@RequestMapping(value = "/orderAdd.php", method = RequestMethod.GET)
public String orderAdd(HttpServletRequest request, Model model) {
    Login sessionObject = (Login) request.getSession().getAttribute(
            "logined");
    if (sessionObject != null) {
        if (sessionObject.getAccessLevel() == AccessLevel.MANAGER) {
            model.addAttribute("title", "Добавление заказа");
            model.addAttribute("username", sessionObject.getThisUser()
                    .getFirstName());
            model.addAttribute("order", new Orders());
            model.addAttribute("stores", dao.readStore());
            model.addAttribute("customers", dao.readCustomers());
            return "orderForm";
        } else {
            model.addAttribute("errors",
                    "Ваш уровень доступа не позволяет войти");
            return "errors";
        }
    } else {
        return "redirect:/";
    }
}

@RequestMapping(value = "/orderAdd.php", method = RequestMethod.POST)
public String orderAddPost(HttpServletRequest request, Model model,
        Orders order, BindingResult result) {
    Login sessionObject = (Login) request.getSession().getAttribute(
            "logined");
    if (sessionObject != null) {
        if (sessionObject.getAccessLevel() == AccessLevel.MANAGER) {
            model.addAttribute("title", "Добавление заказа");
            model.addAttribute("username", sessionObject.getThisUser()
                    .getFirstName());
            service = new ExpressDeliveryService(
                    sessionObject.getThisUser());
            // service.insertOrder(order, dao);
            //System.out.println("frdgiu " + result.hashCode());
            return "orderShow";
        } else {
            model.addAttribute("errors",
                    "Ваш уровень доступа не позволяет войти");
            return "errors";
        }
    } else {
        return "redirect:/";
    }
}

Add a code snippet to your website: www.paste.org