User authentication in a Java Spring Boot application with MongoDB can be implemented using Spring Security and Spring Data MongoDB. In this example, I’ll provide a basic guide to help you get started.

  1. Create a Spring Boot Project: You can create a new Spring Boot project using the Spring Initializer or your preferred IDE.
  2. Add Dependencies: In your pom.xml file, add the necessary dependencies for Spring Boot, Spring Security, and Spring Data MongoDB.
<dependencies>
    <!-- Spring Boot Starter -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    
    <!-- Spring Data MongoDB -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-mongodb</artifactId>
    </dependency>
    
    <!-- Spring Security -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
</dependencies>

Configure MongoDB: In your application.properties or application.yml file, configure your MongoDB connection properties:

spring:
  data:
    mongodb:
      host: localhost
      port: 27017
      database: your-database-name

Create a User Entity: Create a User entity class that represents the user data. You can include fields like username, password, roles, etc.

import org.springframework.data.annotation.Id;
import org.springframework.data.mongodb.core.mapping.Document;

@Document(collection = "users")
public class User {
    @Id
    private String id;
    private String username;
    private String password;
    private String[] roles;

    // Getters and setters
}

Implement UserDetailsService: Create a custom UserDetailsService to load user details from the MongoDB repository.

import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

public class CustomUserDetailsService implements UserDetailsService {
    // Implement the loadUserByUsername method to load user details from MongoDB
}

Configure Spring Security: Configure Spring Security in your application by creating a configuration class that extends WebSecurityConfigurerAdapter. Here, you can set up security rules and user authentication.

import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    // Configure user authentication and security rules
}

Implement User Repository: Create a repository interface for accessing user data in MongoDB using Spring Data MongoDB.

import org.springframework.data.mongodb.repository.MongoRepository;

public interface UserRepository extends MongoRepository<User, String> {
    User findByUsername(String username);
}
  1. Implement User Registration and Authentication Endpoints: Create REST endpoints for user registration, login, and any other authentication-related operations in your application.
  2. Hash User Passwords: When a user registers or updates their password, remember to hash the password before storing it in the database. You can use libraries like BCrypt or Spring Security’s built-in password encoding.
  3. Test Your Authentication: Test your authentication process by registering users, logging in, and accessing secured endpoints. Make sure that Spring Security is properly configured.

This is a high-level overview of implementing user authentication in a Spring Boot application with MongoDB. You can find detailed tutorials and documentation for each of the components mentioned above to create a more comprehensive and secure authentication system.