Implementation to Make Registration API RESTful in Spring Security
Below are the step-by-step implementation to make Registration API RESTful in spring security.
Step 1: Create a Spring project using Spring Initializr, add the following dependencies when generating the project:
Dependencies:
- Spring Web
- Spring Security
- Spring data JPA
- MySQL Driver
- Spring Dev Tools
- Lombok
Once the Spring project is created, the file structure typically resembles the following:
Step 2: Open the application.properties file and add the following code to configure the server port and MySQL database:
spring.application.name=spring-security-registration
# DataSource configuration
spring.datasource.url=jdbc:mysql://localhost:3306/example
spring.datasource.username=root
spring.datasource.password=
spring.datasource.driver-class-name=com.mysql.cj.jdbc.Driver
# Hibernate configuration
spring.jpa.hibernate.ddl-auto=update
spring.jpa.show-sql=true
Step 3: Create a new package named “model”. Inside this package, create a new Java class named “User”.
Go to src > org.example.springsecurityregistration > model > User and put the below code.
package org.example.springsecurityregistration.model;
import jakarta.persistence.Entity;
import jakarta.persistence.GeneratedValue;
import jakarta.persistence.GenerationType;
import jakarta.persistence.Id;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Entity
@Data
@AllArgsConstructor
@NoArgsConstructor
public class User {
@Id
@GeneratedValue(strategy = GenerationType.IDENTITY)
private Long id;
private String username;
private String email;
private String password;
}
Step 4: Create a new package named “repository”. Inside this package, create a new Java interface named “UserRepository”.
Go to src > org.example.springsecurityregistration > repository > UserRepository and put the below code.
package org.example.springsecurityregistration.repository;
import org.example.springsecurityregistration.model.User;
import org.springframework.data.jpa.repository.JpaRepository;
import org.springframework.stereotype.Repository;
@Repository
public interface UserRepository extends JpaRepository<User,Long> {
User findByUsername(String username);
}
Step 5: Create a new package named “dto”. Inside this package, create a new Java class named “RegistrationRequest”.
Go to src > org.example.springsecurityregistration > dto > RegistrationRequest and put the below code.
package org.example.springsecurityregistration.DTO;
import lombok.AllArgsConstructor;
import lombok.Data;
import lombok.NoArgsConstructor;
@Data
@AllArgsConstructor
@NoArgsConstructor
public class RegistrationRequest {
private String username;
private String email;
private String password;
// Constructors, getters, and setters
}
Step 6: Create a new package named “config”. Inside this package, create a new Java class named “SecurityConfig”.
Go to src > org.example.springsecurityregistration > config > SecurityConfig and put the below code.
package org.example.springsecurityregistration.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Autowired
private UserDetailsService userDetailsService;
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
protected SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.requestMatchers("/api/register").permitAll() // Allow registration endpoint without authentication
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic()
.and()
.csrf().disable();
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
Step 7: Create a new package named “service”. Inside this package, create a new Java class named “UserService”.
Go to src > org.example.springsecurityregistration > service > UserService and put the below code.
package org.example.springsecurityregistration.service;
import org.example.springsecurityregistration.DTO.RegistrationRequest;
import org.example.springsecurityregistration.model.User;
import org.example.springsecurityregistration.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@Service
public class UserService {
@Autowired
private UserRepository userRepository;
public void registerUser(RegistrationRequest request) {
User user = new User();
user.setUsername(request.getUsername());
user.setEmail(request.getEmail());
user.setPassword(request.getPassword());
userRepository.save(user);
}
}
Step 8: Create a new package named “service”. Inside this package, create a new Java class named “UserDetailsServiceImpl”.
Go to src > org.example.springsecurityregistration > service > UserDetailsServiceImpl and put the below code.
package org.example.springsecurityregistration.service;
import org.example.springsecurityregistration.model.User;
import org.example.springsecurityregistration.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.Collections;
@Service
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
User user = userRepository.findByUsername(username);
if (user == null) {
throw new UsernameNotFoundException("User not found with username: " + username);
}
return new org.springframework.security.core.userdetails.User(
user.getUsername(),
user.getPassword(),
Collections.emptyList()
);
}
}
Step 9: Open the main class and insert the following code.
package org.example.springsecurityregistration;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class SpringSecurityRegistrationApplication {
public static void main(String[] args) {
SpringApplication.run(SpringSecurityRegistrationApplication.class, args);
}
}
Step 10: Once the Spring project is completed and runs as a Spring application successfully, it will start at port 8080.
Registration Restful API:
POST http://localhost:8080/api/register
Output:
This example demonstrates how to integrate Spring Security into a Spring Boot application to secure the registration endpoint. Users need to access other endpoints while the registration endpoint remains accessible without authentication.
Spring Security – Making Registration API RESTful
Spring Security is a robust framework that provides authentication, authorization, and other security features for Java applications. Making the registration API RESTful involves designing an API endpoint that allows users to register or sign up for the application using REST principles. This typically involves sending data in JSON format over HTTP.
We will use Spring Boot along with Spring Security to create the RESTful endpoint for user registration. This endpoint will accept user registration data such as username, email, and password as JSON in the request body, validate it, and then save the user details to the database.
Key Terminologies:
- Spring Security: A robust authentication and access control framework for Java applications.
- Authentication: Verifying a user’s identity by validating their credentials, such as username and password.
- Authorization: Determining whether an authenticated user has the necessary permissions to access certain resources or perform specific actions within the application.
- RESTful API: An architectural style for designing networked applications where resources are represented as URLs and accessed using standard HTTP methods like GET, POST, PUT, and DELETE.
- Endpoint: A specific URL within a web service that serves a particular function and responds to HTTP requests.
- DTO (Data Transfer Object): A design pattern used to transfer data between software application subsystems, often used to encapsulate data exchanged between the client and server in RESTful APIs.
- PasswordEncoder: An interface provided by Spring Security for encoding passwords, typically used for hashing and salting passwords to secure storage and authentication.
- UserDetailsService: An interface provided by Spring Security for loading user-specific data such as user details and authorities, used during authentication.
- HttpSecurity: A class provided by Spring Security for configuring HTTP security settings, including authorization rules, authentication mechanisms, and CSRF protection.
Contact Us