diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
index 8af5129d6..b9679866d 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/configuration/CoreShibUiConfiguration.java
@@ -7,6 +7,7 @@
 import edu.internet2.tier.shibboleth.admin.ui.repository.MetadataResolversPositionOrderContainerRepository;
 import edu.internet2.tier.shibboleth.admin.ui.scheduled.EntityDescriptorFilesScheduledTasks;
 import edu.internet2.tier.shibboleth.admin.ui.scheduled.MetadataProvidersScheduledTasks;
+import edu.internet2.tier.shibboleth.admin.ui.security.repository.RoleRepository;
 import edu.internet2.tier.shibboleth.admin.ui.security.service.UserRoleService;
 import edu.internet2.tier.shibboleth.admin.ui.service.DefaultMetadataResolversPositionOrderContainerService;
 import edu.internet2.tier.shibboleth.admin.ui.service.DirectoryService;
@@ -197,7 +198,7 @@ public ModelRepresentationConversions modelRepresentationConversions() {
     }
 
     @Bean
-    public UserRoleService userRoleService() {
-        return new UserRoleService();
+    public UserRoleService userRoleService(RoleRepository roleRepository) {
+        return new UserRoleService(roleRepository);
     }
 }
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
index e1f1fd373..0953d528c 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersController.java
@@ -14,9 +14,9 @@
 import org.springframework.transaction.annotation.Transactional;
 import org.springframework.web.bind.annotation.DeleteMapping;
 import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PatchMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.PutMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
@@ -78,6 +78,7 @@ ResponseEntity<?> saveOne(@RequestBody User user) {
                     .body(new ErrorResponse(String.valueOf(HttpStatus.CONFLICT.value()),
                             String.format("A user with username [%s] already exists within the system.", user.getUsername())));
         }
+        //TODO: modify this such that additional encoders can be used
         user.setPassword(BCrypt.hashpw(user.getPassword(), BCrypt.gensalt()));
         userRoleService.updateUserRole(user);
         User savedUser = userRepository.save(user);
@@ -85,7 +86,7 @@ ResponseEntity<?> saveOne(@RequestBody User user) {
     }
 
     @Transactional
-    @PutMapping("/{username}")
+    @PatchMapping("/{username}")
     ResponseEntity<?> updateOne(@PathVariable(value = "username") String username, @RequestBody User user) {
         User persistedUser = findUserOrThrowHttp404(username);
         if (StringUtils.isNotBlank(user.getFirstName())) {
diff --git a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserRoleService.java b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserRoleService.java
index 5f9312ebe..87a6431d0 100644
--- a/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserRoleService.java
+++ b/backend/src/main/java/edu/internet2/tier/shibboleth/admin/ui/security/service/UserRoleService.java
@@ -15,8 +15,11 @@
  */
 public class UserRoleService {
 
-    @Autowired
-    RoleRepository roleRepository;
+    private RoleRepository roleRepository;
+
+    public UserRoleService(RoleRepository roleRepository) {
+        this.roleRepository = roleRepository;
+    }
 
     /**
      * Given a user with a defined User.role, update the User.roles collection with that role.
diff --git a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy
index 6aae4231d..04aa033e9 100644
--- a/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy
+++ b/backend/src/test/groovy/edu/internet2/tier/shibboleth/admin/ui/security/controller/UsersControllerIntegrationTests.groovy
@@ -8,6 +8,7 @@ import org.springframework.boot.test.context.SpringBootTest
 import org.springframework.boot.test.web.client.TestRestTemplate
 import org.springframework.http.HttpEntity
 import org.springframework.http.HttpHeaders
+import org.springframework.http.HttpMethod
 import org.springframework.test.annotation.DirtiesContext
 import org.springframework.test.context.ActiveProfiles
 import spock.lang.Specification
@@ -122,13 +123,13 @@ class UsersControllerIntegrationTests extends Specification {
         when:
         this.restTemplate.postForEntity("$RESOURCE_URI", createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
         newUser['firstName'] = 'Bob'
-        def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", org.springframework.http.HttpMethod.PUT, createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
+        def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", HttpMethod.PATCH, createRequestHttpEntityFor { JsonOutput.toJson(newUser) }, Map)
 
         then:
         result.statusCodeValue == 200
     }
 
-    def 'PUT detects unknown username'() {
+    def 'PATCH detects unknown username'() {
         given:
         def newUser = [firstName: 'Foo',
                        lastName: 'Bar',
@@ -138,7 +139,7 @@ class UsersControllerIntegrationTests extends Specification {
                        role: 'ROLE_USER']
 
         when:
-        def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", org.springframework.http.HttpMethod.PUT, createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map)
+        def result = this.restTemplate.exchange("$RESOURCE_URI/$newUser.username", HttpMethod.PATCH, createRequestHttpEntityFor { mapper.writeValueAsString(newUser) }, Map)
 
         then:
         result.statusCodeValue == 404