java source code of LoginController

package com.in28minutes.springmvc.web.controller;

import javax.servlet.http.HttpSession;
import javax.validation.Valid;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.MessageSource;
import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.servlet.ModelAndView;

import com.in28minutes.domain.User;
import com.in28minutes.service.api.UserService;
import com.in28minutes.springmvc.web.util.SessionData;
import com.in28minutes.web.common.form.LoginForm;

@Controller
public class LoginController extends AbstractController {

	@Autowired
	private UserService userService;

	@Autowired
	private MessageSource messageProvider;

	@Autowired
	private SessionData sessionData;

	@RequestMapping(value = "/login", method = RequestMethod.GET)
	public ModelAndView redirectToLoginPage() {

		if (sessionData.getUser() != null) {
			return new ModelAndView(REDIRECT_TO_VIEW_TODOS_CONTROLLER);
		}

		ModelAndView modelAndView = new ModelAndView(USER_LOGIN_PAGE);
		modelAndView.addObject("loginTabStyle", "active");
		modelAndView.addObject("loginForm", new LoginForm());
		return modelAndView;
	}

	@RequestMapping(value = "/login", method = RequestMethod.POST)
	public ModelAndView doLogin(@Valid LoginForm loginForm,
			BindingResult bindingResult) {

		if (bindingResult.hasErrors()) {
			ModelAndView modelAndView = new ModelAndView(USER_LOGIN_PAGE);
			modelAndView.addObject(ERROR_MESSAGE, messageProvider.getMessage(
					"login.form.incomplete.details", null,
					sessionData.getLocale()));
			return modelAndView;
		}

		if (!isValidUser(loginForm)) {
			ModelAndView modelAndView = new ModelAndView(USER_LOGIN_PAGE);
			modelAndView.addObject(ERROR_MESSAGE, messageProvider.getMessage(
					"login.form.invalid.credentials", null,
					sessionData.getLocale()));
			return modelAndView;
		}

		User user = userService.getUserByEmail(loginForm.getEmail());

		sessionData.setUser(user);

		return new ModelAndView(REDIRECT_TO_VIEW_TODOS_CONTROLLER);
	}

	private boolean isValidUser(LoginForm loginForm) {
		return userService.isValidUser(loginForm.getEmail(),
				loginForm.getPassword());
	}

	@RequestMapping("/user/logout")
	public String logout(HttpSession session) {
		sessionData.setUser(null);
		session.invalidate();
		return REDIRECT_TO_LOGIN_CONTROLLER;
	}
}