Share on Google+Share on Google+

Spring Security customized login form to secure URL access

In this section, you will learn Spring Security custom login form to secure URL access in web application.

Spring Security customized login  form to secure URL access

In this section, you will learn Spring Security custom login form to secure URL access in web application.

In the previous example(click here), you have learn to secure URL access through auto generated Login  form using Spring Security.

In this section, you will learn to secure URL access but the Login form is not auto generated, it is designed and developed by us. This Login form is used for authentication  of the user to secure URL access.


The tools and technology used in this tutorial are given below :

  • jdk1.6.0_18

  • apache-tomcat-6.0.29

  • Eclipse 3.5.1

  • Spring 3.0.5.RELEASE

  • Spring Security 3.0.5.RELEASE

Sometimes you need to secure your page from unauthorized access. In the below example, we will ensure secure URL access by providing custom Login form . User need to provide correct login credential to view the page.

Using Servlet filters, Spring Security catch the incoming HTTP request and enforce security checking by providing custom Login form. 

The project hierarchy and jar file used in the example is given below :



<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi=""
xmlns="" xmlns:web=""
id="WebApp_ID" version="2.5">
<!-- Spring MVC -->



<!-- Spring Security -->




<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns=""

<http auto-config="true">
<intercept-url pattern="/index*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/index"
authentication-failure-url="/failLogin" />
<logout logout-success-url="/logoff" />

<user name="admin" password="roseindia" authorities="ROLE_USER" />



<beans xmlns=""

<context:component-scan base-package="net.roseindia" />

<property name="prefix">
<property name="suffix">

<bean id="messageSource"
<property name="basenames">


package net.roseindia;


import org.springframework.stereotype.Controller;
import org.springframework.ui.ModelMap;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;

public class ProjectController {
@RequestMapping(value = "/index", method = RequestMethod.GET)
public String printMessage(ModelMap model, Principal principal) {

String username = principal.getName();
model.addAttribute("user", username);
model.addAttribute("msg", "Spring Security Custom Login Form");
return "welcome";


@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {

return "login";


@RequestMapping(value = "/failLogin", method = RequestMethod.GET)
public String failedLogin(ModelMap model) {

model.addAttribute("error", "true");
return "login";


@RequestMapping(value = "/logoff", method = RequestMethod.GET)
public String logoff(ModelMap model) {

return "login";


AbstractUserDetailsAuthenticationProvider.badCredentials=Wrong username\ /\ password


<%@ taglib prefix="c" uri=""%>
<title>Login Page</title>
.errorblock {
color: #ff0000;
background-color: #ffEEEE;
border: 3px solid #ff0000;
padding: 8px;
margin: 16px;
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Custom Page)</h3>

<c:if test="${not empty error}">
<div class="errorblock">
Login error : Please try again.<br />Root Cause:

<form name='f' action="<c:url value='j_spring_security_check' />"

<td><input type='text' name='j_username' value=''>
<td><input type='password' name='j_password' />
<td colspan='2'><input name="submit" type="submit"
value="submit" />
<td colspan='2'><input name="reset" type="reset" />



<%@ taglib prefix="c" uri=""%>
<h3>Username : ${user}</h3> 

<a href="<c:url value="/j_spring_security_logout" />" > Logoff</a>



When you try to access the following URL :


It will redirect you to the following URL and the below page will appear :


If your login credential are incorrect, following page will appear :

If your login credential are correct, following page will appear :

When you logoff, it will redirect you to the below page :

Download Source Code


Posted on: April 12, 2012 If you enjoyed this post then why not add us on Google+? Add us to your Circles

Share this Tutorial Follow us on Twitter, or add us on Facebook or Google Plus to keep you updated with the recent trends of Java and other open source platforms.