZlSU*&P=Un6zQhw|F*9S7
zd<Q-O@4!nQK!Q}_0l^EE_)LiMzjubjwkC)N-<dP#+;e_sxz~UG{mZWa-oaKMQb^~J
z(UC=uhT#MAE7Pz|ci(urcOYt^hMq;swZdf$>AB)=FY@Tkp-)FYbPd;Qo@0nZ(`nkm
zs0+t49Iq~HqbdBr3PR!5gi#5FqakJ0>Aia9zUsOA3w;>GP!7X7Ucrcl!A`Y?e8UVH
zt8}TNS0wD1j&V#-wJ*X|+YAB?qjSYJ$Lgc<JgH*})6778*)nY!j?cB(MfoihpUIqN
zbj;#44H?&T7;L1?ZaefXqDrfaIxgX|hHTTfYBZaO%p5ap7!R!dHBqx1(^jUh>$oZ%
z_SZ#F^Q~rRd9H@34_a<$IbzoetUX(-xULtPQboAP*<okx>I)h!t0<j{N5U1p8H)O@
zX}1K8@<Ax&{iFZ1XQZ8@rn0ZBt#9sBc0Sf%RAm=GH`y=$(6NmJv-U;cxrTX4XFQ?2
z<$G*vc*J1S2}G-&-Ev$>;<jwtWOivz7+BJ%e?wKv6`L(*Pxw1hD~s&aOncY#Eh)zz
zGhxGGF^Y=me@qqw%5KP}X%)8G7eUMB)DCQiOk=}r#(vY@-a%(y<NkBM7dC{?>D&-u
z!>ezZK4*ZnAV!u$R^i}|bWE5UT`Ge}Iodu|N>|*~kmJ@(HB4h2o8xh!0k=m69b*~m
zr3*RYThXLV{_CTA)@0{Tt)^m<ZX@Yzkj~cHXK|4GIzIGmdo8~v9$K<Fz4F-JlIJnG
z-RqoVH49S-v!H6u&SWe);gQMn+yWV{yfruy*C>r6jq7~QQ7#IUP{s|4DR~ZKlOaks
z`F`sej9AIzcfOJb?mT5b6};fM-ewSkPmRxP={d9?Rn$9Nr5YH;8(bwO4e%!3;!~6N
z6IZ$UYf{P4E({kIGfTsTnMUa+<X#|`{vLhu^#lW-EzKO$Bn|0ygqh1c(<stmi3yff
zh>MY%I7AvVcpLK!lEpM{=6QyBm-}XsdWkW4N9Q$CYcGiz3n}?QUU4*)WWUE`E2Z*x
z$YzeqFOW?imrgKR=I>i6lz&5hBjVL>ko6CY(}FKjIKivmNTbXd`#c8d_%@mDAV=zc
z(hjgBlVqJHV}YdC$axd*v8s2mgazEgVq1PIaelxGZSE4dz#cBpN0cA`cyd|&FN`t4
zA?{?+H5$sAFJYN$XTym31C=RN*{EUn6B~99_v5lG^C{=Ar&RtKxwCf5e-mJhxveV?
z6Oq*^Z%;g}F;l-{TET+^rVHInj}w_z87*p62h)XarYe~>&S8p<N6a*<nAY(yfvM2V
zw3W#82#=GP3f)XQWcu(Nrs!10OqUc>C9zIdx|u#oWO|ZZrz_n|pOER(bC{ybAZEHs
XrWD>+YgJu8@^0CnyvfSV26*}p#;c?#

literal 2322
zcma)+TXWk)6vzLPEh}-<Cgeub22#qUvE5cJy-{*$(<E(OoHRp120Ac<VlT0RE=H1>
z<U8;Qcn4nc05g!z@W8+eo#8Vvl>bU<Vmk`MgH}4bXV3Ya^WW89|NQzJfE!pVqKNzb
z(6Cs<5|*X;K*vLAJd)E@IXsrb2RdpBRJ);IsJ3H$ZJCbcZJRaU+n!M{@nPGGY*%dB
zp}pmZ1<&&%E3$nrR4^X9@0u+UgmxGSuP)4LgPSg7EIbsR2&_mnHZ7+u=+qZR(%#<t
zPk(0G*lWf9)urXtjq1iH3d~yFcg-&><_vaS$K0{%UxvPCT8DJzW7=zhPqb){$?~4%
z3I)R*1+GVd9hZ1EgLct(+O8)ly|&|6tUSlQLV?x_>^dVQwVSRLHO>3>_L8XEuH|sU
zKtqJ}z;4MNDJaa^o*m6A$W50viLvN6xOuQ<dt$ZiZi!$+#+G1y-Euaqz?OD8nU9(_
z+gysP6}y((a)j9su5Y>w<8=2u60XE;T46Iu!i?2~S5~g@yAX)5?L-Prtw-$Giq%RJ
z6~tF<%VDaq>5c|H+1e5HXr}a(^#0aPclXjoCh()C2zYi@MAY;fYgWKcQx`_lwnbFs
zu^OH(b%ae1mKG+9Bb_PZHQ6YgTUTSrM!Pm2il%dW;?TvMuFDX846&Aob>?M^<8t*e
zPU<z0lJq*sV5b>usZ-d~+}AZxT=&~ST|BU*oc&eGaYbGx1zE>ynRhBamlGLhFBV0f
zS(`x&OyV^I12A-~7<dzJ8Cb;=1sCNN_#cPDKnZ07qZl(VfwKnAVT@`WUGzjrmUuKJ
zWk?#h=vX0@9C_Km_}36m&fpFHJc_&&d8m?)m*W(zG30QX??Ku_0<T~gBQ#Y>kh%=g
z8t3<`PjMz)B-zP}BtB_zfD3F8$Jd#}<XhoeD?fwsQ=D~*V<Da#!Fhg5Oga$$0^f>k
zC`Y;Z8&b(jJ~cEoo1Yt+nrxPThWZ?O?gtd*=K*q`&rR;rB?lRHn3V(5v`P$ECPgJq
zaXtx?rpS@+ZM?%I8f(1BFO_>hZ}kOxlGC9nq*h)KGc{B>A!VbhB>N*JTPRn)hnC;3
zJcpLsFCQRZ;q#p|D!)TpNqCJ*Wc?Fk^x%gy4p8`3I^~bpZ^c?&CDS$Nc$fNJ=gbZ2
zag&s{Sl?}uzK6@W!>+!MIn3ZLW;^OzNb3U@Sob9YPqC$!`6Trj&~(lC8>1|65LZ}+
zrqEIL+{9Im-GUMGM=q*yXA{BhWeRqUv`Jg$`Bu57P_Fy}^+@hwJiEl&mg5NHiPs@-
zAw8`r(?HC0oy8w#(tDX6Wis7l$1<4oUZxtER!(3_u1Cr=8Z+Id0LPj7dYRTTneI@v
z45q$brVTQEbOKXyD^sS4m}w@nPyM}2A7?VnX7{PTm+4b7eRcv<@-s-8&XGyw;gsWi
Se5B>S<u2`e?A&OGg?|BZC!S^i

diff --git a/starter_code/target/classes/com/example/demo/model/persistence/User.class b/starter_code/target/classes/com/example/demo/model/persistence/User.class
index b4fe725422edff0b0b604ffed9b70debea78fb38..4f671811d0075ad82aefbfcf07c9b270aa1d6cec 100644
GIT binary patch
literal 2232
zcmb7FYi}Dx6g^`*apJn9k0d3fBs8Sd&ZFBx=!1k1<EF*Nb)wc7Q9e|Y_0-+4kFXC&
zeiRZ&t&sS@58y{3&g`z7*4-fYgJ<UMoO|!Nukk<s{`EJ2JJ>BDhkOx*GR812aPC0<
zA`M%*ePeh3K$)Sy_@?Dr;g&$YQteJ+0+U6Q$~c3vz;)Ae40R-(Lt7a=<#>kU^^|QK
zDnGD-P`Rcuz6+EuFmWh@;8)M@30!EMIC&EKmfPRZX5TAg3g-k0ru6By+8V)jozPhM
zLKzn^Es(S5Ks2?z*)lF^juR0HxYAJqbB`l8v>es70&Cw^HP`h*8Csqj2+YQ;j^3c&
z=xqorW?Vc}uJUE5dR=KpilB)g)N=p$fARFxIX;Z>jr%+8PNVaKfDs4!Tryq$kz*SN
z()=m#Ttg1n8BNN2zQ?SF$8>f%gHheHBgfTD+{m^iqsz0vVEH1~`Z<avK}njX3K;I~
zck{Ybi}h%~^!?*TXXn{&yG8C-GMMbTs^f7XwrI-0ls#sCAp=-XF4K(UYps^Rd<L%R
zS?(abLQ+Xu_QPko*wemxu6*5Ty#&;bOT9K)e2u>A`I>5>&c+p(YFVyoN6x<TJ35KF
zTRl_SUFlm|PCpjH7Z#H^QjhBXr-L(n748jYV7gL`BTYsvodSY_*FiItw=vZ&hxCyO
zUwFMe=`&Pz4Ve^aT@Qo63N4R1In<-WL~pe+vYO^FMu!cipN~S563u9-P-*H*9jgvI
zsg(}uL@GV;BHvUGES=m*{r!f14zjy?hvOQz{9Hy~#I?|+i)cik+;BORb(=X>K@r~y
ztm{0CJXmRq7x747?VU6^R>^qaD&L(P$F9JY?-9rEeM&RPV~+b}${#3P!H1ZqnA7i5
z3Yn&~z~4ttX=CvzK28yQWmCi~Z|8YlQn-ds2o?!Ar(ew!vq(qRd9M5jp-{y#R;aZa
zU=23{5;Ev@lJ|V-x!$B?a2MRimj8tKBPMl=tG)&mKIN(j5P;9H&RyVh+~)eG@=Fwd
z=VcBj%2zX$@8B*`T6v4RPSyDG$}1F4T<bq1V2KW|#TInjno#0ipOT#1<JU2^8aIJ2
zu#v&(>@cU*Oir8ll0M$zbat52O>(+*3a6w7DW|EJ(-yuOaLVzdll&6rf8*ixJgsMP
z+D2`_DbK3vJT1J!`C(3X$?4uHoRS7iIbDo7eVtjmnc+NbW^$@$*KTH*(>6KPPT`bv
me9Gw(IpuLbPRLF?DN_vk0p*9x7u)t5G$@oPG|@tPd+tAy0paTa

literal 1771
zcma)+YflqF6o$|A%B2cIK|usTlu|AWiVA`#K{O>5h*T2sgBi9%S=^n)y%_jWCYnG@
z{NNApM;YJQT|w%i{lHAm&bd72oiqIS`RzLq&CpT{WoW*c(zKwK$7)&3(vvJbWt1?g
zjMyrpo>#u~3`=YouCZf^B`Ix>dxkAtM&0Fo{*fPQ2f}d;*Ar3~TB$nEXej33g^<GG
zo~Ukd(-&}Ray@0&j{fP7N|mF7z`yitWvx=GykVr3b=%T*IchqGmZ|M?{k>~Tji1tK
ztFSj58))8<D(1Vwk=zoDIs!P&<g%u1dX6D$IPZ-iUbao&k}6pGrpeKL62cLqj4zE3
zeqb?1DV;kWqtSp#9CGWx6k1hSwr1H?VV+ZG8Lmj!7gKFrii(W|$61}bI<JCtAjWYy
zJd9LHE|trS`eXc7Z9|^6kP3T8X2*M{?l$j;UE!!JtA<W%fjAS5DO;*Z+fk^Q1w$I%
zBBNwsbPHN6qh&^IWkZTJ-`WvQMd_wQw{>oAamP@0^fBe_85pC6lzWZ)Q_|Fgr$l5l
zR%j?LQatPajvFsDd{L^S_Lsujv#T52fj$^F@TS2~f`n)p4<wDu%1RYhm47P^6>F$>
z9+2vd)J<C}V$Php3V-{kR4tpf@95&Wp#*GJ{*x+K{IIUzl?IdE6Eg~d-cT>)BT0^i
z=vI!d(zP6AsVPV8bcNA~dQtzGUWEWf&Kg?Z*%!J;gZR&p!OKWeLS@7YX@=DWy9IkI
z?3|!WbeY;<CRDx1B@e3uf1TTur><@4jy%8?c?=;*4}SN)B_`-P_0bLZ_q#MeH(eAP
zM8+)6(Gu2SSQ>VQJze}t>`PGaHr7n=v6JrLcP@0G5h}pK08$a_`QT$pe69-~jtw58
zaS*BCMeGUenc~<9CC*B>1YZjfX*9^t9ePFO6<XNu1Y*++hGLow8VQ*aA#d@RlAmyx
zptFX?W0|IC8eSn&5(+A&ffGvBGfjbM`U0l#A|s}3z;u`H#psl(*J&n}X@>5fGX0@b
ks-9^UOmi17g_9F8wFgo>2-b(e#I>QoEbKW@VniPO0+T{~wEzGB

diff --git a/starter_code/target/classes/com/example/demo/model/persistence/UserOrder.class b/starter_code/target/classes/com/example/demo/model/persistence/UserOrder.class
index 2c62312c18c279ce0606b4a9ed1fc8086c9b789b..ca84ad387d7495a773ab105bfa72b95bf04b06f9 100644
GIT binary patch
literal 3034
zcmb7GYj+bx7=9*6n=~vf*Fr(AUg!n82ntG|3WZ`zXbTO|f{NSCkZ##a-E27YU+Fno
zMbGj0*&pTcnVD_U#>EppWF|B7%=<p?b@uOne*Y7|HN<7)kT0TOVE}^y2R59Sj_o^P
z(_UKJkZvL{c*6_5WJVxAK2aY+2}4DcE$o9OaM6tdTfTCFO<&p#8ANsvHKcEE%DCmV
z5*fPEe%zArQrwWSK+bDWMYXG=8imb@k~wT)1P25LyhH}A4yc`YzFnmx4LW4uFpdZm
z+7u};QSDQ^zC3E-7>-jz5+#l=FluN7PO@&__L_I3>jjQqDU(dTjFWh$h*K6$<BY(C
zKJ?5wF@05P%4FVHaA<tOXz1Fo59e^ch<7c#hxY}BwI4di^mHqUr4tC8+;i9L+AI2y
z1TSE`hzSdmm?E?*B*o1}zR$o#G2J+rM9O;tr?Vt>kd=M-5Yt827B1l<fn)y>YLp8U
zT_auK()cd(dR13a+jk|B_Usi4ALA4Hsnzk*;oWj{s3+>m|JN*hiqDKoYbIpJcZ|pi
zTE)T*+%%$7{8%cw7j6`MZs7~uqDhRI%29zS%I_o83aqV}wQvV_DS_4)2^Yuv7BEp4
z7<<$X6EBc;ujQ@z@>Uqq(8P;EhR)>Yt39PO->3+j*M8r7a8HIZb`sgBJAPXdRANN9
zZf^ZAo|<Y~n;JiV=k8){zP2i0YZIP3EZ_K5;M*IH`=S+vw$ou}FL1paN38N>i^@)9
zFk)`CgOG<qD_%2nl6EWwD!Wofh5AN6-ct2cnW3c98EPIl;Z`kDBLPL%X}L~=iq2#}
zXU$=1aQ;@cDsU<TXGAWA$}L$c7a}k0SXT(0fclE6BRx~ytrWI>-(fKG?5_|w63gc@
zR*kS>E-mT{g<1AVfsv{g%EflDCgYmABygx2xsG3VVo$Bp%|f#7F(sz^ahFO&-EK*L
zK(!;1>hvOAkGkpdP}Lw0cM7n3rc(331DUKxjb$e$UuFW;-`pv`PRn|`_>Jy0jft0<
zH`Ch!-bSt>JM6M=CUP#00@H_A`>I2QWvA-1<aeA}aCNKi>z>v?S4ZakE3ZWD*p+jh
ziu7<NQq!v4W|z@j_6J>KV;PyM-N!JOb@pi;d|^s_(SZU-KGDp;Ij+XIzQ_4XuID8d
za357JAMlq`4==|>{eMZrk0Xy|LLWYbka&cZU1+|*snAnI)p+YM=XwiY;p-<@#gi8G
zD&aZx-lkCXm9e9+%sqZ<aC}OX%~^0BnEVyuCw=W3j_Mc`@GVDW1OfOC&o~Qw4~OI4
z%Ri&|BM)=vUY^dpyatyjb$N!f^3>qu)GsJ@RV%K*Wh%U)C5#$Ws$Nkuer*snAh=MR
z_?<vlFQ@&zoUUeYGLDxN!l#k0R6>?1tix@;;+EHz8E)6ft?~wLDwqP#dBeDEkl|h8
zPRe$K2S#C&n|%K`_Od?M%X%h*wNOuAYVsaW9_;nxZL*zx16z|!DYwJqCe)*!!Rcr(
zr@2f{`~t}0bhMY#0y*7(11FQUDW_xPG=z0{so0kcgien?P+I*JW7Vn2ZJc<GvjV^2
zgV(s2!(TYJjmv8P>Nc*cd1f28r@97=Qn`vkiGexGP><swKf507qH`G=ctK2w-*`T=
az7xI;Zsri^G1R3x!ga*;CP6I1AN~c)?ZyTG

literal 3034
zcmb7GYj+b>6x}z^HjID;`v430K>ENAf}#?rLLb<gKA@pmP;r`E(kb((lL?FdD_u(q
z=vpp6`=ea$Gc!rsFlhLYJ9F>d_ndvs-RDgH{^$2U0ep<0gaO>^M*-_Hd?UlRGHeua
zzr^Rg5+2~YBQWrN2|wWB5&Q_Nh)vn6$zEOFw7fl%w?+|L3K_euaJ;f@J+Vy3@)~Bv
z_Znq|k-IG~v|YV!H|<SF-}F2`v_jkWnhJvv{HeL4gQndKwO7;TLY;@+P1(4uJsnt~
zuCH58OB2-B3}xQf{ZBkSRd;tH{KD+qa&@7)p<q^OzH2_R=refgI_9=jd))Lr)9SD@
z7dc-Id{PT{>FiVrqZ!|6xgIz3cBoy(lZ4+2ZO5!IAa3=q*$vMMTY*+6$Jyy@UyoSm
zr<S|pXtS<e-*o-Db`Ix*rpwc`bS8ztlI87IeHjTT)~sgDs?*Wg6zEL6ndBmSvr<vW
zwVFCm81IG0JwoYZG{tnxV#Sjrr?Fi0ZLgE7oM*YDSQOU}MKgU~%W*79BTIQg;bfp6
z=|Hqlj}I+J2l63x<Fqwnx>mSl-m)9Bx@NnUL(hflwr7Xa3fZyob;dTsR4N>+*q&Z)
zxtltuiW7x_ieIywbt|xCo-F3VEt?lO)oUhJf_jvWd_#u|3}RqxJigq6($6>J%@bqY
zdqVK|k`A~0`l=N$KI)L}`@~u-rH;XlS{UMuwwKQ0>q)3j2*vi>oH~}u!fEhuZdf--
zex{QUI`G$VES8H5O(di+$snZq{zvzT-io9gpSw8L^D%KKxva*L8E&WTWzk4R64Xc%
zVmC;P9jyhLt!6&(-5Dzg6*hVzBiM4!(Y7^}t3@t)Iv06h1M)?W3Z*r_71Z>+EkZvk
zd5errNmowqVRLNGQG**vDeUO-sk>53iZ$|K;1WJEZ~`X{jN*)e^Z3BP6ikJSJ>F_W
zsR-M^b=)wpjmJee23&YW_y%_H6S+s<k&fC7e1R_w+{RZ17O-ew2D1j{FwZjD|KhA{
zZtEH^=Ryxe;%hAM6QV6w;dEOfk;{11T#Ggt|LJ`;$rd}4LtnmBZ6Wlf*|Ybh8R;Nt
zXXqt6u?y+lu|b7P2P>`H8^zQeZW-_J8$7_)nL|eIg)Q_g&PF&N<a3DgVa@3&oaXdx
z{xWiN9M4AY=OXwpvNXgm=>sT@_wfD!G_N=@I!e?9o*LtGyom`+-p56J*rZ=Eo)IA=
z&=O~Dhb692HXJV#B?!f5e&QL_FVV3p91GFn5dWcoe?1}qKEYMa6h6gg91kD<6`7yA
z4o{^X{v6lHMGjB%nc=fAG5H%Z`>us6h{)qgWMMEyCGLe<oYyi@dBurvqIe1G=9KN`
zbTx%jocL)Pp{$uoF|tZy9d23SmL(e?=5~$T%CF!im#J`**f?zkUhg@sBy2~y5j(ua
zMHUXnZq~VO*3&7hl@weO@}W%Tx-)r;Y-e7<HWpLD?L4_DDeDwY`EE}0shrpj(m3V2
zIW3aY*RS9dt2W^@MNa*MRuZ#McoC62{y<^l8H$z3i9PhaK)=FslwROS27kfW!yB@G
zbPvbmd3+CVPVNUVNaw&Z`mn;QS!Mm)VL{wIK<6@+xDO&Gh`GvqBy^UznBfr_??k0~
OjBj^2Un7V`Sp65eCccXR

diff --git a/starter_code/target/classes/com/example/demo/model/persistence/repositories/CartRepository.class b/starter_code/target/classes/com/example/demo/model/persistence/repositories/CartRepository.class
index 528fcb014bbb118b87bd3399bf7e1124b251ff32..8fea5ae7d8e4ce2e43ff0b4e632923aaef89cf2b 100644
GIT binary patch
delta 199
zcmZo;xx*rG>ff$?3=9nB41(+oOpFY66aAGZ=Q2u5vNNzSG6-ZPmL=-vB<7{-`zK|k
zCYP`?uuY!LXt7b)jImxas5Gx6GdDFXvp6#;C)F`8FTW(QBr`v+n2|x-C%-6Nzqp_%
zGcP@@C^0v+JijPgzqll|C^f&NvLIDID77HJII|?bsM4B^k%5tc8Hibd?qCGk%Fe(6
l<Z%Ldtc(m?K#G}x8%Q!S@G$U#X+8#i2A~=?peg|d1^~#$Edu}m

delta 99
zcmcb^(#9fu>ff$?3=9k=4E*d2JnRg-><oMx=bJGy+D+W3JkeNsVxTZHBZKK=dqz`Z
qHbw?U1|}e825MkrVPs%oU<LBnfIL=426iCD#J~Y2IT^UXG&ca3UknWZ

diff --git a/starter_code/target/classes/com/example/demo/model/persistence/repositories/ItemRepository.class b/starter_code/target/classes/com/example/demo/model/persistence/repositories/ItemRepository.class
index fcdea8cef975b516a97eb24b94d28539bdc13b64..a25d3e8bc905f02283c45b60504bfdb435041497 100644
GIT binary patch
delta 185
zcmX9%I|{-;6r30H@o)SzX}o|%N(C!>L9h@Ti&Yj`iMzpF1ux(QauIC>#o9xO4=slI
zFvDE^OVD_K?oR+ibRu|#qDd0LC&W8(5@{y%Hl3|^a^oU|#e+t-?vnb+{HUGU%Z0LP
zoym#T#tEm4wuHg7cu{X<ojge6&bdtIGB;K^b2yJf0-?kR_>%Z0LKz+^>;giSsmAb7
S=h9y_(EKGW#LOX2+rSse)g^8K

delta 108
zcmZo;-M}Jz>ff$?3=9k=3<B&7yzC5o><s)H=SMIy+D%quRGw%oJuy(2nUTSCaw4Ot
vH5(%XBLfo<GXr%nvM@5RFt7soY(O3>BLh2-;s9bM22LP`u(%kw!6G~W+9wOV

diff --git a/starter_code/target/classes/com/example/demo/model/persistence/repositories/OrderRepository.class b/starter_code/target/classes/com/example/demo/model/persistence/repositories/OrderRepository.class
index e47ebf196d9c7c428bb7de9fee9cf5f4ae021d7e..598335ea04e4df58cfaab025c497d838e3e26837 100644
GIT binary patch
delta 208
zcmaFGa)4Ff)W2Q(7#JAL8HCswm>3!CC)+bBPd>pYBgxLd!pI<yl~|UjpOcuEuJ50e
zm6}|_&cHVLJEO%$;faj(l0l_;C7HRYVVT95Nja&Gd3pIIi6xo&dBuzj+CKS3>H5V5
zMVWc&X+?>-spa`a+4{vLsYR*zC6xuK`a!7$`Nf$f`9+o1Y>W(y49q~x3Umk~&{lQ^
s4hAL$P9Tq!k%0?HaRV_E0}oIUgvHCi$G{)}6ygVx3=C{Qy@Cu302p2_djJ3c

delta 114
zcmX@W`ie#P)W2Q(7#J8#7zEfEc-a~F*ctdYE||zTk>5d>kwG9Uu`E$PCowNw-#;lU
zHMwMBhJ`g7BLgD?6A&{4^)a$AGO#eP0{Lt}9xEdQJCNc4VkQPoAcnBG7`VYAJOE_V
B5J~_5

diff --git a/starter_code/target/classes/com/example/demo/model/persistence/repositories/UserRepository.class b/starter_code/target/classes/com/example/demo/model/persistence/repositories/UserRepository.class
index 54313b79f2b962af4ad68ef299a4d91fd5eb53cf..da0a20554d1b013aad9acff9d40ffebadaf48a2f 100644
GIT binary patch
delta 199
zcmey)e3nJv)W2Q(7#JAL83frGm>3!CCfX=Zj$@RTWM^PuWDv+oEKAhSNz6;v_fN`7
zO)g<)V4K{-Xt7aPov~grs5Gx6GdDFXvp6#;C)F`8FTW(QBr`v+n2|x-C%-6Nzqp_%
zGcP@@C^0v+JijPgzqll|C^f&NvLIDID77HJII|?bsM4B^k%5tc8Hibd?qCGk%Fe(6
l<Z%Ldtc(m?K#G}x8%Q!S@G$U#X+8#i2A~=?peg|d1_110EhGQ{

delta 94
zcmX@h@|{`u)W2Q(7#J8#82H&4c-R?u*%|mY&R1ug$ZtO}P?(vK!E~|#qp2|)BLgD?
l6A&{4)iSa$GO#eP0(ope9xEdQJCI^x-~f}H3|wHE8vr153akJC

diff --git a/starter_code/target/classes/com/example/demo/model/requests/CreateUserRequest.class b/starter_code/target/classes/com/example/demo/model/requests/CreateUserRequest.class
index 2a2337627b94f8d03b49263188f10fff10521617..b1d5bfab0c5338323954c75f18566c06f01e5fe7 100644
GIT binary patch
literal 1177
zcmb7DO>Yx15FO{cX-Yz9Q%Xyr1*Eh{Scn6MqDm+d2NWP`A$MovrVhJy@H$Zb6-Xc?
z4*URq6yiA>k+NA1Ts%ADnfGSicz^!-{)31f)4eL?C|{;Rjfzxa)EJBRf`>wn_^ZKK
z298nbiPFj)Gs?FQ`YTkSl`>Upv`RHb4+9f%c_E@nDEUxEhDT;7LvH1}sf=CBJ5~xO
z-^9|MBq2tXDLgGA$*9>~(49J~^ytVFT&YprqgN&(jz1VX^uen&YWiS3F#1f{s5if3
zv~@DoPDQe>Vl@cmQ>~2?P8l6D;$7e2nTVaV7g5N^B6u4c&BdQ2{v3YKnu)aT;}N4m
z2NQs%tF(MMjRw-b7C`mQnm~koVU_pi!Gb$ipm{W-`7a?rwK|f{OOuGP-ac5C14;4a
zq>c7+&Osl0dm-Jq8TN#Qu$UD+`ND-rO?aKOa=w8}De#t3s;6dZ1NlsO30h0*eBc*I
zd)QA7?<tQH?}8XzgI9uGht2tIF2%6SRICgij}YeusyHlzEgpU&_IU==!s)LOq)nV2
zz<*z-Em%f3XdCC>#b2oW370uq6gM)9cjzXveDN`?pQdzp|0|Uj)c#i?OjJacr*9=$
zb9&!eGW#y>iqId1(XDLQwKVMJY>sT$M7}v}eFl3w8@7>#-3IK=Ke|meFo$i<VD~Z=
ZTuUpso2lS_W^p53yq{To2mCp@`y0B;&p-eG

delta 326
zcmbQqd5Kl()W2Q(7#J8#7^JxvSQx}P8JHO)*cl|*8KfpwDNH;az{_TnnU`5&$H>5}
zp&2$=lJWFpEhZH%9tKVZAi>JOHqp(@S|BU2EKxrvF)v-;KPf9Uxr9LxXbua|Tt)^a
zkRl+>4&;Go4j|18q=EW@B=_V6Ok(vsP&o#mT3#TV2Pgw#^D*!PX+{PC20@ToAX^_u
zgXOfgFfeTZ3NQf`LkwmBD!`^$h(Q>r3Z&T%NHc*{YiVy~VA=@RZNmi?<_Fp+05(Dl
Zq6}(3$ash!M1WdY8G#&-qeQ{_#Q;p19g_e6

diff --git a/starter_code/target/classes/com/example/demo/model/requests/ModifyCartRequest.class b/starter_code/target/classes/com/example/demo/model/requests/ModifyCartRequest.class
index f5e3fa9a3e65867a6720f56db77f168cdb4e9802..bdfada0c2e256200d27816b7b8c4c64dd440530b 100644
GIT binary patch
literal 1184
zcmb7DTTc@~7(LS~mm-v#R^+CFEhKJ?4?bW>42ek_Pz3Dzv>nRS?k?<34g4ofG$}Fh
z!5`p{GM?%7f-OAw@_jqsWzPA|H~ag~&tCvuVS55G#M4M*kVHygrXfE|rzyR<^S;th
zRU?pktvzja1>*Tac^qRHPh%p3Nn`|GRDIV`m(o3NDyODg-*Nq#YC3_sXsOVI&VgUk
zr&oJ2Fh@~HV5}9Yz>}^LnB5=19h*RV^&JavFN0~!5Lp}L7Ha~cWW%!=%we7vT(qQT
zw7FuUD3Cj9@#Lzq4t1re-gusGq|v??3OM_g;HeCa3NGEI(~#9qq3=1eU*wc{J`DVG
z6_~3Xfy5pM5SZTAo_g1ED=IjVyw!5`tFl>^fwt#vFk#L#VP1A%{!0f!P1cq9*w<n{
zUl>(`Md8h&h5Tquq0F@%D0Al54rM@HIV(Ah^Y&s_KW?tX2(Riz68VztvlKq`)npm<
zw1|UPB44zH6UTllsH(TxO0hVy)#rAPSm%;rd{%K<J`V^i@RXuoq>tI9j>Ndpp;(${
zzD3&m>~iP@eRAsu#P`lM4`^+gLF8yHko|s$C3=BJSf>5AxsCKUCSw>hXK!s@!78h4
z^De!eCbhMFjr0K8{xRTWNls<q7o(~!yrmY+zQ$aVa?%M(^SI9`#xFZi8&hBTag$T-
zR!&dwlvNR@IMubBR<AKN%xRgNR_@>wX}@NH`MT)@Hn7>})DyXl>=!0)a$3KY(=+7z
eoO(JfT_ZcpX@i_L@8A^ezRPK@!>P~#-}(z1Jjfyd

literal 1184
zcmb7?TW=CU6vxjl3zSRk#e!mOD{AXP6E{ZRG)+ts6A0DXD(?eK>EK@4-C0w<lO~!#
zOnmSI_@Rvd+2vA!KKL?c&e?PMo&W6bKR<sF(F@woQi^snl%zd%JW+?4rb?Qs8ZCtZ
z_g&_2jn*4I_L*5WbGz25^o84fsZr@9bfs{3Qv{-A^VhEHNhXEo1{zt7w&z%9ERfv4
za%`)|+Mfc?wb&%ds>46_y$kNkKDwoZ<W8-lkygj(%aEbB?8B|$+biJ;d7x3ktTZ(;
z4!sVbRvN<PZ$qcW{SOQP3e#&dyUBc^{87-5=K@5}BO-pqoC}*<9qxFRgEqG1^UIJ2
zGO&)kjyUTdGGCs=AyDPITz;I$uwhmf36Tq~Cl$>397Vl)#O1lyIc7d2g)CsopnGk!
zHde#p8MGQl470B46vF$797uy8YT`6zm^GD{J@rDr&EE(mMR9JMr|Jpwv_h+SO4CxF
za+J^0GTqYXnR=}Mk_PKc|A=?39&bx3<L61?w@Q$%1`xJ^mx9g0>T2Fx4C7~FY4~8o
zxrQnWR)bAee~|V)YO{`0HARqa<5W%6eS-?H*qrX*{I_^O`Zs*kX<EFtu=p;Okfn+b
zV0GA3b$>|ubaXa~7BH|FbtuMJqwxwY-u)hGlNubwv`P0TOge6Ap#den;&Pp-w2*0w
zwviPxC7`Zi+8I(}mT3!2+cz-9+K-rW5z`Jmm@th+9+2^6hN--esZ0+iOk<rkhh)q$
V?Sg6V2B!G!M@-8R)1zqk<G)*S#@qk^

diff --git a/starter_code/target/test-classes/com/example/demo/SareetaApplicationTests.class b/starter_code/target/test-classes/com/example/demo/SareetaApplicationTests.class
index 30dd46b25ee4e841c83556b8b4b21e652eb2aad4..b8e6b128964afd3a8c96ad4a3750bb5659fcd852 100644
GIT binary patch
delta 231
zcmey)@}0%z)W2Q(7#JAL8N|65m>8JZ8CZB2SQ*$D83eKt%M$f-67$ma{gbj%lS>#G
z*laTMGE3|j8JIOR!`K-(CigJvZd6NT6k||iU<c|30VW1UkbWS^Ir#yjSUnd|48&t#
z;9}qgl00BGE0E>|@)#NTfU-;soItiVm=6@&2xKq;mBTdhA!%fUYUGE?3V_uLf=M9;
UkSIS;uQ1SHkz@u@1~H(c07_;SnE(I)

delta 234
zcmYj}I}U<C7=&k+r-*<rtW7K+7BrT|E7;j1F$7|$h^=QZUcf8RT6h3Y;VtNl!^T9n
zn9Th9&9r)}FP`uF1HcM12O1_8rWQg0b6r$Ly%Er&c-Q2auwCdd1ft6=iUoo)J*CMp
zt@32MFArIbIV1<VCm}kPYF=L=JX^e(On?KM>MC!b#|-*DSxEv|s?1wMBk?PGe?{>v
Zx@5Z9fnq(SKF0x{-GD#C3?qys@ByGo7X1JK


From 17900e96c9b86a3b1a3ccf66bc98950fd37579a9 Mon Sep 17 00:00:00 2001
From: mac <trongduc0903@gmail.com>
Date: Wed, 13 Dec 2023 20:58:01 +0700
Subject: [PATCH 2/4] first commit test 1

---
 .gitignore                                    |   2 +-
 logs/myapp.log                                | 291 ++++++------------
 .../demo/controllers/TestController.java      |  16 +
 3 files changed, 115 insertions(+), 194 deletions(-)
 create mode 100644 starter_code/src/main/java/com/example/demo/controllers/TestController.java

diff --git a/.gitignore b/.gitignore
index f98b419fc..ddff07278 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
-.idea/
+**.idea/
 /starter_code/target/
diff --git a/logs/myapp.log b/logs/myapp.log
index b9dc355eb..7196afdce 100644
--- a/logs/myapp.log
+++ b/logs/myapp.log
@@ -1,195 +1,100 @@
-00:09:02.740 [main] INFO  com.example.demo.SareetaApplication - Starting SareetaApplication on Duc-Than-Trong.local with PID 44418 (/Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code/target/classes started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps)
-00:09:02.743 [main] INFO  com.example.demo.SareetaApplication - No active profile set, falling back to default profiles: default
-00:09:03.376 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
-00:09:03.461 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 75ms. Found 4 repository interfaces.
-00:09:04.052 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$2ee56919] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
-00:09:04.380 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8080 (http)
-00:09:04.397 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8080"]
-00:09:04.410 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
-00:09:04.411 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.19]
-00:09:04.511 [main] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
-00:09:04.511 [main] INFO  o.s.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 1716 ms
-00:09:04.712 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
-00:09:04.884 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
-00:09:04.957 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
+00:37:48.766 [main] INFO  com.example.demo.SareetaApplication - Starting SareetaApplication on Duc-Than-Trong.local with PID 83541 (/Users/mac/Documents/Project4/nd035-c4-Security-and-DevOps/starter_code/target/classes started by mac in /Users/mac/Documents/Project4/nd035-c4-Security-and-DevOps)
+00:37:48.769 [main] INFO  com.example.demo.SareetaApplication - No active profile set, falling back to default profiles: default
+00:37:49.303 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
+00:37:49.394 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 83ms. Found 4 repository interfaces.
+00:37:49.874 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$4539212d] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
+00:37:50.142 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8080 (http)
+00:37:50.157 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8080"]
+00:37:50.170 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
+00:37:50.170 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.19]
+00:37:50.268 [main] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
+00:37:50.268 [main] INFO  o.s.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 1419 ms
+00:37:50.450 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
+00:37:50.616 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
+00:37:50.711 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
 	name: default
 	...]
-00:09:05.034 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
-00:09:05.036 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
-00:09:05.207 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
-00:09:05.363 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
-00:09:06.183 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
-00:09:06.768 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
-00:09:06.836 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1820f274, org.springframework.security.web.context.SecurityContextPersistenceFilter@14624acc, org.springframework.security.web.header.HeaderWriterFilter@3e5b2630, org.springframework.web.filter.CorsFilter@221cdd87, org.springframework.security.web.authentication.logout.LogoutFilter@165454f7, com.example.demo.security.JWTAuthenticationFilter@4d66cb, com.example.demo.security.JWTAuthenticationVerficationFilter@7c79f2cf, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@f453129, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2c8f65da, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@63551c66, org.springframework.security.web.session.SessionManagementFilter@75ac326f, org.springframework.security.web.access.ExceptionTranslationFilter@49741274, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@276aa33f]
-00:09:06.942 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
-00:09:07.127 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8080"]
-00:09:07.174 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8080 (http) with context path ''
-00:09:07.177 [main] INFO  com.example.demo.SareetaApplication - Started SareetaApplication in 4.972 seconds (JVM running for 5.507)
-00:09:18.249 [http-nio-8080-exec-1] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring DispatcherServlet 'dispatcherServlet'
-00:09:18.249 [http-nio-8080-exec-1] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
-00:09:18.264 [http-nio-8080-exec-1] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 15 ms
-00:09:18.523 [http-nio-8080-exec-1] INFO  c.e.demo.controllers.UserController - Create user name is : ductt18 success 
-00:09:49.062 [http-nio-8080-exec-3] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
-00:09:49.064 [http-nio-8080-exec-3] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
-00:09:49.083 [http-nio-8080-exec-3] INFO  o.h.h.i.QueryTranslatorFactoryInitiator - HHH000397: Using ASTQueryTranslatorFactory
-00:09:49.169 [http-nio-8080-exec-3] ERROR o.a.c.c.C.[.[.[.[dispatcherServlet] - Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException: Cannot invoke "com.example.demo.model.persistence.User.getUsername()" because "user" is null] with root cause
-java.lang.NullPointerException: Cannot invoke "com.example.demo.model.persistence.User.getUsername()" because "user" is null
-	at com.example.demo.controllers.OrderController.submit(OrderController.java:38)
-	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:104)
-	at java.base/java.lang.reflect.Method.invoke(Method.java:578)
-	at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
-	at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
-	at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
-	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:892)
-	at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:797)
-	at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
-	at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1039)
-	at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:942)
-	at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1005)
-	at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:908)
-	at javax.servlet.http.HttpServlet.service(HttpServlet.java:660)
-	at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:882)
-	at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
-	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
-	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
-	at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
-	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
-	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
-	at com.example.demo.security.JWTAuthenticationVerficationFilter.doFilterInternal(JWTAuthenticationVerficationFilter.java:45)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
-	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:320)
-	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:127)
-	at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at com.example.demo.security.JWTAuthenticationVerficationFilter.doFilterInternal(JWTAuthenticationVerficationFilter.java:45)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:96)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:74)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
-	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215)
-	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178)
-	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357)
-	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270)
-	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
-	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
-	at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
-	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
-	at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:92)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
-	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
-	at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
-	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
-	at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200)
-	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
-	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
-	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
-	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:200)
-	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
-	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
-	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
-	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
-	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
-	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
-	at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408)
-	at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
-	at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:836)
-	at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1747)
-	at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
-	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1144)
-	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
-	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
-	at java.base/java.lang.Thread.run(Thread.java:1623)
-00:15:13.493 [http-nio-8080-exec-10] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
-00:15:13.494 [http-nio-8080-exec-10] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
-00:15:13.515 [http-nio-8080-exec-10] INFO  c.e.demo.controllers.OrderController - Order request of ductt18 success 
-00:28:20.117 [Thread-3] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
-00:28:20.119 [Thread-3] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
-00:28:20.121 [Thread-3] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
-00:28:20.123 [Thread-3] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
-00:28:22.015 [main] INFO  com.example.demo.SareetaApplication - Starting SareetaApplication on Duc-Than-Trong.local with PID 45831 (/Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps/starter_code/target/classes started by mac in /Users/mac/Documents/workspace/nd035-c4-Security-and-DevOps)
-00:28:22.019 [main] INFO  com.example.demo.SareetaApplication - No active profile set, falling back to default profiles: default
-00:28:22.603 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Bootstrapping Spring Data repositories in DEFAULT mode.
-00:28:22.677 [main] INFO  o.s.d.r.c.RepositoryConfigurationDelegate - Finished Spring Data repository scanning in 63ms. Found 4 repository interfaces.
-00:28:23.234 [main] INFO  o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration' of type [org.springframework.transaction.annotation.ProxyTransactionManagementConfiguration$$EnhancerBySpringCGLIB$$637374b9] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
-00:28:23.538 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat initialized with port(s): 8080 (http)
-00:28:23.554 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-8080"]
-00:28:23.572 [main] INFO  o.a.catalina.core.StandardService - Starting service [Tomcat]
-00:28:23.573 [main] INFO  o.a.catalina.core.StandardEngine - Starting Servlet engine: [Apache Tomcat/9.0.19]
-00:28:23.674 [main] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
-00:28:23.675 [main] INFO  o.s.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 1604 ms
-00:28:23.863 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Starting...
-00:28:24.032 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Start completed.
-00:28:24.096 [main] INFO  o.h.jpa.internal.util.LogHelper - HHH000204: Processing PersistenceUnitInfo [
-	name: default
-	...]
-00:28:24.163 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
-00:28:24.165 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
-00:28:24.328 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
-00:28:24.478 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
-00:28:25.250 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
-00:28:25.887 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
-00:28:25.963 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@7fad28ac, org.springframework.security.web.context.SecurityContextPersistenceFilter@5fd31df7, org.springframework.security.web.header.HeaderWriterFilter@656302c, org.springframework.web.filter.CorsFilter@3450bd13, org.springframework.security.web.authentication.logout.LogoutFilter@66589252, com.example.demo.security.JWTAuthenticationFilter@1bb51492, com.example.demo.security.JWTAuthenticationVerficationFilter@5da1a97f, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2c8f65da, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5ff29e8b, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@4b5f022f, org.springframework.security.web.session.SessionManagementFilter@49809275, org.springframework.security.web.access.ExceptionTranslationFilter@f453129, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@39c1e7b7]
-00:28:26.082 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
-00:28:26.262 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8080"]
-00:28:26.309 [main] INFO  o.s.b.w.e.tomcat.TomcatWebServer - Tomcat started on port(s): 8080 (http) with context path ''
-00:28:26.313 [main] INFO  com.example.demo.SareetaApplication - Started SareetaApplication in 4.846 seconds (JVM running for 5.444)
-00:28:43.497 [http-nio-8080-exec-2] INFO  o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring DispatcherServlet 'dispatcherServlet'
-00:28:43.498 [http-nio-8080-exec-2] INFO  o.s.web.servlet.DispatcherServlet - Initializing Servlet 'dispatcherServlet'
-00:28:43.506 [http-nio-8080-exec-2] INFO  o.s.web.servlet.DispatcherServlet - Completed initialization in 8 ms
-00:28:43.736 [http-nio-8080-exec-2] INFO  c.e.demo.controllers.UserController - Create user name is : ductt18 success 
-00:28:53.461 [http-nio-8080-exec-3] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
-00:28:53.463 [http-nio-8080-exec-3] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
-00:28:53.485 [http-nio-8080-exec-3] INFO  o.h.h.i.QueryTranslatorFactoryInitiator - HHH000397: Using ASTQueryTranslatorFactory
-00:28:53.569 [http-nio-8080-exec-3] ERROR c.e.demo.controllers.OrderController - Order request of failed. Because user not exists 
-00:30:52.524 [http-nio-8080-exec-6] ERROR c.e.demo.controllers.UserController - Create user failed
-00:31:18.496 [http-nio-8080-exec-8] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
-00:31:18.497 [http-nio-8080-exec-8] INFO  c.e.d.s.JWTAuthenticationVerficationFilter - Login success
-00:31:18.520 [http-nio-8080-exec-8] INFO  c.e.demo.controllers.OrderController - Order request of ductt18 success 
-01:39:17.238 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=30m22s311ms).
-02:39:34.207 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1h16s971ms).
-02:57:24.010 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=17m19s792ms).
-03:13:21.803 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=15m57s793ms).
-03:32:06.549 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=18m14s744ms).
-05:20:22.266 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1h47m45s702ms).
-07:08:38.979 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1h47m46s694ms).
-07:26:08.664 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=17m29s685ms).
-07:36:08.599 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=9m29s851ms).
-11:44:18.185 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=4h39s263ms).
-13:15:49.175 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Retrograde clock change detected (housekeeper delta=28s1ms), soft-evicting connections from pool.
-14:16:35.549 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=1h16s415ms).
-14:33:47.836 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=16m42s279ms).
-14:54:26.500 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=17m8s643ms).
-15:12:08.418 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=16m11s891ms).
-15:30:14.105 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=17m4s240ms).
-15:55:31.803 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=25m17s698ms).
-16:23:51.820 [HikariPool-1 housekeeper] WARN  com.zaxxer.hikari.pool.HikariPool - HikariPool-1 - Thread starvation or clock leap detected (housekeeper delta=27m49s726ms).
+00:37:50.782 [main] INFO  org.hibernate.Version - HHH000412: Hibernate Core {5.3.10.Final}
+00:37:50.783 [main] INFO  org.hibernate.cfg.Environment - HHH000206: hibernate.properties not found
+00:37:50.938 [main] INFO  o.h.annotations.common.Version - HCANN000001: Hibernate Commons Annotations {5.0.4.Final}
+00:37:51.070 [main] INFO  org.hibernate.dialect.Dialect - HHH000400: Using dialect: org.hibernate.dialect.H2Dialect
+00:37:51.790 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Initialized JPA EntityManagerFactory for persistence unit 'default'
+00:37:52.372 [main] WARN  o.s.b.a.o.j.JpaBaseConfiguration$JpaWebConfiguration$JpaWebMvcConfiguration - spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
+00:37:52.446 [main] INFO  o.s.s.web.DefaultSecurityFilterChain - Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@6a97517, org.springframework.security.web.context.SecurityContextPersistenceFilter@42fa5cb, org.springframework.security.web.header.HeaderWriterFilter@56554365, org.springframework.web.filter.CorsFilter@284b487f, org.springframework.security.web.authentication.logout.LogoutFilter@7bc8da3f, com.example.demo.security.JWTAuthenticationFilter@65021bb4, com.example.demo.security.JWTAuthenticationVerficationFilter@630c3af3, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@44e4cf8a, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@3ea6faf0, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2e40ea48, org.springframework.security.web.session.SessionManagementFilter@66130c3b, org.springframework.security.web.access.ExceptionTranslationFilter@51aa2a58, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@61ca5134]
+00:37:52.556 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Initializing ExecutorService 'applicationTaskExecutor'
+00:37:52.713 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-8080"]
+00:37:52.721 [main] ERROR o.apache.catalina.util.LifecycleBase - Failed to start component [Connector[HTTP/1.1-8080]]
+org.apache.catalina.LifecycleException: Protocol handler start failed
+	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1008)
+	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
+	at org.apache.catalina.core.StandardService.addConnector(StandardService.java:226)
+	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.addPreviouslyRemovedConnectors(TomcatWebServer.java:259)
+	at org.springframework.boot.web.embedded.tomcat.TomcatWebServer.start(TomcatWebServer.java:197)
+	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.startWebServer(ServletWebServerApplicationContext.java:311)
+	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.finishRefresh(ServletWebServerApplicationContext.java:164)
+	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:552)
+	at org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext.refresh(ServletWebServerApplicationContext.java:142)
+	at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:775)
+	at org.springframework.boot.SpringApplication.refreshContext(SpringApplication.java:397)
+	at org.springframework.boot.SpringApplication.run(SpringApplication.java:316)
+	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1260)
+	at org.springframework.boot.SpringApplication.run(SpringApplication.java:1248)
+	at com.example.demo.SareetaApplication.main(SareetaApplication.java:22)
+Caused by: java.net.BindException: Address already in use
+	at java.base/sun.nio.ch.Net.bind0(Native Method)
+	at java.base/sun.nio.ch.Net.bind(Net.java:556)
+	at java.base/sun.nio.ch.ServerSocketChannelImpl.netBind(ServerSocketChannelImpl.java:344)
+	at java.base/sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:301)
+	at java.base/sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:89)
+	at org.apache.tomcat.util.net.NioEndpoint.initServerSocket(NioEndpoint.java:239)
+	at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:213)
+	at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1116)
+	at org.apache.tomcat.util.net.AbstractEndpoint.start(AbstractEndpoint.java:1202)
+	at org.apache.coyote.AbstractProtocol.start(AbstractProtocol.java:568)
+	at org.apache.catalina.connector.Connector.startInternal(Connector.java:1005)
+	... 14 common frames omitted
+00:37:52.738 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Pausing ProtocolHandler ["http-nio-8080"]
+00:37:52.738 [main] INFO  o.a.catalina.core.StandardService - Stopping service [Tomcat]
+00:37:52.742 [main] WARN  o.a.c.loader.WebappClassLoaderBase - The web application [ROOT] appears to have started a thread named [HikariPool-1 housekeeper] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
+ java.base/jdk.internal.misc.Unsafe.park(Native Method)
+ java.base/java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:269)
+ java.base/java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:1758)
+ java.base/java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:1182)
+ java.base/java.util.concurrent.ScheduledThreadPoolExecutor$DelayedWorkQueue.take(ScheduledThreadPoolExecutor.java:899)
+ java.base/java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1070)
+ java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
+ java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
+ java.base/java.lang.Thread.run(Thread.java:1623)
+00:37:52.742 [main] WARN  o.a.c.loader.WebappClassLoaderBase - The web application [ROOT] appears to have started a thread named [HikariPool-1 connection adder] but has failed to stop it. This is very likely to create a memory leak. Stack trace of thread:
+ java.base/jdk.internal.misc.Unsafe.park(Native Method)
+ java.base/java.util.concurrent.locks.LockSupport.parkNanos(LockSupport.java:269)
+ java.base/java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject.awaitNanos(AbstractQueuedSynchronizer.java:1758)
+ java.base/java.util.concurrent.LinkedBlockingQueue.poll(LinkedBlockingQueue.java:460)
+ java.base/java.util.concurrent.ThreadPoolExecutor.getTask(ThreadPoolExecutor.java:1069)
+ java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130)
+ java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:642)
+ java.base/java.lang.Thread.run(Thread.java:1623)
+00:37:52.743 [main] INFO  o.apache.catalina.util.LifecycleBase - The stop() method was called on component [StandardServer[-1]] after stop() had already been called. The second call will be ignored.
+00:37:52.744 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Stopping ProtocolHandler ["http-nio-8080"]
+00:37:52.744 [main] INFO  o.a.coyote.http11.Http11NioProtocol - Destroying ProtocolHandler ["http-nio-8080"]
+00:37:52.746 [main] INFO  o.s.b.a.l.ConditionEvaluationReportLoggingListener - 
+
+Error starting ApplicationContext. To display the conditions report re-run your application with 'debug' enabled.
+00:37:52.747 [main] ERROR o.s.b.d.LoggingFailureAnalysisReporter - 
+
+***************************
+APPLICATION FAILED TO START
+***************************
+
+Description:
+
+The Tomcat connector configured to listen on port 8080 failed to start. The port may already be in use or the connector may be misconfigured.
+
+Action:
+
+Verify the connector's configuration, identify and stop any process that's listening on port 8080, or configure this application to listen on another port.
+
+00:37:52.749 [main] INFO  o.s.s.c.ThreadPoolTaskExecutor - Shutting down ExecutorService 'applicationTaskExecutor'
+00:37:52.751 [main] INFO  o.s.o.j.LocalContainerEntityManagerFactoryBean - Closing JPA EntityManagerFactory for persistence unit 'default'
+00:37:52.752 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown initiated...
+00:37:52.754 [main] INFO  com.zaxxer.hikari.HikariDataSource - HikariPool-1 - Shutdown completed.
diff --git a/starter_code/src/main/java/com/example/demo/controllers/TestController.java b/starter_code/src/main/java/com/example/demo/controllers/TestController.java
new file mode 100644
index 000000000..bf54d3b63
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/controllers/TestController.java
@@ -0,0 +1,16 @@
+package com.example.demo.controllers;
+
+import com.example.demo.model.persistence.repositories.OrderRepository;
+import com.example.demo.model.persistence.repositories.UserRepository;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+
+public class TestController {
+    private static final Logger log = LoggerFactory.getLogger(OrderController.class);
+    @Autowired
+    private UserRepository userRepository;
+
+    @Autowired
+    private OrderRepository orderRepository;
+}

From 39b8994f76b68b694df56933223df58cb913316b Mon Sep 17 00:00:00 2001
From: mac <trongduc0903@gmail.com>
Date: Wed, 13 Dec 2023 21:13:15 +0700
Subject: [PATCH 3/4] first commit test 2

---
 .../main/java/com/example/demo/controllers/TestController.java  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/starter_code/src/main/java/com/example/demo/controllers/TestController.java b/starter_code/src/main/java/com/example/demo/controllers/TestController.java
index bf54d3b63..8cd69a495 100644
--- a/starter_code/src/main/java/com/example/demo/controllers/TestController.java
+++ b/starter_code/src/main/java/com/example/demo/controllers/TestController.java
@@ -9,7 +9,7 @@
 public class TestController {
     private static final Logger log = LoggerFactory.getLogger(OrderController.class);
     @Autowired
-    private UserRepository userRepository;
+    private UserRepository userRepositoryDucTT16;
 
     @Autowired
     private OrderRepository orderRepository;

From 1905307bcb5ce47a19d1ee2b413d68d605563f7d Mon Sep 17 00:00:00 2001
From: mac <trongduc0903@gmail.com>
Date: Wed, 13 Dec 2023 21:23:58 +0700
Subject: [PATCH 4/4] first commit test 2

---
 .../java/com/example/demo/controllers/TestController.java    | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/starter_code/src/main/java/com/example/demo/controllers/TestController.java b/starter_code/src/main/java/com/example/demo/controllers/TestController.java
index 8cd69a495..6ad268178 100644
--- a/starter_code/src/main/java/com/example/demo/controllers/TestController.java
+++ b/starter_code/src/main/java/com/example/demo/controllers/TestController.java
@@ -8,7 +8,12 @@
 
 public class TestController {
     private static final Logger log = LoggerFactory.getLogger(OrderController.class);
+    private UserRepository userRepositoryDucTT17;
     @Autowired
+    // ssssss
+    //ssss
+    ///ppp
+    ///ddd
     private UserRepository userRepositoryDucTT16;
 
     @Autowired