diff --git a/pom.xml b/pom.xml
index 4d96524..56c835b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -37,6 +37,10 @@
 			<groupId>org.springframework.boot</groupId>
 			<artifactId>spring-boot-starter-security</artifactId>
     </dependency>
+    <dependency>
+      <groupId>org.springframework.security</groupId>
+      <artifactId>spring-security-taglibs</artifactId>
+  </dependency>
 <!-- jstl -->
     <dependency>
         <groupId>jstl</groupId>
diff --git a/src/main/java/MTGClone/CustomAuthenticationProvider.java b/src/main/java/MTGClone/CustomAuthenticationProvider.java
new file mode 100644
index 0000000..8888ef8
--- /dev/null
+++ b/src/main/java/MTGClone/CustomAuthenticationProvider.java
@@ -0,0 +1,36 @@
+package MTGClone;
+
+import org.springframework.security.authentication.AuthenticationProvider;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.stereotype.Component;
+
+import java.util.ArrayList;
+
+@Component
+public class CustomAuthenticationProvider implements AuthenticationProvider {
+ 
+    @Override
+    public Authentication authenticate(Authentication authentication) 
+      throws AuthenticationException {
+ 
+        String name = authentication.getName();
+        String password = authentication.getCredentials().toString();
+        SQLDriver d = new SQLDriver();
+        if (d.authenticateUser(name, password)) {
+ 
+            // use the credentials
+            // and authenticate against the third-party system
+            return new UsernamePasswordAuthenticationToken(
+              name, password, new ArrayList<>());
+        } else {
+            return null;
+        }
+    }
+ 
+    @Override
+    public boolean supports(Class<?> authentication) {
+        return authentication.equals(UsernamePasswordAuthenticationToken.class);
+    }
+}
\ No newline at end of file
diff --git a/src/main/java/MTGClone/WebSecurityConfig.java b/src/main/java/MTGClone/WebSecurityConfig.java
index 120092e..0519652 100644
--- a/src/main/java/MTGClone/WebSecurityConfig.java
+++ b/src/main/java/MTGClone/WebSecurityConfig.java
@@ -1,6 +1,8 @@
 package MTGClone;
 
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -16,7 +18,13 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
                 .csrf().disable().logout();
     }
 
-    // TODO: Login using SQLDriver.authenticateUser(username, password)
+    @Autowired
+    private CustomAuthenticationProvider authProvider;
+ 
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.authenticationProvider(authProvider);
+    }
  
 
 }
\ No newline at end of file
diff --git a/src/main/java/MTGClone/controller/CardController.java b/src/main/java/MTGClone/controller/CardController.java
index fa01930..bfefde0 100644
--- a/src/main/java/MTGClone/controller/CardController.java
+++ b/src/main/java/MTGClone/controller/CardController.java
@@ -26,11 +26,8 @@ public class CardController {
     @RequestParam("power") int power, @RequestParam("toughness") int toughness, @RequestParam("description") String description,
     @RequestParam("creaturetype") String creaturetype, ModelMap modelMap) {
         SQLDriver d = new SQLDriver();
-        System.out.println(creaturetype);
-        System.out.println("Posting to /card detected");
         Card newCard = new Card(cardname, manacost, power, toughness, description, "", creaturetype);
         d.insertCard(newCard);
-        //modelMap.addAttribute("allcards", d.getAllCards()); 
         return "card";
     }
     
diff --git a/src/main/webapp/WEB-INF/jsp/card.jsp b/src/main/webapp/WEB-INF/jsp/card.jsp
index a7c6679..59385c9 100644
--- a/src/main/webapp/WEB-INF/jsp/card.jsp
+++ b/src/main/webapp/WEB-INF/jsp/card.jsp
@@ -1,5 +1,6 @@
 <!DOCTYPE html>
 <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
+<%@ taglib prefix="sec" uri="http://www.springframework.org/security/tags" %>
 <html lang="en" xmlns:th="http://www.thymeleaf.org">
    <head>
      <link href="https://fonts.googleapis.com/css2?family=Ubuntu&display=swap" rel="stylesheet">
@@ -33,11 +34,16 @@ table, td, th{
     <title>Hello ${name}!</title>
 </head>
 <body style="background-color:#0F0F0F;font-family: 'Ubuntu', sans-serif;">
+  <sec:authorize access="isAnonymous()">
   <li><a href="/login" style="color:#C10E0E">Login / Sign Up</a></li> </ul>
+</sec:authorize>
+<sec:authorize access="isAuthenticated()">
+  <li><a href="/logout" style="color:#C10E0E">Log Out</a></li> </ul>
+</sec:authorize>
     <h2 style="color:#CFCACA;position:relative;left:820px;">Magic Card Creator</h2>
    
     <div class="container">
-    
+      <sec:authorize access="isAuthenticated()">
     <form action="#" method="post" th:action="@{/card}" >
         <br><br><label style="left:210px;font-size:26px;"for="cardname">Card Name:</label>
         <input style="left:210px;font-size:24px;width:300px;"placeholder="Card Title"type="text" id="cardname" name="cardname"><br><br>
@@ -61,7 +67,7 @@ table, td, th{
       </form>
       </div>
       <br>
-      
+    </sec:authorize>
       
       <table style>
         <tr>