Using Spring Security's /login by default will just provide us with the built-in user authentication and authorization processes. This whole operation is being controlled by springSecurityFilterChain's built-in AuthenticationManager class that matches the user credentials declared as in-memory users and roles to the incoming login credentials.

But there are instances where login processing must be customized to cater for some special validation procedures, such as explicitly banning some users or roles and sanitation of login credentials. This recipe will show you how to override the internal /login processing.