How to securely send/store password in a Spring RESTful login service

1. Use HTTPS.
2. Password should be in request body, so use POST.
3. Don't hash the password before sending.
4. Compare hash stored in the db with hashed received password.

There is no reason to encrypt passwords. It's a bad idea. They should be hashed and preferably salted. In case someone stoles your database, it'll be harder to compromise your users' passwords.

How to securily store passwords.