Have you ever wanted to write a Spring Boot application but are not sure where to start? Spring Initializr makes it easy to get up and running in minutes by generating a fully functional Spring Boot project that includes dependencies and tests. A web version is hosted at https://start.spring.io. From here, you can search for and choose the Spring Boot Starters that you want to include in your project.

The Stormpath Spring Boot Starter is now included at https://start.spring.io, so it’s easier than ever to get started building secure user authentication with Stormpath.

This tutorial is designed to take you from zero to secured Spring Boot app in five minutes or less. You’ll also learn more about the Initializr project, which is so much more than just a website. It’s also an API that you can use to generate Spring Boot projects. A number of Java IDEs have plugins that make use of the API so that you can set up your Spring Boot project right inside the “New Project” screens of the IDE.

Spring Security, Spring Boot and Stormpath in 5 Minutes – Really!

In just 3 steps and 3 minutes, you’ll have a Spring Security Spring Boot application connected to Stormpath up and running. In another 2 steps and 1 minute, you’ll create a Stormpath account and login with that account. You can use the last minute to just relax.

Note: The examples below use the command line tool HTTPie, which is a modern curl replacement.

Register for Stormpath (2 minutes) Use https://start.spring.io (30 seconds) Launch the Application (30 seconds) Create an Account (30 seconds) Login and See Account Details (30 seconds) Breath Deep for the Extra Minute You Just Got Back (60 seconds)

Register for Stormpath (2 minutes)

Browse to: https://api.stormpath.com/register to register for an account.

You’ll see a confirmation screen and you’ll receive an email at the address you put in to verify your account. Click the friendly green button in your email to verify your account.

Now, you can log in to your newly created Stormpath account.

The last step is to download an API key pair which you’ll need to interact with Stormpath. Click on the link that says: Manage API Keys in the admin console on the right side of the screen. Then, click the button that says: Create API Key and confirm. This will trigger the download of the newly created api key file.

Finally, put the api key file you just downloaded into the default location:

setup apiKey.properties mkdir ~/.stormpath mv ~/Downloads/apiKey-6VF4Z38EUYANLCFS47QVG9Z7N.properties ~/.stormpath/apiKey.properties chmod go-rwx ~/.stormpath/apiKey.properties chmod u-w ~/.stormpath/apiKey.properties 1 2 3 4 mkdir ~ / .stormpath mv ~ / Downloads / apiKey - 6VF4Z38EUYANLCFS47QVG9Z7N.properties ~ / .stormpath / apiKey .properties chmod go - rwx ~ / .stormpath / apiKey .properties chmod u - w ~ / .stormpath / apiKey .properties

When you have an apiKey.properties file in this default location, a Stormpath enabled Spring Boot application will automatically use it to connect to Stormpath.

Use start.spring.io (30 seconds)

In order to create your new project you simply need to do this:

start.spring.io http https://start.spring.io/starter.zip dependencies==stormpath -d unzip demo.zip -d demo cd demo 1 2 3 http https : // start .spring .io / starter .zip dependencies == stormpath - d unzip demo .zip - d demo cd demo

Launch the Application (30 seconds)

./mvnw spring-boot:run 1 . / mvnw spring - boot : run

This launches the Spring Security Spring Boot app that you downloaded from start.spring.io which will talk to Stormpath.

Note: This automatically makes use of the ~/.stormpath/apiKey.properties file you saved earlier.

Create an Account (30 seconds)

register http POST localhost:8080/register \ givenName=Micah surname=Silverman \ email=micah@stormpath.com password=123456a 1 2 3 http POST localhost : 8080 / register \ givenName = Micah surname = Silverman \ email = micah @ stormpath .com password = 123456a

The above command creates an account in Stormpath.

Note: If you browse to http://localhost:8080/register , you’ll see a nicely formatted web view that can easily be skinned for your website.

Login and See Account Details (30 seconds)

login http POST localhost:8080/login \ login=micah@stormpath.com password=123456aA 1 2 http POST localhost : 8080 / login \ login = micah @ stormpath .com password = 123456aA

The above command logs in to the Stormpath using the credentials you created when you registered.

Here’s the response you’ll see:

login response HTTP/1.1 200 Cache-Control: no-store, no-cache Content-Length: 399 Content-Type: application/json ... Set-Cookie: access_token=eyJraWQiOiI0S1hUVkZBMFZKMUFPR1ROSFREUEdTMFU0...;Max-Age=3600;path=/;HttpOnly Set-Cookie: refresh_token=eyJraWQiOiI0S1hUVkZBMFZKMUFPR1ROSFREUEdTMFU0...;Max-Age=5184000;path=/;HttpOnly ... { "account": { "createdAt": "2017-02-01T00:26:50.040Z", "email": "micah@stormpath.com", "emailVerificationStatus": "UNVERIFIED", "fullName": "Micah Silverman", "givenName": "Micah", "href": "https://api.stormpath.com/v1/accounts/xHE91gTLFZ2309O3II3Lw", "middleName": null, "modifiedAt": "2017-02-01T00:26:50.040Z", "passwordModifiedAt": "2017-02-01T00:26:50.000Z", "status": "ENABLED", "surname": "Silverman", "username": "micah@stormpath.com" } } 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 HTTP / 1.1 200 Cache - Control : no - store , no - cache Content - Length : 399 Content - Type : application / json . . . Set - Cookie : access_token = eyJraWQiOiI0S1hUVkZBMFZKMUFPR1ROSFREUEdTMFU0 . . . ; Max - Age = 3600 ; path =/ ; HttpOnly Set - Cookie : refresh_token = eyJraWQiOiI0S1hUVkZBMFZKMUFPR1ROSFREUEdTMFU0 . . . ; Max - Age = 5184000 ; path =/ ; HttpOnly . . . { "account" : { "createdAt" : "2017-02-01T00:26:50.040Z" , "email" : [email protected]" , "emailVerificationStatus" : "UNVERIFIED" , "fullName" : "Micah Silverman" , "givenName" : "Micah" , "href" : "https://api.stormpath.com/v1/accounts/xHE91gTLFZ2309O3II3Lw" , "middleName" : null , "modifiedAt" : "2017-02-01T00:26:50.040Z" , "passwordModifiedAt" : "2017-02-01T00:26:50.000Z" , "status" : "ENABLED" , "surname" : "Silverman" , "username" : [email protected]" } }

Notice that the response includes access_token and refresh_token cookies. That’s to take advantage of the built-in OAuth 2.0 service.

Note: If you browse to http://localhost:8080/login , you’ll see a nicely formatted web view that can easily be skinned for your website.

So Much More with start.spring.io

Whew! So now, in just five minutes, you’ve gone from nothing to a fully armed and operational, er, fully functioning Spring Boot application, secured with Stormpath. And that’s not all Spring Initializr can do! You used the command line API from start.spring.io to create your project. There are two other modes of interaction that we haven’t covered yet:

start.spring.io in Your Browser

If you browse to https://start.spring.io, you can search for modules you’re interested in and then download the demo project containing those modules.

start.spring.io in Your IDE

In most modern IDEs, including eclipse and IntelliJ IDEA, you can create a Spring Boot project that uses start.spring.io to set defaults. Just choose Spring Initializr as the project type.

Stormpath is the BOM Diggity!

There’s so much more to what you get out of the box with the Stormpath Spring Boot integration. Here’s a short list:

OAuth 2.0 workflows

Skinnable web-based view for registration, login, change password, and forgot password

Deep integration with idiomatic Spring Security constructs, such as @PreAuthorize annotations

annotations Multi-factor authentication including SMS and Google Authenticator

SAML integration

External provider login, including Facebook, Google, and any other OAuth 2.0 compliant provider

If you take a look at the pom.xml file generated from start.spring.io , you’ll notice that there’s a single Stormpath dependency and no explicit version:

pom.xml snippet <dependencies> <dependency> <groupId>com.stormpath.spring</groupId> <artifactId>stormpath-default-spring-boot-starter</artifactId> </dependency> ... </dependencies> 1 2 3 4 5 6 7 < dependencies > < dependency > < groupId > com .stormpath .spring < / groupId > < artifactId > stormpath - default - spring - boot - starter < / artifactId > < / dependency > . . . < / dependencies >

That’s because we are making use of a BOM, or Bill of Materials. Further down in the pom file, you’ll see the dependency management section:

pom.xml snippet <dependencyManagement> <dependencies> <dependency> <groupId>com.stormpath.sdk</groupId> <artifactId>stormpath-bom</artifactId> <version>1.5.0</version> <type>pom</type> <scope>import</scope> </dependency> </dependencies> </dependencyManagement> 1 2 3 4 5 6 7 8 9 10 11 < dependencyManagement > < dependencies > < dependency > < groupId > com .stormpath .sdk < / groupId > < artifactId > stormpath - bom < / artifactId > < version > 1.5.0 < / version > < type > pom < / type > < scope > import < / scope > < / dependency > < / dependencies > < / dependencyManagement >

Here, we are referring to a version, namely: 1.5.0 . Using the BOM reference allows you to specify any of the available Stormpath Starters without an explicit version.

If you want to upgrade at a later time, there’s a single version that you’d change in the dependency management section of your pom file. This matters because Stormpath has nearly 20 modules that you can mix and match in whatever way makes sense for your project. Using the BOM, you can always be assured that you are using the correct version across modules while only having to specify the version in one place.

For a more in-depth dive into what you can do with Stormpath, Spring Security, and Spring Boot, check out our tutorial: https://docs.stormpath.com/java/spring-boot-web/tutorial.html