@RequestMapping("/user")
  public String usersList(
      final RedirectAttributes redirectAttributes, ModelMap map, HttpSession hs) {
    if (hs.getAttribute("user_list") == null) {
      redirectAttributes.addFlashAttribute("message_error", "Permission denied!");
      return "redirect:" + URL_MAPPING;
    }
    map.addAttribute("usersactive", "active");
    map.addAttribute("users", service.viewAll());

    return URL_MAPPING + "/user/index";
  }
  @RequestMapping("/user/edit/{id}")
  public ModelAndView userEdit(
      @PathVariable("id") Long id,
      final RedirectAttributes redirectAttributes,
      ModelMap map,
      HttpSession hs) {
    if (hs.getAttribute("user_edit") == null) {
      redirectAttributes.addFlashAttribute("message_error", "Permission denied!");
    }

    User user = service.getDetails(id);
    hs.setAttribute("user", user);

    Collection<Role> roles = service.getRoleList();
    hs.setAttribute("roleList", roles);

    Collection<UserStatus> statusList = service.getUserStatusList();
    hs.setAttribute("statusList", statusList);

    return new ModelAndView(URL_MAPPING + "/user/edit");
  }
 @RequestMapping("/user/delete/{id}")
 public String userDelete(
     @PathVariable("id") Long id,
     final RedirectAttributes redirectAttributes,
     ModelMap map,
     HttpSession hs) {
   if (hs.getAttribute("user_delete") == null) {
     redirectAttributes.addFlashAttribute("message_error", "Permission denied!");
   } else {
     User u = service.unsubscribe(id);
     redirectAttributes.addFlashAttribute(
         "message_success", "User " + u.getEmail() + " is deleted.");
   }
   return "redirect:" + URL_MAPPING + "/user";
 }
  @RequestMapping(value = "/login", method = RequestMethod.POST)
  public ModelAndView login(
      @RequestParam(value = "email", required = true) String userName,
      @RequestParam(value = "password", required = true) String password,
      final RedirectAttributes redirectAttributes,
      ModelMap map,
      HttpSession hs) {

    User user = service.validate(new User(userName, password));
    if (user != null) {
      if (user.getStatus().isActive()) {
        user.setLoggedIn(hs);
        redirectAttributes.addFlashAttribute("message_success", "You have successfully logged in.");
      } else {
        redirectAttributes.addFlashAttribute("message_error", "User is not active!");
      }
    } else {
      redirectAttributes.addFlashAttribute("message_error", "Email or password incorrect!");
    }
    return new ModelAndView("redirect:" + URL_MAPPING);
  }