Spring Security Custom Authentication Provider

Himanshu Pratap
2 min readSep 6, 2021

I recently had the requirement for user authentication in a spring boot application as follows:

Check if the user exist in local database user table
-> if the user exist, then authenticate it to external windows AD server.

In Spring Security, an Authentication request is processed by an AuthenticationProvider and a fully authenticated object with full credentials is returned. Some standard and common implementation of Authentication Provider are DaoAuthenticationProvider.

Here, we’ll define a custom Authentication Provider to achieve our authentication requirement.

Suppose the environment are as follows:

  • Local db details :Postgresql 13.1, host- server1, port 5432, database — mydb1, users table — myuser
  • Windows AD server details: domain — example.examplegroup.co.in, IP Address —


  1. Add following dependencies to pom.xml file

2. Modify application.properties files

spring.jpa.show-sql = true
spring.jpa.hibernate.ddl-auto = update

3. Add domain class for user — Myuser.class

public class Myuser {
private String username;
// constructor, getters, setter methods

4. Add Repo interface for user — MyuserRepo.class

public interface MyuserRepo extends JpaRepository<Myuser, String> {


5. Add service class for user — MyuserService.class

public class MyuserService {

private final MyuserRepo myuserRepo;

public MyuserService(MyuserRepo myuserRepo) {
this.myuserRepo = myuserRepo;
// methods to check whether user exist in the table
public boolean ifExist(String username) {
Optional<Myuser> myuser = myuserRepo.findById(username);
return myuser.isPresent();

6. Create the custom authentication provider

Inside Custom Authentication provider first we will check whether user is present in myuser table and then will use ActiveDirectoryLdapAuthenticationProvider to perform windows AD authentication.

CustomAuthenticationProvider must override two methods

  • Authentication authenticate(Authentication authentication)
  • boolean supports(Class<?> authentication)
public class CustomAuthenticationProvider implements AuthenticationProvider {

private final MyuserService myuserService;
//constructor with field
public CustomAuthenticationProvider( MyuserService myuserService) {
this.myuserService = myuserService;
//ActiveDirectoryLdapAuthenticationProvider Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider(){

ActiveDirectoryLdapAuthenticationProvider adLdapProvider =
new ActiveDirectoryLdapAuthenticationProvider(
"example.examplegroup.co.in", "ldap://");
adLdapProvider.setConvertSubErrorCodesToExceptions(true); return adLdapProvider;

public Authentication authenticate(Authentication authentication) throws AuthenticationException {
// get username
String username = authentication.getName();
//check whether user exist in myuser table
boolean ifPresent = epuserService.findOne(username);

if(ifPresent) {
return activeDirectoryLdapAuthenticationProvider()
else throw new UsernameNotFoundException("User not found.");


public boolean supports(Class<?> authentication) {
return authentication


7. Define WebSecurityConfig class in which our custom authentication builder will be utilized.

public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

private CustomAuthenticationProvider customAuthProvider;

public WebSecurityConfig (CustomAuthenticationProvider customAuthProvider ) {
this.customAuthProvider = customAuthProvider;

protected void configure(HttpSecurity http) throws Exception {
protected void configure( AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider( customAuthProvider);


Resources :