diff --git a/docs/faq/src/docbook/faq.xml b/docs/faq/src/docbook/faq.xml
index 1b92528087..6f0bae095f 100644
--- a/docs/faq/src/docbook/faq.xml
+++ b/docs/faq/src/docbook/faq.xml
@@ -428,6 +428,25 @@
are marked as "optional" in the Spring Security POM files will have to be
added to your own pom.xml file if you need them.
+
+ What is a UserDetailsService and do I need one?
+
+ UserDetailsService is a DAO interface for loading data
+ that is specific to a user account. It has no other function other to load that
+ data for use by other components within the framework. It is not responsible for
+ authenticating the user. Authenticating a user with a username/password
+ combination is most commonly performed by the DaoAuthenticationProvider,
+ which is injected with a UserDetailsService to allow
+ it to load the password (and other data) for a user in order to compare it with the
+ submitted value.
+
+ If you want to customize the authentication process then you should implement
+ AuthenticationProvider yourself. See this
+
+ blog article for an example integrating Spring Security authentication with
+ Google App Engine.
+
+
diff --git a/docs/manual/src/docbook/technical-overview.xml b/docs/manual/src/docbook/technical-overview.xml
index c336838f5e..b6f34bd1cb 100644
--- a/docs/manual/src/docbook/technical-overview.xml
+++ b/docs/manual/src/docbook/technical-overview.xml
@@ -83,13 +83,13 @@ if (principal instanceof UserDetails) {
UserDetails as the principal.
-
+ The UserDetailsServiceAnother item to note from the above code fragment is that you can obtain a
principal from the Authentication object. The
principal is just an Object. Most of the time this can be cast
into a UserDetails object.
- UserDetails is a central interface in Spring
+ UserDetails is a core interface in Spring
Security. It represents a principal, but in an extensible and application-specific
way. Think of UserDetails as the adapter between your
own user database and what Spring Security needs inside the
@@ -126,6 +126,16 @@ if (principal instanceof UserDetails) {
UserDetailsService returns can always be obtained
from the SecurityContextHolder using the above code fragment.
+
+ There is often some confusion about UserDetailsService.
+ It is purely a DAO for user data and performs no other function other than to supply that data
+ to other components within the framework. In particular, it does not
+ authenticate the user, which is done by the AuthenticationManager.
+ In many cases it makes more sense to
+ implement AuthenticationProvider
+ directly if you require a custom authentication process.
+
+ GrantedAuthority