Home/ Questions/Q 3355514
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-18T02:24:16+00:00

Simple question, I just need a pointer in the right direction: I have a

  • 0

Simple question, I just need a pointer in the right direction:

I have a simple Spring MVC/Spring Security webapp. Initially I set up Spring Security so that the default login page shows and authenticates properly (I implemented the UserDetailsService with the DaoAuthenticationProvider to do this).

Next step: replace the default spring login page with my login page and post the credentials.

But what do I do with the submitted login credentials? I assume I post the form to a controller, verify the credentials, but I’m not clear what the right step is after that. E.g.:

  • Am I calling a method of AuthenticationManager?
  • Do I need to define a bean for this?
  • Is there an interface/service I need to implement like an AuthenticationEntryPoint or something?

I’ve hit the docs 3 times over and don’t quite follow them. I know this is dirt simple, so I just need to hear how the process should flow.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Spring Security reference documentation outlines the basic processing flow in 5.4 Authentication in a Web Application. There is point #6:

    Next the server will decide whether or not the presented credentials are valid. If they’re valid, the next step will happen. If they’re invalid, usually your browser will be asked to try again (so you return to step two above).

    Spring Security has distinct classes responsible for most of the steps described above. The main participants (in the order that they are used) are the ExceptionTranslationFilter, an AuthenticationEntryPoint and an “authentication mechanism”, which is responsible for calling the AuthenticationManager which we saw in the previous section.

    I have to admit, the documentation here is a bit confusing so I will give you some more pointers – the “authentication mechanism” mentioned here is the thing you are after, it is responsible for processing the credentials that the browser is sending.

    As the details of attaching the credentials to HTTP request(s) vary greatly among different authentication methods (form data vs. plain headers vs. digest headers), there is no common “authentication mechanism” – instead, each method implements its own mechanism and in the case of web-based authentication, it is typically a special filter that you have to configure in web.xml.

    In your case, you are most probably interested in UsernamePasswordAuthenticationFilter – this is used for processing basic form-based login information. The contract between your custom login form and the filter is the URL (where form is posted) + username and password field names:

    The login form simply contains j_username and j_password input fields, and posts to the URL that is monitored by the filter (by default this is /j_spring_security_check).

    • 0