Spring Security – Customize Authentication Provider

In the post, we guide how to customize AuthenticationProvider for SpringSecurity web application.

I. Technology

– Apache Maven 3.5.2
– Spring Tool Suite – Version 3.9.0.RELEASE
– Spring Boot – 1.5.10.RELEASE
– Bootstrap

II. SpringSecurity Authentication Provider

SpringSecurity provides an interface to customize Authentication:


Create a Kotlin SpringBoot project as below:

spring security - customize authentication provider - project structure

Login page:


When login with accounts: {user/user, admin/admin} -> login successfully

-> console’s logs:

When login with others, example {peter/peter} -> login fail

-> console’s logs:

III. Implementation

Step to do
– Create Kotlin SpringSecurity project
– Customize Authentication Provider

1. Create Kotlin SpringSecurity project

-> Follow the article: SpringBoot – Configure Spring Security

2. Customize Authentication Provider

– CustomAuthenticationProvider:

– Configure ‘CustomAuthenticationProvider’ bean in ‘WebSecurityConfigurer’

IV. Sourcecode


By grokonez | December 10, 2016.

Last updated on March 8, 2018.

Related Posts

4 thoughts on “Spring Security – Customize Authentication Provider”

  1. This example works fine if I use login form. But what if I need not it?
    If I use configure like this :

    CustomAuthenticationProvider method authenticate(…) did not used at all (use debug to confirm) and page are always forbidden when trying to access /admin resource

    1. Hi,

      If you don’t need a login page, Are you working with httpBasic?
      -> If Yes, you can try the segment code for httpBasic security:

      More details, you can try the tutorial:
      How to configure Spring RestTemplate Security


  2. hi aykytakin,
    I need to integrate my own authentication which takes in username password and returns true or false in return.Can this be included in the the customAuthenticationProvider? I have a web app which needs spring web security integration. Please help as i am new to spring concepts. Also the roles will be provided against a usernames which will be present in a text file name=role.
    Can u please give a head start to implement such requirement.

  3. How can we customize the exception thrown by AuthenticationProvider implementation class, in my my own Error code/Description response ?

Got Something To Say:

Your email address will not be published. Required fields are marked *