While users log into applications to access secure resources, the user's principle needs to be authenticated and authorized. The authentication provider helps in authenticating users in Spring Security. If a user is successfully authenticated by the authentication provider, then only the user will able to log into the web application, otherwise, the user will not be able to log into the application.

There are multiples of ways supported by Spring Security to authenticate users, such as a built-in provider with a built-in XML element, or authenticate user against a user repository (relational database or LDAP repository) storing user details. Spring Security also supports algorithms (MD5 and SHA) for password encryption.