Does spring boot offer a standard login and registration support

Question

I found some tutorials on Spring Security Login and registration:

http://www.baeldung.com/spring-security-login-error-handling-localization

http://www.baeldung.com/registration-with-spring-mvc-and-spring-security

However, I am using Spring Boot now and would like to find a tutorial for that one as well. Problem is, all I could find was OAuth2 and SSO

http://docs.spring.io/spring-boot/docs/current-SNAPSHOT/reference/htmlsingle/ (point 28.)

Any idea how to proceed if I want to implement a simple login and registration form with Spring Boot?

EDIT: I found this in official documentation. That would do the Login feature, but what about registration?

Answer 1

You would need a UserDetailsService for storing and receiving userdetails, and of course at least 1 service to actually store the user.

For example this service:

@Service
public class RegistrationService {

    @Resource
    private MailService mailer;
    @Resource
    private UserDataService userDataService;

    public boolean createRegistration(RegistryCredentials credentials,
            MessageContext context) {
        String username = credentials.getUsername();
        UserData current = new UserData();
        if (userDataService.isAvailable(username)) {
            userDataService.addUserData(username, current);
            return true;
        } else {
            context.addMessage(new MessageBuilder().error().source("username")
                    .code("username.exists").build());
            return false;
        }

    }

    public void saveUserData(RegistryCredentials credentials) {
        UserData current = userDataService.getUserData(credentials
                .getUsername());
        current.setCity(credentials.getCity());
        current.setEmail(credentials.getEmail());
        current.setPassword(credentials.getPassword());
        current.setStreet(credentials.getStreet());
        current.setFirstname(credentials.getFirstname());
        current.setLastname(credentials.getLastname());
        current.setUsername(credentials.getUsername());
        current.setRegistered(new Date());
        Long activationKey = userDataService.updateUserData(current);
        mailer.sendSubscriptionEmail(current, activationKey);
    }

}

RegistryCredentials are a standard bean containing the user data fields and validation annotations. You create the registryCredentials on the registrationpage, check them in to the service, which in turn will create (and persist) the user details.
Of course you will have to register your own service implementation with SpringSecurity, so you'll need this in your Security Configuration:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth,
        UserDataService userDataService) throws Exception {

    auth.userDetailsService(userDataService);
}

For a simple, in-memory solution, you could use a UserDataService like this:

@Service
public class UserDataService implements UserDetailsService {

    private HashMap<String, UserData> userData = new HashMap<>();
    private HashMap<Long, UserData> activation = new HashMap<>();

    public UserDataService() {
        UserData admin = new UserData();
        admin.setUsername("admin");
        admin.setPassword("password");
        admin.setActive(true);
        userData.put("admin", admin);
    }

    public boolean isAvailable(String username) {
        return !userData.containsKey(username);
    }

    public void addUserData(String username, UserData data) {
        userData.put(username, data);
    }

    public UserData getUserData(String username) {
        return userData.get(username);
    }

    public Long updateUserData(UserData changed) {
        userData.put(changed.getUsername(), changed);
        Long random = new SecureRandom().nextLong();
        activation.put(random, changed);
        return random;
    }

    public UserData activateAccount(Long key) {
        return activation.remove(key);

    }

    public boolean mayActivate(Date d, UserData data) {
        long day = 86400000L;
        Date reg = data.getRegistered();
        reg.setTime(reg.getTime() + day);
        if (d.before(reg)) {
            return true;
        } else {
            return false;
        }

    }

    @Override
    public UserDetails loadUserByUsername(String username)
            throws UsernameNotFoundException {
        UserData user = getUserData(username);
        if (user != null) {
            return user;
        }
        throw new UsernameNotFoundException("Username not found");
    }

}

Important is in this case, that UserData has to implement UserDetails and Principal for the Security Authentication to actually be able to work with this.

This particular Solution creates a registration token to use before first login is possible, this is, however, entirely optional, since you can configure the login procedure as you wish.