Index: pom.xml
===================================================================
--- pom.xml	(revision 1b248e48d65d18df47fde84c8b19fd0c857f3224)
+++ pom.xml	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -48,4 +48,15 @@
             <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-core</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.springframework.security</groupId>
+            <artifactId>spring-security-config</artifactId>
+            <version>5.7.3</version>
+            <scope>compile</scope>
+
+        </dependency>
     </dependencies>
 
Index: src/main/java/com/example/moviezone/config/CustomUsernamePasswordAuthenticationProvider.java
===================================================================
--- src/main/java/com/example/moviezone/config/CustomUsernamePasswordAuthenticationProvider.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
+++ src/main/java/com/example/moviezone/config/CustomUsernamePasswordAuthenticationProvider.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -0,0 +1,49 @@
+package com.example.moviezone.config;
+
+
+import com.example.moviezone.service.UserService;
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.authentication.BadCredentialsException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.stereotype.Component;
+import java.util.Objects;
+
+
+@Component
+public class CustomUsernamePasswordAuthenticationProvider implements AuthenticationProvider {
+
+    private final UserService userService;
+    private final PasswordEncoder passwordEncoder;
+
+    public CustomUsernamePasswordAuthenticationProvider(UserService userService, PasswordEncoder passwordEncoder) {
+        this.userService = userService;
+        this.passwordEncoder = passwordEncoder;
+    }
+
+    @Override
+    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
+        String username = authentication.getName();
+        String password = authentication.getCredentials().toString();
+
+        if ("".equals(username) || "".equals(password)) {
+            throw new BadCredentialsException("Invalid Credentials");
+        }
+
+        UserDetails userDetails = this.userService.findByUsername(username);
+        String realPassword = userDetails.getPassword();
+        if (!Objects.equals(password,realPassword)) {
+            throw new BadCredentialsException("Password is incorrect!");
+        }
+        return new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
+
+    }
+
+    @Override
+    public boolean supports(Class<?> aClass) {
+        return aClass.equals(UsernamePasswordAuthenticationToken.class);
+    }
+}
Index: src/main/java/com/example/moviezone/config/WebSecurityConfig.java
===================================================================
--- src/main/java/com/example/moviezone/config/WebSecurityConfig.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
+++ src/main/java/com/example/moviezone/config/WebSecurityConfig.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -0,0 +1,61 @@
+package com.example.moviezone.config;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.crypto.password.PasswordEncoder;
+
+
+@Configuration
+@EnableWebSecurity
+@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+
+    private final PasswordEncoder passwordEncoder;
+    private final CustomUsernamePasswordAuthenticationProvider authenticationProvider;
+
+    public WebSecurityConfig(PasswordEncoder passwordEncoder,
+                             CustomUsernamePasswordAuthenticationProvider authenticationProvider) {
+        this.passwordEncoder = passwordEncoder;
+        this.authenticationProvider = authenticationProvider;
+    }
+
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+
+        http.csrf().disable()
+                .authorizeRequests()
+                .antMatchers("/", "/home", "/assets/**", "/register", "/products", "/api/**").permitAll()
+                .antMatchers("/admin/**").hasRole("ADMIN")
+                .anyRequest()
+                .authenticated()
+                .and()
+                .formLogin()
+                .loginPage("/login").permitAll()
+                .failureUrl("/login?error=BadCredentials")
+                .defaultSuccessUrl("/products", true)
+                .and()
+                .logout()
+                .logoutUrl("/logout")
+                .clearAuthentication(true)
+                .invalidateHttpSession(true)
+                .deleteCookies("JSESSIONID")
+                .logoutSuccessUrl("/login")
+                .and()
+                .exceptionHandling().accessDeniedPage("/access_denied");
+
+    }
+
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) {
+//
+        auth.authenticationProvider(authenticationProvider);
+    }
+
+
+
+}
Index: src/main/java/com/example/moviezone/model/Customer.java
===================================================================
--- src/main/java/com/example/moviezone/model/Customer.java	(revision 1b248e48d65d18df47fde84c8b19fd0c857f3224)
+++ src/main/java/com/example/moviezone/model/Customer.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -7,4 +7,8 @@
 import lombok.Setter;
 import lombok.ToString;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+import java.util.Collections;
 
 @Entity
@@ -19,4 +23,8 @@
     Integer points;
 
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return Collections.singletonList(Role.ROLE_ADMIN);
+    }
 
 }
Index: src/main/java/com/example/moviezone/model/Role.java
===================================================================
--- src/main/java/com/example/moviezone/model/Role.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
+++ src/main/java/com/example/moviezone/model/Role.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -0,0 +1,14 @@
+package com.example.moviezone.model;
+
+
+import org.springframework.security.core.GrantedAuthority;
+
+public enum Role implements GrantedAuthority {
+
+    ROLE_USER, ROLE_ADMIN;
+
+    @Override
+    public String getAuthority() {
+        return name();
+    }
+}
Index: src/main/java/com/example/moviezone/model/User.java
===================================================================
--- src/main/java/com/example/moviezone/model/User.java	(revision 1b248e48d65d18df47fde84c8b19fd0c857f3224)
+++ src/main/java/com/example/moviezone/model/User.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -5,6 +5,10 @@
 import lombok.Setter;
 import lombok.ToString;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
 
+import javax.management.relation.Role;
 import java.time.LocalDateTime;
+import java.util.Collection;
 
 @Entity
@@ -14,5 +18,5 @@
 @Table(name = "users")
 @Inheritance(strategy = InheritanceType.JOINED)
-public class User {
+public class User implements UserDetails {
 
     @Id
@@ -24,8 +28,16 @@
     String address;
     String contact_number;
+    String username;
     LocalDateTime date_created;
 
+    private boolean isAccountNonExpired = true;
+    private boolean isAccountNonLocked = true;
+    private boolean isCredentialsNonExpired = true;
+    private boolean isEnabled = true;
 
-    public User(Integer id_user, String password, String first_name, String last_name, String address, String contact_number, LocalDateTime date_created) {
+    @Enumerated(value = EnumType.STRING)
+    private Role role;
+
+    public User(Integer id_user, String password, String first_name, String last_name, String address, String contact_number, String username, LocalDateTime date_created, Role role) {
         this.id_user = id_user;
         this.password = password;
@@ -34,5 +46,7 @@
         this.address = address;
         this.contact_number = contact_number;
+        this.username = username;
         this.date_created = date_created;
+        this.role = role;
     }
 
@@ -40,3 +54,30 @@
 
     }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return null;
+    }
+
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return isAccountNonExpired;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return isAccountNonLocked;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return isCredentialsNonExpired;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return isEnabled;
+    }
+
 }
Index: src/main/java/com/example/moviezone/model/Worker.java
===================================================================
--- src/main/java/com/example/moviezone/model/Worker.java	(revision 1b248e48d65d18df47fde84c8b19fd0c857f3224)
+++ src/main/java/com/example/moviezone/model/Worker.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -5,4 +5,8 @@
 import lombok.Setter;
 import lombok.ToString;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+import java.util.Collections;
 
 @Entity
@@ -21,4 +25,8 @@
     @ManyToOne()
     Cinema cinema;
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return Collections.singletonList(Role.ROLE_ADMIN);
+    }
 
 }
Index: src/main/java/com/example/moviezone/repository/UserRepository.java
===================================================================
--- src/main/java/com/example/moviezone/repository/UserRepository.java	(revision 1b248e48d65d18df47fde84c8b19fd0c857f3224)
+++ src/main/java/com/example/moviezone/repository/UserRepository.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -5,4 +5,8 @@
 import org.springframework.data.jpa.repository.JpaRepository;
 
+import java.util.List;
+
 public interface UserRepository extends JpaRepository<User,Integer> {
+    User findByUsername(String username);
+    List<User> findAllByUsernameAndPassword(String username, String password);
 }
Index: src/main/java/com/example/moviezone/service/Impl/UserServiceImpl.java
===================================================================
--- src/main/java/com/example/moviezone/service/Impl/UserServiceImpl.java	(revision 1b248e48d65d18df47fde84c8b19fd0c857f3224)
+++ src/main/java/com/example/moviezone/service/Impl/UserServiceImpl.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -27,3 +27,10 @@
         return userRepository.findById(id).orElseThrow(UserNotFoundException::new);
     }
+
+    @Override
+    public User findByUsername(String username) {
+        return userRepository.findByUsername(username);
+    }
+
+
 }
Index: src/main/java/com/example/moviezone/service/UserService.java
===================================================================
--- src/main/java/com/example/moviezone/service/UserService.java	(revision 1b248e48d65d18df47fde84c8b19fd0c857f3224)
+++ src/main/java/com/example/moviezone/service/UserService.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -8,3 +8,4 @@
     List<User> findAllUsers();
     User findById(Integer user_id);
+    User findByUsername(String username);
 }
Index: src/main/java/com/example/moviezone/web/HomeController.java
===================================================================
--- src/main/java/com/example/moviezone/web/HomeController.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
+++ src/main/java/com/example/moviezone/web/HomeController.java	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -0,0 +1,19 @@
+package com.example.moviezone.web;
+
+
+import com.example.moviezone.service.FilmService;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+
+@Controller
+@RequestMapping("/")
+public class HomeController {
+
+private final FilmService filmService;
+
+    public HomeController(FilmService filmService) {
+        this.filmService = filmService;
+    }
+
+
+}
Index: src/main/resources/templates/fragments/footer.html
===================================================================
--- src/main/resources/templates/fragments/footer.html	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
+++ src/main/resources/templates/fragments/footer.html	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+</head>
+<body>
+
+</body>
+</html>
Index: src/main/resources/templates/fragments/header.html
===================================================================
--- src/main/resources/templates/fragments/header.html	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
+++ src/main/resources/templates/fragments/header.html	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+</head>
+<body>
+
+</body>
+</html>
Index: src/main/resources/templates/master-template.html
===================================================================
--- src/main/resources/templates/master-template.html	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
+++ src/main/resources/templates/master-template.html	(revision ac25203caa000c6e0e4fa9a176488015ede9a227)
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>Title</title>
+</head>
+<body>
+
+</body>
+</html>