diff --git a/docs/faq/src/docbook/faq.xml b/docs/faq/src/docbook/faq.xml index 1b92528087..6f0bae095f 100644 --- a/docs/faq/src/docbook/faq.xml +++ b/docs/faq/src/docbook/faq.xml @@ -428,6 +428,25 @@ are marked as "optional" in the Spring Security POM files will have to be added to your own pom.xml file if you need them. + + What is a UserDetailsService and do I need one? + + UserDetailsService is a DAO interface for loading data + that is specific to a user account. It has no other function other to load that + data for use by other components within the framework. It is not responsible for + authenticating the user. Authenticating a user with a username/password + combination is most commonly performed by the DaoAuthenticationProvider, + which is injected with a UserDetailsService to allow + it to load the password (and other data) for a user in order to compare it with the + submitted value. + + If you want to customize the authentication process then you should implement + AuthenticationProvider yourself. See this + + blog article for an example integrating Spring Security authentication with + Google App Engine. + + diff --git a/docs/manual/src/docbook/technical-overview.xml b/docs/manual/src/docbook/technical-overview.xml index c336838f5e..b6f34bd1cb 100644 --- a/docs/manual/src/docbook/technical-overview.xml +++ b/docs/manual/src/docbook/technical-overview.xml @@ -83,13 +83,13 @@ if (principal instanceof UserDetails) { UserDetails as the principal. -
+
The UserDetailsService Another item to note from the above code fragment is that you can obtain a principal from the Authentication object. The principal is just an Object. Most of the time this can be cast into a UserDetails object. - UserDetails is a central interface in Spring + UserDetails is a core interface in Spring Security. It represents a principal, but in an extensible and application-specific way. Think of UserDetails as the adapter between your own user database and what Spring Security needs inside the @@ -126,6 +126,16 @@ if (principal instanceof UserDetails) { UserDetailsService returns can always be obtained from the SecurityContextHolder using the above code fragment. + + There is often some confusion about UserDetailsService. + It is purely a DAO for user data and performs no other function other than to supply that data + to other components within the framework. In particular, it does not + authenticate the user, which is done by the AuthenticationManager. + In many cases it makes more sense to + implement AuthenticationProvider + directly if you require a custom authentication process. + +
GrantedAuthority