java code

Have you ever wanted to write a Spring Boot application but are not sure where to start? Spring Initializr makes it easy to get up and running in minutes by generating a fully functional Spring Boot project that includes dependencies and tests. A web version is hosted at From here, you can search for and choose the Spring Boot Starters that you want to include in your project.

The Stormpath Spring Boot Starter is now included at, so it’s easier than ever to get started building secure user authentication with Stormpath.

This tutorial is designed to take you from zero to secured Spring Boot app in five minutes or less. You’ll also learn more about the Initializr project, which is so much more than just a website. It’s also an API that you can use to generate Spring Boot projects. A number of Java IDEs have plugins that make use of the API so that you can set up your Spring Boot project right inside the “New Project” screens of the IDE.

Spring Security, Spring Boot and Stormpath in 5 Minutes – Really!

In just 3 steps and 3 minutes, you’ll have a Spring Security Spring Boot application connected to Stormpath up and running. In another 2 steps and 1 minute, you’ll create a Stormpath account and login with that account. You can use the last minute to just relax.

Note: The examples below use the command line tool HTTPie, which is a modern curl replacement.

  1. Register for Stormpath (2 minutes)
  2. Use (30 seconds)
  3. Launch the Application (30 seconds)
  4. Create an Account (30 seconds)
  5. Login and See Account Details (30 seconds)
  6. Breath Deep for the Extra Minute You Just Got Back (60 seconds)

Register for Stormpath (2 minutes)

Browse to: to register for an account.


You’ll see a confirmation screen and you’ll receive an email at the address you put in to verify your account. Click the friendly green button in your email to verify your account.

Now, you can log in to your newly created Stormpath account.

tenant login

The last step is to download an API key pair which you’ll need to interact with Stormpath. Click on the link that says: Manage API Keys in the admin console on the right side of the screen. Then, click the button that says: Create API Key and confirm. This will trigger the download of the newly created api key file.

save key

Finally, put the api key file you just downloaded into the default location:

When you have an file in this default location, a Stormpath enabled Spring Boot application will automatically use it to connect to Stormpath.

Use (30 seconds)

In order to create your new project you simply need to do this:

Launch the Application (30 seconds)

This launches the Spring Security Spring Boot app that you downloaded from which will talk to Stormpath.

Note: This automatically makes use of the ~/.stormpath/ file you saved earlier.

Create an Account (30 seconds)

The above command creates an account in Stormpath.

Note: If you browse to http://localhost:8080/register, you’ll see a nicely formatted web view that can easily be skinned for your website.

Login and See Account Details (30 seconds)

The above command logs in to the Stormpath using the credentials you created when you registered.

Here’s the response you’ll see:

Notice that the response includes access_token and refresh_token cookies. That’s to take advantage of the built-in OAuth 2.0 service.

Note: If you browse to http://localhost:8080/login, you’ll see a nicely formatted web view that can easily be skinned for your website.

So Much More with

Whew! So now, in just five minutes, you’ve gone from nothing to a fully armed and operational, er, fully functioning Spring Boot application, secured with Stormpath. And that’s not all Spring Initializr can do! You used the command line API from to create your project. There are two other modes of interaction that we haven’t covered yet: in Your Browser

If you browse to, you can search for modules you’re interested in and then download the demo project containing those modules.

start web in Your IDE

In most modern IDEs, including eclipse and IntelliJ IDEA, you can create a Spring Boot project that uses to set defaults. Just choose Spring Initializr as the project type.

start ide

Stormpath is the BOM Diggity!

There’s so much more to what you get out of the box with the Stormpath Spring Boot integration. Here’s a short list:

  • OAuth 2.0 workflows
  • Skinnable web-based view for registration, login, change password, and forgot password
  • Deep integration with idiomatic Spring Security constructs, such as @PreAuthorize annotations
  • Multi-factor authentication including SMS and Google Authenticator
  • SAML integration
  • External provider login, including Facebook, Google, and any other OAuth 2.0 compliant provider

If you take a look at the pom.xml file generated from, you’ll notice that there’s a single Stormpath dependency and no explicit version:

That’s because we are making use of a BOM, or Bill of Materials. Further down in the pom file, you’ll see the dependency management section:

Here, we are referring to a version, namely: 1.5.0. Using the BOM reference allows you to specify any of the available Stormpath Starters without an explicit version.

If you want to upgrade at a later time, there’s a single version that you’d change in the dependency management section of your pom file. This matters because Stormpath has nearly 20 modules that you can mix and match in whatever way makes sense for your project. Using the BOM, you can always be assured that you are using the correct version across modules while only having to specify the version in one place.

For a more in-depth dive into what you can do with Stormpath, Spring Security, and Spring Boot, check out our tutorial: