Michael Cochez

Assistant Professor at Vrije Universiteit Amsterdam

Authentication using Spring


The goal of the task is to get familiar with the Spring framework and use it for authentication.


Learn about spring boot (embedded application server for spring applications that automates a lot of spring application related configuration based on the libraries found in the classpath) https://spring.io/guides/gs/spring-boot/

Learn how to use spring CRUD repositories (note, that these are available only in Spring 4) https://spring.io/guides/gs/accessing-data-mongodb/ explains how to set it up in the easiest possible way and http://docs.spring.io/spring-data/mongodb/docs/current/reference/html/ contains more information on how to use it.

Check out some basic information about spring security from http://www.mkyong.com/spring-security/spring-security-hello-world-annotation-example/. Your users will be stored in your mongodb database. MongoDB can be downloaded from here

You can start the database by going to the <installation directory>/bin/ directory and running mongod.exe on Windows or ./mongod --dbpath=path/to/where/you/want/mongodata/ on Linux.

A start for the application can be found from Kamil’s repository.

This stackoverflow answer will help to implement the authentication. A gradle Eclipse plugin is available as part of the buildship plug-in. Use the update site from http://projects.eclipse.org/projects/tools.buildship/downloads.

An tutorial in which a very similar application has been implemented can be found from http://kielczewski.eu/2014/12/spring-boot-security-application/.


In this exercise you will write a spring application that registers users and lets them log in. The user should first be presented with a registration form with the following input fields:

  • Name
  • email address
  • password
  • repeat password

Once the fields are filled, the user presses the “register” button. That triggers an HTTP POST request to the backend. The backend then checks in the database if the user with the following email address already exists, if it does, it should return an error message to the client. The backend should also make sure that the passwords are the same and at least 6 characters long and if they are not, it should return an appropriate error. Whatever the error, it should be dynamically presented to the user without reloading the page. If no error occurs during the registration, the user should be persisted with the provided email and password.

Once the user is registered, it should be possible for him to log in. You should use spring security framework for that purpose. When the user is finally logged in, just display his name.


Dependency injection in Spring

Spring framework provides you with dependency injection. In order to inject a resource into your controller or a service, you can use the @Autowired annotation, like in the following example

public class IndexController {

    private UserRepository userRepository;

    public void someMethodThatUsesUserRepository() {

This way spring will automatically initialize the userRepository before executing any of your methods.

In order to enable the connection to mongodb database, first add annotation to your configuration class/main class: @EnableMongoRepositories and then add to your resources a file called application.properties and paste into it the following content


If you decide to use gradle for your project, your build.gradle file could look as follows

buildscript {
    ext {
        springBootVersion = '1.2.5.RELEASE'
    repositories {
    dependencies {

group 'fi.teaching.spring'
version '1.0-SNAPSHOT'

apply plugin: 'java'
apply plugin: 'idea'
apply plugin: 'spring-boot'

sourceCompatibility = 1.8
targetCompatibility = 1.8

repositories {

dependencies {
    compile 'org.springframework.boot:spring-boot-starter-thymeleaf',
            'org.springframework.security:spring-security-web:4.0.1.RELEASE', //spring security