diff --git a/.gitignore b/.gitignore
index f98b419fc..346fd8b65 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,207 @@
-.idea/
-/starter_code/target/
+# Got this from https://gist.github.com/fedir/cd58012d42c8c1edbb3fff611de6c2f6
+
+/target/
+*/target/**
+!.mvn/wrapper/maven-wrapper.jar
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+
+
+# Created by https://www.gitignore.io/api/git,java,maven,eclipse,windows
+
+### Eclipse ###
+
+.metadata
+bin/
+tmp/
+*.tmp
+*.bak
+*.swp
+*~.nib
+local.properties
+.settings/
+.loadpath
+.recommenders
+
+# External tool builders
+.externalToolBuilders/
+
+# Locally stored "Eclipse launch configurations"
+*.launch
+
+# PyDev specific (Python IDE for Eclipse)
+*.pydevproject
+
+# CDT-specific (C/C++ Development Tooling)
+.cproject
+
+# CDT- autotools
+.autotools
+
+# Java annotation processor (APT)
+.factorypath
+
+# PDT-specific (PHP Development Tools)
+.buildpath
+
+# sbteclipse plugin
+.target
+
+# Tern plugin
+.tern-project
+
+# TeXlipse plugin
+.texlipse
+
+# STS (Spring Tool Suite)
+.springBeans
+
+# Code Recommenders
+.recommenders/
+
+# Annotation Processing
+.apt_generated/
+
+# Scala IDE specific (Scala & Java development for Eclipse)
+.cache-main
+.scala_dependencies
+.worksheet
+
+### Eclipse Patch ###
+# Eclipse Core
+.project
+
+# JDT-specific (Eclipse Java Development Tools)
+.classpath
+
+# Annotation Processing
+.apt_generated
+
+.sts4-cache/
+
+### Git ###
+# Created by git for backups. To disable backups in Git:
+# $ git config --global mergetool.keepBackup false
+*.orig
+
+# Created by git when using merge tools for conflicts
+*.BACKUP.*
+*.BASE.*
+*.LOCAL.*
+*.REMOTE.*
+*_BACKUP_*.txt
+*_BASE_*.txt
+*_LOCAL_*.txt
+*_REMOTE_*.txt
+
+### Java ###
+# Compiled class file
+*.class
+
+# Log file
+*.log
+/logs
+
+# BlueJ files
+*.ctxt
+
+# Mobile Tools for Java (J2ME)
+.mtj.tmp/
+
+# Package Files #
+*.jar
+*.war
+*.nar
+*.ear
+*.zip
+*.tar.gz
+*.rar
+
+# virtual machine crash logs, see http://www.java.com/en/download/help/error_hotspot.xml
+hs_err_pid*
+
+### Maven ###
+target/
+pom.xml.tag
+pom.xml.releaseBackup
+pom.xml.versionsBackup
+pom.xml.next
+release.properties
+dependency-reduced-pom.xml
+buildNumber.properties
+.mvn/timing.properties
+.mvn/wrapper/maven-wrapper.jar
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+ehthumbs.db
+ehthumbs_vista.db
+
+# Dump file
+*.stackdump
+
+# Folder config file
+[Dd]esktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msix
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+build/
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### VS Code ###
+.vscode/
+
+### Some additional ignores (sort later)
+*.DS_Store
+*.sw?
+.#*
+*#
+*~
+.classpath
+.project
+.settings
+bin
+build
+target
+dependency-reduced-pom.xml
+*.sublime-*
+/scratch
+.gradle
+README.html
+*.iml
+.idea
+.exercism
+/starter_code/target/classes/
+/starter_code/target/classes/com/example/demo/controllers/
diff --git a/starter_code/pom.xml b/starter_code/pom.xml
index 608bb212f..77db84f27 100644
--- a/starter_code/pom.xml
+++ b/starter_code/pom.xml
@@ -1,68 +1,119 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-	<modelVersion>4.0.0</modelVersion>
-	<parent>
-		<groupId>org.springframework.boot</groupId>
-		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.1.5.RELEASE</version>
-		<relativePath/> <!-- lookup parent from repository -->
-	</parent>
-	<groupId>com.example</groupId>
-	<artifactId>auth-course</artifactId>
-	<packaging>war</packaging>
-	<version>0.0.1-SNAPSHOT</version>
-	<name>auth-course</name>
-	<description>Demo project for Spring Boot</description>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+  <parent>
+    <groupId>org.springframework.boot</groupId>
+    <artifactId>spring-boot-starter-parent</artifactId>
+    <version>2.4.5</version>
+    <relativePath/> <!-- lookup parent from repository -->
+  </parent>
+  <groupId>com.example</groupId>
+  <artifactId>auth-course</artifactId>
+  <version>0.0.1-SNAPSHOT</version>
+  <name>auth-course</name>
+  <description>Demo project for Spring Boot</description>
 
-	<properties>
-		<java.version>1.8</java.version>
-    	<maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
-	</properties>
+  <properties>
+    <java.version>17</java.version>
+    <maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
+  </properties>
 
-	<dependencies>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-data-jpa</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-web</artifactId>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-tomcat</artifactId>
-		</dependency>
+  <repositories>
+    <repository>
+      <id>splunk-artifactory</id>
+      <name>Splunk Releases</name>
+      <url>https://splunk.jfrog.io/artifactory/libs-releases</url>
+    </repository>
+  </repositories>
 
-		<dependency>
-			<groupId>com.h2database</groupId>
-			<artifactId>h2</artifactId>
-			<scope>runtime</scope>
-		</dependency>
-		<dependency>
-			<groupId>org.springframework.boot</groupId>
-			<artifactId>spring-boot-starter-test</artifactId>
-			<scope>test</scope>
-		</dependency>
-		<!-- https://mvnrepository.com/artifact/org.codehaus.mojo/tomcat-maven-plugin -->
-		<dependency>
-		    <groupId>org.codehaus.mojo</groupId>
-		    <artifactId>tomcat-maven-plugin</artifactId>
-		    <version>1.1</version>
-		</dependency>
-	</dependencies>
-
-	<build>
-		<plugins>
-			<plugin>
-				<groupId>org.springframework.boot</groupId>
-				<artifactId>spring-boot-maven-plugin</artifactId>
-			</plugin>
-			<plugin>
- 		               	<groupId>org.apache.maven.plugins</groupId>
-                		<artifactId>maven-compiler-plugin</artifactId>
-			</plugin>
-		</plugins>
-	</build>
+  <dependencies>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-data-jpa</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-security</artifactId>
+      <exclusions>
+        <exclusion>
+          <artifactId>spring-boot-starter-logging</artifactId>
+          <groupId>org.springframework.boot</groupId>
+        </exclusion>
+      </exclusions>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-log4j2</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.splunk.logging</groupId>
+      <artifactId>splunk-library-javalogging</artifactId>
+      <version>1.8.0</version>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-web</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>com.auth0</groupId>
+      <artifactId>java-jwt</artifactId>
+      <version>3.10.3</version>
+    </dependency>
+    <dependency>
+      <groupId>com.h2database</groupId>
+      <artifactId>h2</artifactId>
+      <scope>runtime</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-test</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-starter-tomcat</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-config</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.springframework.boot</groupId>
+      <artifactId>spring-boot-devtools</artifactId>
+      <scope>runtime</scope>
+      <optional>true</optional>
+    </dependency>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>4.13</version>
+      <scope>test</scope>
+    </dependency>
+    <!-- https://mvnrepository.com/artifact/org.slf4j/slf4j-reload4j -->
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-reload4j</artifactId>
+      <version>2.0.16</version>
+    </dependency>
 
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.springframework.boot</groupId>
+        <artifactId>spring-boot-maven-plugin</artifactId>
+      </plugin>
+      <plugin>
+        <groupId>org.apache.maven.plugins</groupId>
+        <artifactId>maven-compiler-plugin</artifactId>
+      </plugin>
+    </plugins>
+  </build>
 </project>
diff --git a/starter_code/src/main/java/com/example/demo/SareetaApplication.java b/starter_code/src/main/java/com/example/demo/SareetaApplication.java
index f161f699d..7fdcc332f 100644
--- a/starter_code/src/main/java/com/example/demo/SareetaApplication.java
+++ b/starter_code/src/main/java/com/example/demo/SareetaApplication.java
@@ -3,13 +3,19 @@
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.autoconfigure.domain.EntityScan;
+import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration;
+import org.springframework.context.annotation.Bean;
 import org.springframework.data.jpa.repository.config.EnableJpaRepositories;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 
 @EnableJpaRepositories("com.example.demo.model.persistence.repositories")
 @EntityScan("com.example.demo.model.persistence")
-@SpringBootApplication
+@SpringBootApplication(exclude = {SecurityAutoConfiguration.class})
 public class SareetaApplication {
-
+	@Bean
+	public BCryptPasswordEncoder bCryptPasswordEncoder(){
+		return new BCryptPasswordEncoder();
+	}
 	public static void main(String[] args) {
 		SpringApplication.run(SareetaApplication.class, args);
 	}
diff --git a/starter_code/src/main/java/com/example/demo/controllers/UserController.java b/starter_code/src/main/java/com/example/demo/controllers/UserController.java
index 87e8089df..d05faaa1b 100644
--- a/starter_code/src/main/java/com/example/demo/controllers/UserController.java
+++ b/starter_code/src/main/java/com/example/demo/controllers/UserController.java
@@ -1,10 +1,13 @@
 package com.example.demo.controllers;
 
-import java.util.Optional;
-
+import com.example.demo.model.persistence.Cart;
+import com.example.demo.model.persistence.User;
+import com.example.demo.model.persistence.repositories.CartRepository;
+import com.example.demo.model.persistence.repositories.UserRepository;
+import com.example.demo.model.requests.CreateUserRequest;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -12,42 +15,47 @@
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
-import com.example.demo.model.persistence.Cart;
-import com.example.demo.model.persistence.User;
-import com.example.demo.model.persistence.repositories.CartRepository;
-import com.example.demo.model.persistence.repositories.UserRepository;
-import com.example.demo.model.requests.CreateUserRequest;
-
 @RestController
 @RequestMapping("/api/user")
 public class UserController {
-	
-	@Autowired
-	private UserRepository userRepository;
-	
-	@Autowired
-	private CartRepository cartRepository;
-
-	@GetMapping("/id/{id}")
-	public ResponseEntity<User> findById(@PathVariable Long id) {
-		return ResponseEntity.of(userRepository.findById(id));
-	}
-	
-	@GetMapping("/{username}")
-	public ResponseEntity<User> findByUserName(@PathVariable String username) {
-		User user = userRepository.findByUsername(username);
-		return user == null ? ResponseEntity.notFound().build() : ResponseEntity.ok(user);
-	}
-	
-	@PostMapping("/create")
-	public ResponseEntity<User> createUser(@RequestBody CreateUserRequest createUserRequest) {
-		User user = new User();
-		user.setUsername(createUserRequest.getUsername());
-		Cart cart = new Cart();
-		cartRepository.save(cart);
-		user.setCart(cart);
-		userRepository.save(user);
-		return ResponseEntity.ok(user);
-	}
-	
+
+
+  @Autowired
+  private UserRepository userRepository;
+
+  @Autowired
+  private CartRepository cartRepository;
+
+  @Autowired
+  private BCryptPasswordEncoder bCryptPasswordEncoder;
+
+  @GetMapping("/id/{id}")
+  public ResponseEntity<User> findById(@PathVariable Long id) {
+    return ResponseEntity.of(userRepository.findById(id));
+  }
+
+  @GetMapping("/{username}")
+  public ResponseEntity<User> findByUserName(@PathVariable String username) {
+    User user = userRepository.findByUsername(username);
+    return user == null ? ResponseEntity.notFound().build() : ResponseEntity.ok(user);
+  }
+
+  @PostMapping("/create")
+  public ResponseEntity<User> createUser(@RequestBody CreateUserRequest createUserRequest) {
+
+    User user = new User();
+    user.setUsername(createUserRequest.getUsername());
+    Cart cart = new Cart();
+    cartRepository.save(cart);
+
+    user.setCart(cart);
+    if (createUserRequest.getPassword().length() < 7 ||
+        !createUserRequest.getPassword().equals(createUserRequest.getConfirmPassword())) {
+      return ResponseEntity.badRequest().build();
+    }
+    user.setPassword(bCryptPasswordEncoder.encode(createUserRequest.getPassword()));
+    userRepository.save(user);
+    return ResponseEntity.ok(user);
+  }
+
 }
diff --git a/starter_code/src/main/java/com/example/demo/model/persistence/User.java b/starter_code/src/main/java/com/example/demo/model/persistence/User.java
index ab85ccc60..b9af58b8d 100644
--- a/starter_code/src/main/java/com/example/demo/model/persistence/User.java
+++ b/starter_code/src/main/java/com/example/demo/model/persistence/User.java
@@ -1,18 +1,10 @@
 package com.example.demo.model.persistence;
 
-import javax.persistence.CascadeType;
-import javax.persistence.Column;
-import javax.persistence.Entity;
-import javax.persistence.GeneratedValue;
-import javax.persistence.GenerationType;
-import javax.persistence.Id;
-import javax.persistence.JoinColumn;
-import javax.persistence.OneToOne;
-import javax.persistence.Table;
-
 import com.fasterxml.jackson.annotation.JsonIgnore;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import javax.persistence.*;
+
 
 @Entity
 @Table(name = "user")
@@ -26,7 +18,17 @@ public class User {
 	@Column(nullable = false, unique = true)
 	@JsonProperty
 	private String username;
-	
+
+	@JsonProperty(access = JsonProperty.Access.WRITE_ONLY)
+	@Column(nullable = false)
+	private String password;
+	public String getPassword(){
+		return password;
+	}
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
 	@OneToOne(cascade = CascadeType.ALL)
     @JoinColumn(name = "cart_id", referencedColumnName = "id")
 	@JsonIgnore
diff --git a/starter_code/src/main/java/com/example/demo/model/requests/CreateUserRequest.java b/starter_code/src/main/java/com/example/demo/model/requests/CreateUserRequest.java
index a92d0bbb6..5911f9e41 100644
--- a/starter_code/src/main/java/com/example/demo/model/requests/CreateUserRequest.java
+++ b/starter_code/src/main/java/com/example/demo/model/requests/CreateUserRequest.java
@@ -7,6 +7,12 @@ public class CreateUserRequest {
 	@JsonProperty
 	private String username;
 
+	@JsonProperty
+	private String password;
+
+	@JsonProperty
+	private String confirmPassword;
+
 	public String getUsername() {
 		return username;
 	}
@@ -14,4 +20,19 @@ public String getUsername() {
 	public void setUsername(String username) {
 		this.username = username;
 	}
+
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	public void setConfirmPassword(String confirmPassword) {
+		this.confirmPassword = confirmPassword;
+	}
+	public String getPassword() {
+		return password;
+	}
+
+	public String getConfirmPassword() {
+		return confirmPassword;
+	}
 }
diff --git a/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationFilter.java b/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationFilter.java
new file mode 100644
index 000000000..896ffd9b2
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationFilter.java
@@ -0,0 +1,61 @@
+package com.example.demo.security;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Date;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+
+import com.auth0.jwt.JWT;
+import com.example.demo.model.persistence.User;
+import com.fasterxml.jackson.databind.ObjectMapper;
+
+import static com.auth0.jwt.algorithms.Algorithm.HMAC512;
+
+public class JWTAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
+
+	 private AuthenticationManager authenticationManager;
+
+    public JWTAuthenticationFilter(AuthenticationManager authenticationManager) {
+        this.authenticationManager = authenticationManager;
+    }
+    
+    @Override
+    public Authentication attemptAuthentication(HttpServletRequest req,
+                                                HttpServletResponse res) throws AuthenticationException {
+    	try {
+    		User credentials = new ObjectMapper()
+                    .readValue(req.getInputStream(), User.class);
+    		
+    		return authenticationManager.authenticate(
+                    new UsernamePasswordAuthenticationToken(
+                            credentials.getUsername(),
+                            credentials.getPassword(),
+                            new ArrayList<>()));
+    	} catch (IOException e) {
+    		throw new RuntimeException(e);
+    	}
+    }
+    
+    @Override
+    protected void successfulAuthentication(HttpServletRequest req,
+                                            HttpServletResponse res,
+                                            FilterChain chain,
+                                            Authentication auth) throws IOException, ServletException {
+
+        String token = JWT.create()
+                .withSubject(((org.springframework.security.core.userdetails.User) auth.getPrincipal()).getUsername())
+                .withExpiresAt(new Date(System.currentTimeMillis() + SecurityConstants.EXPIRATION_TIME))
+                .sign(HMAC512(SecurityConstants.SECRET.getBytes()));
+        res.addHeader(SecurityConstants.HEADER_STRING, SecurityConstants.TOKEN_PREFIX + token);
+    }
+}
diff --git a/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationVerficationFilter.java b/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationVerficationFilter.java
new file mode 100644
index 000000000..3d85ab18c
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/JWTAuthenticationVerficationFilter.java
@@ -0,0 +1,58 @@
+package com.example.demo.security;
+
+import java.io.IOException;
+import java.util.ArrayList;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
+import org.springframework.stereotype.Component;
+
+import com.auth0.jwt.JWT;
+
+import static com.auth0.jwt.algorithms.Algorithm.HMAC512;
+
+@Component
+public class JWTAuthenticationVerficationFilter extends BasicAuthenticationFilter {
+	
+	public JWTAuthenticationVerficationFilter(AuthenticationManager authManager) {
+        super(authManager);
+    }
+	
+	@Override
+    protected void doFilterInternal(HttpServletRequest req, HttpServletResponse res, FilterChain chain) 
+    		throws IOException, ServletException {
+        String header = req.getHeader(SecurityConstants.HEADER_STRING);
+
+        if (header == null || !header.startsWith(SecurityConstants.TOKEN_PREFIX)) {
+            chain.doFilter(req, res);
+            return;
+        }
+
+        UsernamePasswordAuthenticationToken authentication = getAuthentication(req);
+
+        SecurityContextHolder.getContext().setAuthentication(authentication);
+        chain.doFilter(req, res);
+    }
+
+	private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req) {
+		String token = req.getHeader(SecurityConstants.HEADER_STRING);
+        if (token != null) {
+            String user = JWT.require(HMAC512(SecurityConstants.SECRET.getBytes())).build()
+                    .verify(token.replace(SecurityConstants.TOKEN_PREFIX, ""))
+                    .getSubject();
+            if (user != null) {
+                return new UsernamePasswordAuthenticationToken(user, null, new ArrayList<>());
+            }
+            return null;
+        }
+        return null;
+	}
+
+}
diff --git a/starter_code/src/main/java/com/example/demo/security/SecurityConstants.java b/starter_code/src/main/java/com/example/demo/security/SecurityConstants.java
new file mode 100644
index 000000000..3f7cb5455
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/SecurityConstants.java
@@ -0,0 +1,10 @@
+package com.example.demo.security;
+
+public class SecurityConstants {
+
+	public static final String SECRET = "oursecretkey";
+    public static final long EXPIRATION_TIME = 864_000_000; // 10 days
+    public static final String TOKEN_PREFIX = "Bearer ";
+    public static final String HEADER_STRING = "Authorization";
+    public static final String SIGN_UP_URL = "/api/user/create";
+}
diff --git a/starter_code/src/main/java/com/example/demo/security/UserDetailsServiceImpl.java b/starter_code/src/main/java/com/example/demo/security/UserDetailsServiceImpl.java
new file mode 100644
index 000000000..5169b5884
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/UserDetailsServiceImpl.java
@@ -0,0 +1,28 @@
+package com.example.demo.security;
+
+import java.util.Collections;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+
+import com.example.demo.model.persistence.User;
+import com.example.demo.model.persistence.repositories.UserRepository;
+
+@Service
+public class UserDetailsServiceImpl implements UserDetailsService {
+
+  @Autowired
+  private UserRepository userRepository;
+
+  @Override
+  public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
+    User user = userRepository.findByUsername(username);
+    if (user == null) {
+      throw new UsernameNotFoundException(username);
+    }
+    return new org.springframework.security.core.userdetails.User(user.getUsername(), user.getPassword(), Collections.emptyList());
+  }
+}
\ No newline at end of file
diff --git a/starter_code/src/main/java/com/example/demo/security/WebSecurityConfiguration.java b/starter_code/src/main/java/com/example/demo/security/WebSecurityConfiguration.java
new file mode 100644
index 000000000..dfa86fcc3
--- /dev/null
+++ b/starter_code/src/main/java/com/example/demo/security/WebSecurityConfiguration.java
@@ -0,0 +1,48 @@
+package com.example.demo.security;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
+
+@EnableWebSecurity
+public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
+	
+	private UserDetailsServiceImpl userDetailsService;
+    private BCryptPasswordEncoder bCryptPasswordEncoder;
+	
+    public WebSecurityConfiguration(UserDetailsServiceImpl userDetailsService,
+			BCryptPasswordEncoder bCryptPasswordEncoder) {
+		this.userDetailsService = userDetailsService;
+		this.bCryptPasswordEncoder = bCryptPasswordEncoder;
+	}
+    
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.cors().and().csrf().disable().authorizeRequests()
+                .antMatchers(HttpMethod.POST, SecurityConstants.SIGN_UP_URL, "/login").permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .addFilter(new JWTAuthenticationFilter(authenticationManager()))
+                .addFilter(new JWTAuthenticationVerficationFilter(authenticationManager()))
+                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+    }
+    
+    @Override
+    @Bean
+    public AuthenticationManager authenticationManagerBean() throws Exception {
+        return super.authenticationManagerBean();
+    }
+    
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.parentAuthenticationManager(authenticationManagerBean())
+            .userDetailsService(userDetailsService)
+            .passwordEncoder(bCryptPasswordEncoder);
+    }
+}
diff --git a/starter_code/target/classes/application.properties b/starter_code/target/classes/application.properties
deleted file mode 100644
index ed303a7d4..000000000
--- a/starter_code/target/classes/application.properties
+++ /dev/null
@@ -1,6 +0,0 @@
-spring.datasource.driver-class-name=org.h2.Driver
-spring.datasource.url=jdbc:h2:mem:bootapp;DB_CLOSE_DELAY=-1
-spring.datasource.username=sa
-spring.datasource.password=
-spring.jpa.hibernate.ddl-auto=update
-spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.H2Dialect
\ No newline at end of file
diff --git a/starter_code/target/classes/com/example/demo/SareetaApplication.class b/starter_code/target/classes/com/example/demo/SareetaApplication.class
deleted file mode 100644
index 388a4f339..000000000
Binary files a/starter_code/target/classes/com/example/demo/SareetaApplication.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/controllers/CartController.class b/starter_code/target/classes/com/example/demo/controllers/CartController.class
deleted file mode 100644
index 2626d1e2e..000000000
Binary files a/starter_code/target/classes/com/example/demo/controllers/CartController.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/controllers/ItemController.class b/starter_code/target/classes/com/example/demo/controllers/ItemController.class
deleted file mode 100644
index 52ac532e6..000000000
Binary files a/starter_code/target/classes/com/example/demo/controllers/ItemController.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/controllers/OrderController.class b/starter_code/target/classes/com/example/demo/controllers/OrderController.class
deleted file mode 100644
index e8501d299..000000000
Binary files a/starter_code/target/classes/com/example/demo/controllers/OrderController.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/controllers/UserController.class b/starter_code/target/classes/com/example/demo/controllers/UserController.class
deleted file mode 100644
index 04bb6840f..000000000
Binary files a/starter_code/target/classes/com/example/demo/controllers/UserController.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/persistence/Cart.class b/starter_code/target/classes/com/example/demo/model/persistence/Cart.class
deleted file mode 100644
index 5f60d7edd..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/persistence/Cart.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/persistence/Item.class b/starter_code/target/classes/com/example/demo/model/persistence/Item.class
deleted file mode 100644
index 5bce916c6..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/persistence/Item.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/persistence/User.class b/starter_code/target/classes/com/example/demo/model/persistence/User.class
deleted file mode 100644
index b4fe72542..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/persistence/User.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/persistence/UserOrder.class b/starter_code/target/classes/com/example/demo/model/persistence/UserOrder.class
deleted file mode 100644
index 2c62312c1..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/persistence/UserOrder.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/persistence/repositories/CartRepository.class b/starter_code/target/classes/com/example/demo/model/persistence/repositories/CartRepository.class
deleted file mode 100644
index 528fcb014..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/persistence/repositories/CartRepository.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/persistence/repositories/ItemRepository.class b/starter_code/target/classes/com/example/demo/model/persistence/repositories/ItemRepository.class
deleted file mode 100644
index fcdea8cef..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/persistence/repositories/ItemRepository.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/persistence/repositories/OrderRepository.class b/starter_code/target/classes/com/example/demo/model/persistence/repositories/OrderRepository.class
deleted file mode 100644
index e47ebf196..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/persistence/repositories/OrderRepository.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/persistence/repositories/UserRepository.class b/starter_code/target/classes/com/example/demo/model/persistence/repositories/UserRepository.class
deleted file mode 100644
index 54313b79f..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/persistence/repositories/UserRepository.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/requests/CreateUserRequest.class b/starter_code/target/classes/com/example/demo/model/requests/CreateUserRequest.class
deleted file mode 100644
index 2a2337627..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/requests/CreateUserRequest.class and /dev/null differ
diff --git a/starter_code/target/classes/com/example/demo/model/requests/ModifyCartRequest.class b/starter_code/target/classes/com/example/demo/model/requests/ModifyCartRequest.class
deleted file mode 100644
index f5e3fa9a3..000000000
Binary files a/starter_code/target/classes/com/example/demo/model/requests/ModifyCartRequest.class and /dev/null differ
diff --git a/starter_code/target/classes/data.sql b/starter_code/target/classes/data.sql
deleted file mode 100644
index ddce26139..000000000
--- a/starter_code/target/classes/data.sql
+++ /dev/null
@@ -1,2 +0,0 @@
-insert into item (name, price, description) values ('Round Widget', 2.99, 'A widget that is round');
-insert into item (name, price, description) values ('Square Widget', 1.99, 'A widget that is square');
\ No newline at end of file
diff --git a/starter_code/target/test-classes/com/example/demo/SareetaApplicationTests.class b/starter_code/target/test-classes/com/example/demo/SareetaApplicationTests.class
deleted file mode 100644
index 30dd46b25..000000000
Binary files a/starter_code/target/test-classes/com/example/demo/SareetaApplicationTests.class and /dev/null differ