Spring Boot Backend Development Course, Implementing Login and Logout with Spring Security, User Registration, Writing Service Method Code

Hello! In this course, we will learn how to develop a backend using Spring Boot. In particular, we will explain in detail how to implement login and logout functions and user registration using Spring Security. This course is structured for beginners to intermediate developers, and code and explanations will be provided to make it easy to follow.

1. Understanding Spring Boot and Spring Security

Spring Boot is an application framework based on the Spring framework that supports easy configuration and rapid deployment. It is particularly useful for building microservice architectures. Spring Security is a powerful security framework for handling secure and authenticated requests.

Basically: Spring Boot and Spring Security integrate well, making it easy to develop web applications that require security.

2. Setting Up the Development Environment

First, we need to set up the development environment. Below are the required tools.

  • Java JDK 11 or higher
  • IntelliJ IDEA or Spring Tool Suite (STS)
  • Maven or Gradle
  • PostgreSQL or MySQL database

2.1. Creating a Project

Use Spring Initializr to create a new Spring Boot project. Add the following dependencies:

  • Spring Web
  • Spring Security
  • Spring Data JPA
  • H2 Database (for development)

2.2. Setting Dependencies

pom.xml
<dependencies>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-jpa</artifactId>
    </dependency>
    <dependency>
        <groupId>com.h2database</groupId>
        <artifactId>h2</artifactId>
        <scope>runtime</scope>
    </dependency>
</dependencies>

3. Implementing User Registration Functionality

To implement user registration functionality, we first need to define the required classes.

3.1. Creating the User Entity

src/main/java/com/example/demo/model/User.java
package com.example.demo.model;

import javax.persistence.*;

@Entity
@Table(name = "users")
public class User {
    @Id
    @GeneratedValue(strategy = GenerationType.IDENTITY)
    private Long id;

    @Column(nullable = false, unique = true)
    private String username;

    @Column(nullable = false)
    private String password;

    public User() {}

    // getters and setters
}

3.2. Creating the UserRepository Interface

src/main/java/com/example/demo/repository/UserRepository.java
package com.example.demo.repository;

import com.example.demo.model.User;
import org.springframework.data.jpa.repository.JpaRepository;
import java.util.Optional;

public interface UserRepository extends JpaRepository<User, Long> {
    Optional<User> findByUsername(String username);
}

3.3. Implementing the UserService Class

src/main/java/com/example/demo/service/UserService.java
package com.example.demo.service;

import com.example.demo.model.User;
import com.example.demo.repository.UserRepository;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.crypto.bcrypt.BcryptPasswordEncoder;
import org.springframework.stereotype.Service;

@Service
public class UserService {
    @Autowired
    private UserRepository userRepository;

    @Autowired
    private PasswordEncoder passwordEncoder;

    public void registerUser(User user) {
        user.setPassword(passwordEncoder.encode(user.getPassword()));
        userRepository.save(user);
    }
}

3.4. Implementing the Registration Controller

src/main/java/com/example/demo/controller/AuthController.java
package com.example.demo.controller;

import com.example.demo.model.User;
import com.example.demo.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.*;

@RestController
@RequestMapping("/auth")
public class AuthController {
    @Autowired
    private UserService userService;

    @PostMapping("/register")
    public String register(@RequestBody User user) {
        userService.registerUser(user);
        return "Registration successful!";
    }
}

4. Configuring Spring Security

Using Spring Security, we will set up basic authentication and authorization.

4.1. Creating the SecurityConfig Class

src/main/java/com/example/demo/config/SecurityConfig.java
package com.example.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BcryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/auth/register").permitAll() // Registration
                .anyRequest().authenticated() // Authentication required for all other requests
                .and()
            .formLogin() // Use default login form
                .permitAll()
                .and()
            .logout()
                .permitAll();
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BcryptPasswordEncoder();
    }
}

5. Handling Login and Logout

Spring Security supports login and logout handling by default. We can use the login information as follows.

5.1. Authentication on Login

When logging in, if the username and password entered by the user match, a session is created. To verify the user’s password from the user database, we can implement `UserDetailsService`. We will use `UserService` to obtain the data.

5.2. Invalidating Session on Logout

When a user logs out, Spring Security invalidates the session and redirects to the URL specified in `logoutSuccessUrl`.

6. Implementing the Service Layer and Business Logic

To implement user registration and login functionality, we structure the business logic in the service layer. In this process, we interact with the database using JPA.

6.1. Validation on User Registration

src/main/java/com/example/demo/service/UserService.java
public void registerUser(User user) {
    if (userRepository.findByUsername(user.getUsername()).isPresent()) {
        throw new RuntimeException("User already exists.");
    }
    user.setPassword(passwordEncoder.encode(user.getPassword()));
    userRepository.save(user);
}

7. Configuring the Database

Set up the application to connect to the H2 database or another relational database (MySQL, PostgreSQL, etc.).

7.1. Setting application.properties

src/main/resources/application.properties
spring.datasource.url=jdbc:h2:mem:testdb
spring.datasource.driver-class-name=org.h2.Driver
spring.datasource.username=sa
spring.datasource.password=
spring.h2.console.enabled=true
spring.jpa.hibernate.ddl-auto=update

8. Testing and Validation

Complete the tutorial to verify that all functionalities work correctly. Use Postman or other API testing tools to test API calls.

8.1. API Test Scenarios

  1. POST /auth/register: User registration
  2. POST /login: User login (after registration)
  3. GET /protected-endpoint: Accessible only to authenticated users

9. Conclusion and Deployment

Once all features have been tested and no modifications are needed, you will be ready to deploy the application. At this stage, you can deploy the application to cloud services such as AWS, Heroku, etc.

Here are the key points of the tutorial:

  • Start backend development using Spring Boot.
  • Manage user authentication and authorization with Spring Security.
  • Implement user registration and login functionalities.

10. FAQ

10.1. What is the difference between Spring Boot and Spring Security?

Spring Boot is a framework used for rapidly prototyping and deploying applications, whereas Spring Security is a framework for managing the security of applications.

10.2. How do you handle duplicate usernames during registration?

The registration service checks for existing usernames, and an exception is thrown if the username already exists.

10.3. What is the recommended way to deploy a Spring Boot application to the cloud?

Spring Boot applications can be easily deployed using platforms like AWS Elastic Beanstalk, Heroku, and Google Cloud Platform.

11. Conclusion

I hope this course has enhanced your understanding of backend development based on Spring Boot. You learned how to build secure applications using Spring Security and maximize performance as well. Furthermore, please consider the deployment methods in actual operational environments.

If you found this article helpful, please check out other courses as well. Thank you!