Our project is planning to use authentication mechanism which would be provided by Siteminder. When login page is displayed to user the username and password would be Authenticated by Siteminder and Authorization will be done by Spring Security. I have gone through the reference guide and found following configuration can be used:
<!-- Additional http configuration omitted -->
<security:custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
<bean id="siteminderFilter" class=
<property name="principalRequestHeader" value="SM_USER"/>
<property name="authenticationManager" ref="authenticationManager" />
class="org.springframework.security.web.authentica tion.preauth.PreAuthenticatedAuthenticationProvide r">
<property name="userDetailsService" ref="userDetailsService"/>
<security:authentication-provider ref="preauthAuthProvider" />
It is also mentioned - "It's also assumed that you have added a UserDetailsService (called “userDetailsService”) to your configuration to load the user's roles."
I am not quite clear about this userDetailsService bean. Can someone please provide extra information for this. Which interface should this bean implement ? Does it need to load authorization data for the user ?
Thanks in advance...