1. Configure Spring Security with in memory authentication.
2. Replace all ?userId @RequestParam in your code with Authentication object.
3. Add @NonNull, @Min, etc annotations where applicable (add this dependency to your project, see example here)
4. Implement custom email validation.
5. Implement CustomGlobalExceptionHandler.
6. Remove method login() in AuthenticationService, HashUtil and salt from User entity. Start using passwordEncoder in UserService -> add() for password hashing.

IMPORTANT: For dependency hibernate-validator don't use version 7.0.0.Final and higher, they are not fully compatible with Spring now, and may not work properly. You can use 6.1.6.Final;

Advanced:

1. In the UserRequestDto add a repeatPassword field.
2. Implement validation to check that password and repeatPassword are the same.
3. In your CustomGlobalExceptionHandler, return JSON response with HTTP status 500 if DataProcessingException is thrown.

You can check yourself using this checklist