diff --git a/webwolf/pom.xml b/webwolf/pom.xml
index a9c955020..cc1cd5fa2 100644
--- a/webwolf/pom.xml
+++ b/webwolf/pom.xml
@@ -55,7 +55,7 @@
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-data-mongodb</artifactId>
+            <artifactId>spring-boot-starter-data-jpa</artifactId>
         </dependency>
         <dependency>
             <groupId>org.springframework.boot</groupId>
@@ -73,6 +73,11 @@
             <artifactId>jquery</artifactId>
             <version>3.2.1</version>
         </dependency>
+        <dependency>
+            <groupId>org.hsqldb</groupId>
+            <artifactId>hsqldb</artifactId>
+            <version>${hsqldb.version}</version>
+        </dependency>
     </dependencies>
 
     <build>
diff --git a/webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java b/webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java
index edcfa54fc..cd6b9f1b4 100644
--- a/webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/mailbox/Email.java
@@ -4,10 +4,9 @@ import lombok.AllArgsConstructor;
 import lombok.Builder;
 import lombok.Data;
 import lombok.NoArgsConstructor;
-import org.springframework.data.annotation.Id;
-import org.springframework.data.mongodb.core.index.Indexed;
-import org.springframework.data.mongodb.core.mapping.Document;
 
+import javax.persistence.Entity;
+import javax.persistence.Id;
 import java.io.Serializable;
 import java.time.LocalDateTime;
 import java.time.format.DateTimeFormatter;
@@ -18,7 +17,7 @@ import java.time.format.DateTimeFormatter;
  */
 @Builder
 @Data
-@Document
+@Entity
 @NoArgsConstructor
 @AllArgsConstructor
 public class Email implements Serializable {
@@ -29,7 +28,6 @@ public class Email implements Serializable {
     private String contents;
     private String sender;
     private String title;
-    @Indexed
     private String recipient;
 
     public String getSummary() {
diff --git a/webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxRepository.java b/webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxRepository.java
index 55cb88ac8..890ef3df4 100644
--- a/webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxRepository.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/mailbox/MailboxRepository.java
@@ -1,7 +1,6 @@
 package org.owasp.webwolf.mailbox;
 
-import org.bson.types.ObjectId;
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
 
 import java.util.List;
 
@@ -9,7 +8,7 @@ import java.util.List;
  * @author nbaars
  * @since 8/17/17.
  */
-public interface MailboxRepository extends MongoRepository<Email, ObjectId> {
+public interface MailboxRepository extends JpaRepository<Email, String> {
 
     List<Email> findByRecipientOrderByTimeDesc(String recipient);
 
diff --git a/webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java b/webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java
new file mode 100644
index 000000000..052f02047
--- /dev/null
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/RegistrationController.java
@@ -0,0 +1,47 @@
+package org.owasp.webwolf.user;
+
+import lombok.AllArgsConstructor;
+import lombok.SneakyThrows;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.stereotype.Controller;
+import org.springframework.validation.BindingResult;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.ModelAttribute;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.validation.Valid;
+
+/**
+ * @author nbaars
+ * @since 3/19/17.
+ */
+@Controller
+@AllArgsConstructor
+@Slf4j
+public class RegistrationController {
+
+    private UserValidator userValidator;
+    private UserService userService;
+    private AuthenticationManager authenticationManager;
+
+    @GetMapping("/registration")
+    public String showForm(UserForm userForm) {
+        return "registration";
+    }
+
+    @PostMapping("/register.mvc")
+    @SneakyThrows
+    public String registration(@ModelAttribute("userForm") @Valid UserForm userForm, BindingResult bindingResult, HttpServletRequest request) {
+        userValidator.validate(userForm, bindingResult);
+
+        if (bindingResult.hasErrors()) {
+            return "registration";
+        }
+        userService.addUser(userForm.getUsername(), userForm.getPassword());
+        request.login(userForm.getUsername(), userForm.getPassword());
+
+        return "redirect:/WebWolf/home";
+    }
+}
diff --git a/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java b/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java
new file mode 100644
index 000000000..7e9d82a82
--- /dev/null
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserForm.java
@@ -0,0 +1,28 @@
+package org.owasp.webwolf.user;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import javax.validation.constraints.NotNull;
+import javax.validation.constraints.Size;
+
+/**
+ * @author nbaars
+ * @since 3/19/17.
+ */
+@Getter
+@Setter
+public class UserForm {
+
+    @NotNull
+    @Size(min=6, max=20)
+    private String username;
+    @NotNull
+    @Size(min=6, max=10)
+    private String password;
+    @NotNull
+    @Size(min=6, max=10)
+    private String matchingPassword;
+    @NotNull
+    private String agree;
+}
diff --git a/webwolf/src/main/java/org/owasp/webwolf/user/UserRepository.java b/webwolf/src/main/java/org/owasp/webwolf/user/UserRepository.java
index 680125a0a..1477e0695 100644
--- a/webwolf/src/main/java/org/owasp/webwolf/user/UserRepository.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserRepository.java
@@ -1,12 +1,12 @@
 package org.owasp.webwolf.user;
 
-import org.springframework.data.mongodb.repository.MongoRepository;
+import org.springframework.data.jpa.repository.JpaRepository;
 
 /**
  * @author nbaars
  * @since 3/19/17.
  */
-public interface UserRepository extends MongoRepository<WebGoatUser, String> {
+public interface UserRepository extends JpaRepository<WebGoatUser, String> {
 
     WebGoatUser findByUsername(String username);
 }
diff --git a/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java b/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java
index 0062e6328..319a9a355 100644
--- a/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserService.java
@@ -27,4 +27,9 @@ public class UserService implements UserDetailsService {
     }
 
 
+    public void addUser(String username, String password) {
+        userRepository.save(new WebGoatUser(username, password));
+    }
+
+
 }
diff --git a/webwolf/src/main/java/org/owasp/webwolf/user/UserValidator.java b/webwolf/src/main/java/org/owasp/webwolf/user/UserValidator.java
new file mode 100644
index 000000000..495619b14
--- /dev/null
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/UserValidator.java
@@ -0,0 +1,35 @@
+package org.owasp.webwolf.user;
+
+import lombok.AllArgsConstructor;
+import org.springframework.stereotype.Component;
+import org.springframework.validation.Errors;
+import org.springframework.validation.Validator;
+
+/**
+ * @author nbaars
+ * @since 3/19/17.
+ */
+@Component
+@AllArgsConstructor
+public class UserValidator implements Validator {
+
+    private final UserRepository userRepository;
+
+    @Override
+    public boolean supports(Class<?> aClass) {
+        return UserForm.class.equals(aClass);
+    }
+
+    @Override
+    public void validate(Object o, Errors errors) {
+        UserForm userForm = (UserForm) o;
+
+        if (userRepository.findByUsername(userForm.getUsername()) != null) {
+            errors.rejectValue("username", "username.duplicate");
+        }
+
+        if (!userForm.getMatchingPassword().equals(userForm.getPassword())) {
+            errors.rejectValue("matchingPassword", "password.diff");
+        }
+    }
+}
diff --git a/webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java b/webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java
index 666c99124..a6495840b 100644
--- a/webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java
+++ b/webwolf/src/main/java/org/owasp/webwolf/user/WebGoatUser.java
@@ -1,13 +1,14 @@
 package org.owasp.webwolf.user;
 
 import lombok.Getter;
-import org.springframework.data.annotation.Id;
-import org.springframework.data.annotation.Transient;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.core.userdetails.UserDetails;
 
+import javax.persistence.Entity;
+import javax.persistence.Id;
+import javax.persistence.Transient;
 import java.util.Collection;
 import java.util.Collections;
 
@@ -16,6 +17,7 @@ import java.util.Collections;
  * @since 3/19/17.
  */
 @Getter
+@Entity
 public class WebGoatUser implements UserDetails {
 
     public static final String ROLE_USER = "WEBGOAT_USER";
diff --git a/webwolf/src/main/resources/application.properties b/webwolf/src/main/resources/application.properties
index 7c865d4c9..b169284c8 100644
--- a/webwolf/src/main/resources/application.properties
+++ b/webwolf/src/main/resources/application.properties
@@ -5,6 +5,10 @@ server.session.timeout=6000
 server.port=8081
 server.session.cookie.name = WEBWOLFSESSION
 
+spring.datasource.url=jdbc:hsqldb:file:${webgoat.server.directory}/data/webwolf
+spring.jpa.hibernate.ddl-auto=update
+spring.messages.basename=i18n/messages
+
 logging.level.org.springframework=INFO
 logging.level.org.springframework.boot.devtools=WARN
 logging.level.org.owasp=DEBUG
@@ -25,12 +29,9 @@ multipart.location=${java.io.tmpdir}
 multipart.max-file-size=1Mb
 multipart.max-request-size=1Mb
 
+webgoat.server.directory=${user.home}/.webgoat/
 webwolf.fileserver.location=${java.io.tmpdir}/webwolf-fileserver
 
-spring.data.mongodb.host=${WG_MONGO_HOST:}
-spring.data.mongodb.port=${WG_MONGO_PORT:27017}
-spring.data.mongodb.database=webgoat
-
 spring.jackson.serialization.indent_output=true
 spring.jackson.serialization.write-dates-as-timestamps=false
 
diff --git a/webwolf/src/main/resources/i18n/messages.properties b/webwolf/src/main/resources/i18n/messages.properties
new file mode 100644
index 000000000..9e5d51223
--- /dev/null
+++ b/webwolf/src/main/resources/i18n/messages.properties
@@ -0,0 +1,40 @@
+#
+# This file is part of WebGoat, an Open Web Application Security Project utility. For details,
+# please see http://www.owasp.org/
+# <p>
+# Copyright (c) 2002 - 2017 Bruce Mayhew
+# <p>
+# This program is free software; you can redistribute it and/or modify it under the terms of the
+# GNU General Public License as published by the Free Software Foundation; either version 2 of the
+# License, or (at your option) any later version.
+# <p>
+# This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
+# even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+# <p>
+# You should have received a copy of the GNU General Public License along with this program; if
+# not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+# 02111-1307, USA.
+# <p>
+# Getting Source ==============
+# <p>
+# Source for this application is maintained at https://github.com/WebGoat/WebGoat, a repository for free software
+# projects.
+# <p>
+#
+
+register.new=Register new user
+sign.up=Sign up
+register.title=Register 
+
+password=Password
+password.confirm=Confirm password
+username=Username
+
+
+
+not.empty=This field is required.
+username.size=Please use between 6 and 10 characters.
+username.duplicate=User already exists.
+password.size=Password should at least contain 6 characters
+password.diff=The passwords do not match.
\ No newline at end of file
diff --git a/webwolf/src/main/resources/templates/login.html b/webwolf/src/main/resources/templates/login.html
index 6f9a4e07c..755831691 100644
--- a/webwolf/src/main/resources/templates/login.html
+++ b/webwolf/src/main/resources/templates/login.html
@@ -45,6 +45,7 @@
                         <div class="col-xs-6 col-sm-6 col-md-6">
                         </div>
                     </div>
+                    <div><b><a th:href="@{/registration}" th:text="#{register.new}"></a></b></div>
                 </fieldset>
             </form>
         </div>
diff --git a/webwolf/src/main/resources/templates/registration.html b/webwolf/src/main/resources/templates/registration.html
new file mode 100644
index 000000000..2c4d06a2a
--- /dev/null
+++ b/webwolf/src/main/resources/templates/registration.html
@@ -0,0 +1,89 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+    <div th:replace="fragments/header :: header-css"/>
+</head>
+<body>
+
+<div th:replace="fragments/header :: header"/>
+
+<div class="container">
+
+    <br/><br/>
+    <fieldset>
+        <legend th:text="#{register.title}">Please Sign Up</legend>
+        <form class="form-horizontal" action="#" th:action="@{/register.mvc}" th:object="${userForm}"
+              method='POST'>
+
+            <div class="form-group" th:classappend="${#fields.hasErrors('username')}? 'has-error'">
+                <label for="username" class="col-sm-2 control-label" th:text="#{username}">Username</label>
+                <div class="col-sm-4">
+                    <input autofocus="dummy_for_thymeleaf_parser" type="text" class="form-control"
+                           th:field="*{username}"
+                           id="username" placeholder="Username" name='username'/>
+                </div>
+                <span th:if="${#fields.hasErrors('username')}" th:errors="*{username}">Username error</span>
+            </div>
+            <div class="form-group" th:classappend="${#fields.hasErrors('password')}? 'has-error'">
+                <label for="password" class="col-sm-2 control-label" th:text="#{password}">Password</label>
+                <div class="col-sm-4">
+                    <input type="password" class="form-control" id="password" placeholder="Password"
+                           name='password' th:value="*{password}"/>
+                </div>
+                <span th:if="${#fields.hasErrors('password')}" th:errors="*{password}">Password error</span>
+            </div>
+            <div class="form-group" th:classappend="${#fields.hasErrors('matchingPassword')}? 'has-error'">
+                <label for="matchingPassword" class="col-sm-2 control-label" th:text="#{password.confirm}">Confirm
+                    password</label>
+                <div class="col-sm-4">
+                    <input type="password" class="form-control" id="matchingPassword" placeholder="Password"
+                           name='matchingPassword' th:value="*{matchingPassword}"/>
+                </div>
+                <span th:if="${#fields.hasErrors('matchingPassword')}"
+                      th:errors="*{matchingPassword}">Password error</span>
+
+            </div>
+
+            <div class="form-group" th:classappend="${#fields.hasErrors('agree')}? 'has-error'">
+                <label class="col-sm-2 control-label">Terms of use</label>
+                <div class="col-sm-6">
+                    <div style="border: 1px solid #e5e5e5; height: 200px; overflow: auto; padding: 10px;">
+                        <p>
+                            While running this program your machine will be extremely
+                            vulnerable to attack. You should disconnect from the Internet while using
+                            this program. WebGoat's default configuration binds to localhost to minimize
+                            the exposure.
+                        </p>
+                        <p>
+                            This program is for educational purposes only. If you attempt
+                            these techniques without authorization, you are very likely to get caught. If
+                            you are caught engaging in unauthorized hacking, most companies will fire you.
+                            Claiming that you were doing security research will not work as that is the
+                            first thing that all hackers claim.
+                        </p>
+                    </div>
+                </div>
+            </div>
+
+            <div class="form-group" th:classappend="${#fields.hasErrors('agree')}? 'has-error'">
+                <div class="col-sm-6 col-sm-offset-2">
+                    <div class="checkbox">
+                        <label>
+                            <input type="checkbox" name="agree" value="agree"/>Agree with the terms and
+                            conditions
+                        </label>
+                    </div>
+                </div>
+            </div>
+
+            <div class="form-group">
+                <div class="col-sm-offset-2 col-sm-6">
+                    <button type="submit" class="btn btn-primary" th:text="#{sign.up}">Sign up</button>
+                </div>
+            </div>
+        </form>
+    </fieldset>
+
+</div>
+</body>
+</html>
\ No newline at end of file
