Enterprise Java

Spring MVC Customized User Login Logout Implementation Example

This post describes how to implement a customized user access to an Spring MVC web application (login logout). As a prerequisite, readers are advised to read this post which introduces several Spring Security concepts.

The code example is available from Github in the Spring-MVC-Login-Logout directory. It is derived from the Spring MVC with annotations example.

Customized Authentication Provider

In order to implementation our own way of accepting user login requests, we need to implement an authentication provider. The following let’s users in if their id is identical to their passwords:

public class MyAuthenticationProvider implements AuthenticationProvider {

    private static final List<GrantedAuthority> AUTHORITIES
        = new ArrayList<GrantedAuthority>();

    static {
        AUTHORITIES.add(new SimpleGrantedAuthority('ROLE_USER'));
        AUTHORITIES.add(new SimpleGrantedAuthority('ROLE_ANONYMOUS'));

    public Authentication authenticate(Authentication auth)
        throws AuthenticationException {

        if (auth.getName().equals(auth.getCredentials())) {
            return new UsernamePasswordAuthenticationToken(auth.getName(),
                auth.getCredentials(), AUTHORITIES);

        throw new BadCredentialsException('Bad Credentials');


    public boolean supports(Class<?> authentication) {
        if ( authentication == null ) return false;

        return Authentication.class.isAssignableFrom(authentication);



We need to create a security.xml file:

<beans:beans xmlns='http://www.springframework.org/schema/security'

        <intercept-url pattern='/*' access='ROLE_ANONYMOUS'/>
            always-use-default-target='true' />
        <anonymous />
        <logout />

    <authentication-manager alias='authenticationManager'>
      <authentication-provider ref='myAuthenticationProvider' />

    <beans:bean id='myAuthenticationProvider'
      class='com.jverstry.LoginLogout.Authentication.MyAuthenticationProvider' />

The above makes sure all users have the anonymous role to access any page. Once logged in, they are redirected to the main page. If they don’t log in, they are automatically considered as anonymous users. A logout function is also declared. Rather than re-implementing the wheel, we use items delivered by Spring itself.

Main Page

We implement a main page displaying the name of the currently logged in user, together with login and logout links:

<%@ taglib prefix='c' uri='http://java.sun.com/jsp/jstl/core' %>
<!doctype html>
<html lang='en'>
  <meta charset='utf-8'>
  <title>Welcome To MVC Customized Login Logout!!!</title>
    <h1>Spring MVC Customized Login Logout !!!</h1>
    Who is currently logged in? <c:out value='${CurrPrincipal}' /> !<br />
    <a href='<c:url value='/spring_security_login'/>'>Login</a> 
    <a href='<c:url value='/j_spring_security_logout'/>'>Logout</a>


We need to provide the currently logged in user name to the view:

public class MyController {

    @RequestMapping(value = '/')
    public String home(Model model) {


        return 'index';



Running The Example

Once compile, one can start the example by browsing: http://localhost:9292/spring-mvc-login-logout/. It will display the following:

Log in using the same id and password:

The application returns to the main and displays:

More Spring related posts here.

Happy coding and don’t forget to share!

Reference: Spring MVC Customized User Login Logout Implementation Example from our JCG partner Jerome Versrynge at the Technical Notes blog.

Want to know how to develop your skillset to become a Java Rockstar?

Join our newsletter to start rocking!

To get you started we give you our best selling eBooks for FREE!


1. JPA Mini Book

2. JVM Troubleshooting Guide

3. JUnit Tutorial for Unit Testing

4. Java Annotations Tutorial

5. Java Interview Questions

6. Spring Interview Questions

7. Android UI Design


and many more ....


Receive Java & Developer job alerts in your Area

I have read and agree to the terms & conditions


Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
Nayyar Sultan
9 years ago

I need an interface for AuthenticationProvider

Back to top button