spring-security-registration | Go further into `` Learn Spring Security

I see you are using thymeleaf. Try this expression and instead of "getSomeProperty()" call any get method of your user class

@Bean annotation can appear over method, this is one possibility to register beans. This way BeanFactory is aware of this bean and qualifies it with name derived from method name ("passwordEncoder"). Other way would be to name them explicitly:

Yes you need to download MySql from here https://dev.mysql.com/downloads/windows/installer/8.0.html.

And need to configure few things during installation like username and password. And update these fields inside you database properties file.

The key was simple: I should define filter bean explicitly in security configuration extends WebSecurityConfigurerAdapter:

Another solution i came across is using the recaptcha-spring-boot-starter. It reduces my code heavily, but I got it run with Recaptcha V2 only. But thats also okay for me:

https://github.com/mkopylec/recaptcha-spring-boot-starter-samples

I think what you are confusing is: how does the error message pass to front page, as since in the controller there is no codes for it. Is my understanding correct?

Short answer:

It is done in global exception handler located at: https://github.com/Baeldung/spring-security-registration/blob/master/src/main/java/org/baeldung/web/error/RestResponseEntityExceptionHandler.java

More Details:

Commonly for spring controllers, we will use global exception handler to catch all the exceptions that is throw out from the controller methods, the exception itself can be from services code though. The handler method is annotated with @ExceptionHandler.

So the flow for the error message for "user already exists" case is like:

1. front end javascript do all the local verification like email format, password length, etc. Only when all those validation pass, it calls the api to register new user.
2. controller receives the request to register user.
3. controller calls service method to register new user.
4. service methods throws the already existed exception when detected.
5. controller did not catch the exception, so it gets throw out of the controller method.
6. global controller exception handler caught this exception and generate error response dto, populate error messages which is provided by message.properties for corresponding locale to the error response. The properties are located in src/main/resources and the file name declares the locale. After error response populated, it return it so spring will response this object to front end.
7. front end receives the response. The javascript check if it is an error. And if yes, it check what kind of error it is then handle correspondingly.

This kind of flow may not be very intuitively at first. But once you understand it you shall be happy using it. It can save a lot of codes for handling errors in the controller.

I think the controllerAdvice is implemented using AOP, which is a very powerful tool. If you want to know more you can further research yourself.

Regarding the validation error handling:

The exception handler inherits ResponseEntityExceptionHandler, which handles the validation result from the validation of the request payload. See the first two override method of the handler. This is new to me as well, good to know!

The problem looks like is related to the way you are registering your password encoded. Try to register it like this:

If anyone is wondering what was the problem - database returned password and blank spaces at the end of it... Thats why it could never authenticate, password provided was always "different" from the one stored in db... God damn.