Form-based Authentication

• Spring Security includes a login form for authentication by default

Configuring Form-based Authentication

• global-method-security: Will enable the @PreAuthorize, @PostAuthoize annotations tag
• session-management: Includes SessionManagementFilter
• form-login: Configure Form-based Authentication
  – default-target-url: Redirects to specified page on successful authentication
  – authentication-failure-url: Redirects to specified page when authentication fails
  – always-use-default-target: When set to true will redirect user to the specified page after login
  – authentication-success-handler-ref: Gets executed on successful authentication
  – authentication-failure-handler-ref: Gets executed on authentication fails
• username-parameter: Link the defined username property of login.jsp page
• password-parameter: Link the defined password property of login.jsp page

Form-based Authentication (Cont’d)

Sample Login Form Configuration