<%@ taglib prefix="form" uri="http://www.springframework.org/tags/form"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />

<link rel="stylesheet" type="text/css" href="resources/css/style.css" />
<link rel="stylesheet" type="text/css" href="myproject/resources/js/style.css" />
<link rel="shortcut icon" type="image" href="http://localhost:8080/myproject/resources/icons/smile.ico"/>
<script type="text/javascript" src="myproject/resources/js/validation.js"></script>

</head>

<body>
	<div class="container">
		<header>
			<h1>Login</h1>
		</header>


		<% if (((String)session.getAttribute("NoAuthorization"))!=null) { %>



		<div class="alert alert-error">
			<div>
				<strong>Okay, Houston, we've had a problem here.</strong>
			</div>
			<ul>
				<li>Unknown user or invalid password.</li>
			</ul>
		</div>
		<% } %>

		
		<form class="form-horizontal" action="<c:url value="/j_spring_security_check"></c:url>"  method = "POST">
			<fieldset>
				<div class="control-group">
					<label class="control-label">Login</label>
					<div class="controls">
						<div class="input-prepend">
							<span class="add-on">@</span>
							
							<input id="j_username" name="j_username" class="span3" type="text" />
							

						</div>
					</div>
				</div>
				<div class="control-group">
					<label class="control-label">Password</label>
					<div class="controls">
						
						<input id="j_password" name="j_password" class="span3" type="password" />
						

					</div>
				</div>
				<div class="form-actions">
					<button id="loginButton" name="loginButton" class="btn btn-primary"
						type="submit" >Login</button>
				</div>
			</fieldset>
	</div>
   </body>
</html>

<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
	http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
	http://www.springframework.org/schema/security
	http://www.springframework.org/schema/security/spring-security-4.0.xsd">

	<http auto-config="true" use-expressions="true">

        
		<intercept-url pattern="/products/*" access="hasAnyRole('admin','user')" />
		<intercept-url pattern="/products**" access="hasAnyRole('admin','user')" />
		<intercept-url pattern="/products/create*" access="hasAnyRole('admin')" />
		<intercept-url pattern="/products/*/*" access="hasAnyRole('admin')" />

		<access-denied-handler error-page="/403" />
		<form-login 
		    login-page="/login2" 
		   default-target-url="/products" 
			authentication-failure-url="/login2?error" 
			username-parameter="j_username"
			password-parameter="j_password" />
		<logout logout-success-url="/logout"  />
		
	</http>
	
	<!-- Select users and user_roles from database -->
	<authentication-manager>
		<authentication-provider>
			<jdbc-user-service data-source-ref="dataSource"
				users-by-username-query=
					"select login,password,enabled from users where login=?"
				authorities-by-username-query=
					"select login, role from users where login =? " />

		</authentication-provider>
	</authentication-manager>

</beans:beans>

@RequestMapping(value = "/login2", method = RequestMethod.GET)
	public String loginGet(Model model, HttpSession session,
			HttpServletRequest request,@RequestParam(value = "error", required = false) String error) {
		
		if (session.getAttribute("NoAuthorization") != null)
			model.addAttribute("NoAuthorization", "true");
			else
			model.addAttribute("NoAuthorization", "false");
		
		if (error != null) {
			model.addAttribute("error", "Invalid username and password!");
		}
		
		model.addAttribute("url", request.getContextPath());
		
		return "login2";
	}