Spring Security - Using a Custom Login Page

[Updated: Jul 22, 2017, Created: Jul 22, 2017]

This example demonstrates how to use a custom login page.

Java Config class

  • We have to configure HttpSecurity to override the defaults. We are not going to replace the default handlers just the login URI.
  • We have to set up AuthenticationManager with user, password and their roles.
  • Map our custom login URI to the view by overriding WebMvcConfigurerAdapter#addViewControllers().
public class AppConfig extends WebSecurityConfigurerAdapter {

  protected void configure(HttpSecurity http) throws Exception {
          .anyRequest()//allow all urls
          .authenticated()//all URLs are allowed by any authenticated user, no role restrictions.
          .formLogin()//enable form based authentication
          .loginPage("/my-login")//use a custom login URI
          .permitAll(true)//login URI can be accessed by anyone
          .logout()//default logout handling
          .logoutSuccessUrl("/my-login?logout")//our new logout success url, we are not replacing other defaults.
          .permitAll();//allow all as it will be accessed when user is not logged in anymore


  public void configure(AuthenticationManagerBuilder builder)
          throws Exception {

  WebMvcConfigurer myWebMvcConfigurer() {
      return new WebMvcConfigurerAdapter() {

          public void addViewControllers(ViewControllerRegistry registry) {
              ViewControllerRegistration r = registry.addViewController("/my-login");

  public ViewResolver viewResolver() {
      InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
      return viewResolver;

A Controller

public class ExampleController {

  public String handleRequest2(ModelMap map) {
      return "my-page";

The JSP pages


<%@ taglib prefix="c" uri=""%>
<title>My Custom Login Page</title>
<body style='margin:50px;'>
  <h2>My Custom Login Page</h2>
  <form action="/my-login" method="post">
    	<c:if test="${param.error != null}">
    		<p style='color:red'>
    			Invalid username and password.
    	<c:if test="${param.logout != null}">
    		<p style='color:blue'>
    			You have been logged out.
    		<label for="username">Username</label>
    		<input type="text" id="username" name="username"/>
    		<label for="password">Password</label>
    		<input type="password" id="password" name="password"/>
    	<input type="hidden"
    	<button type="submit">Log in</button>


<%@ taglib prefix="c" uri=""%>
<html lang="en">
 <h2>Spring Security Example</h2>
 <p>Time: ${time}</p>
  <form action="/logout" method="post">
     <input type="hidden"
  <input type="submit" value="Logout">

To try examples, run embedded tomcat (configured in pom.xml of example project below):

mvn tomcat7:run-war


Initial access to URI '/' will redirect to '/my-login':

After submitting user name and password as we setup in our AppConfig class:

Clicking on 'Logout' button:

Example Project

Dependencies and Technologies Used:

  • spring-security-web 4.2.3.RELEASE: spring-security-web.
  • spring-security-config 4.2.3.RELEASE: spring-security-config.
  • spring-webmvc 4.3.9.RELEASE: Spring Web MVC.
  • javax.servlet-api 3.1.0 Java Servlet API
  • jstl 1.2 javax.servlet:jstl
  • JDK 1.8
  • Maven 3.3.9

Custom Login Page Example Select All Download
  • custom-login-page
    • src
      • main
        • java
          • com
            • logicbig
              • example
        • webapp
          • WEB-INF
            • views

See Also