About UserDetailsService Query database doubt

[relucent]

org.springframework.security.core.userdetails.User DetailsService.loadUserByUsername

Need to query the database when the log to generate UserDetails
There is only one parameter username
If the wrong username password correctly, then in order to generate UserDetails also to query about the database.
This query is redundant, I do not understand why this design.
UserDetails generated after authentication password is not better?

[Marten Deinum]

And how would you check the password? You still need to do a query, next to that you might want to use the (faulty or null) UserDetails to do some audit logging. If you do not have this that would be impossible. If the username is wrong there would be no UserDetails and there would be nothing to check... Still you would need to execute a query anyway.

[relucent]

Authorities need to query to create UserDetails
Collection<GrantedAuthority> also need to obtain a series of queries

1. method : loadUserByUsername
In this method, I can not get the input password
why not provide the password parameter?

2.
If input the password is wrong, but input the username is correct ;(how to return empty authorities?)


(my English grammar is poor, sorry)

[Luke Taylor]

1. method : loadUserByUsername
In this method, I can not get the input password
why not provide the password parameter?

Please check this FAQ.

[Ranga Vadlamudi]

If you really need Password you can extend AbstractUserDetailsAuthenticationProvider and implement retrieveUser method.

Code:

@Override
 protected UserDetails retrieveUser(String username,
                UsernamePasswordAuthenticationToken authentication)
                throws AuthenticationException {

      String password = authentication.getCredentials().toString();	  
 }