VOOZH about

URL: https://www.geeksforgeeks.org/springboot/spring-security-form-based-authentication/

⇱ Spring Security - Form-Based Authentication - GeeksforGeeks

  • Courses
  • Tutorials
  • Interview Prep

Spring Security - Form-Based Authentication

Last Updated : 17 Jan, 2026

Form-Based Authentication in Spring Security provides a secure and customizable way to authenticate users using a custom login page instead of the default browser login prompt. It allows better control over authentication flow, user experience, and security configurations.

  • Customizable login and logout mechanisms.
  • Protection against common security threats like session fixation and brute force attacks.
  • Seamless integration with Spring Boot and Thymeleaf.
  • Easy role-based access control configuration.

In this article, we will learn how to set up a Spring Boot application with Spring Security to implement a custom login page.

Steps to Create a Custom Login Form with Spring Security

Step 1: Create a Spring Boot Project

Use Spring Initializr to bootstrap your project with the following dependencies:

  • Spring Web: For building web applications.
  • Spring Security: For authentication and authorization.
  • Thymeleaf: For rendering HTML templates.
👁 Spring-Initializr

Step 2: Project Structure

Your folder structure should look like this:

👁 pro
Project Structure

Step 3: Configure pom.xml

The pom.xml defines the configuration of the dependencies of the project, we don't need to add other dependencies right now as we are using spring boot and most of the things that we need for this project are auto-configured.

pom.xml:

Step 4: Create the Application Class

Step 5: Create a Controller

Create a controller to handle requests for login and welcome pages.

Step 6: Create Security Configuration

Create SpringSecurityConfig.java:

Step 7: Create application.properties

spring.security.user.name=user

spring.security.user.password=pass

spring.thymeleaf.cache=false

spring.thymeleaf.cache=false ensures templates reload automatically during development.

Step 8: Create Templates

login.html

Welcome.html

Step 9: Run the Application

Now it's time to run your created project, run your program as a Java application,

  • Open your browser and navigate to http://localhost:8080/welcome.
  • You will be redirected to the custom login page (http://localhost:8080/login).
  • Enter the username (user) and password (pass).
  • Upon successful login, you will be redirected to the welcome page.

After successful authentication spring will automatically redirect to the welcome page.

👁 l
Login Page
👁 s
Welcome Page

So, we have created a very basic custom Form-Based Authentication using spring security and tested it locally.

Comment

Explore