Hi,

I've read most of the documentation and browsed the JavaDoc's quite a bit as well as done some Googling. I still would like some pointers of what I need to do.

I have created my own PasswordEncoder which I've tried with the in-memory UserDetailsService and had some users in the XML, it worked nicely!

I'm using Hibernate and would like to use it to persist my users.

This is what I think I need to do:
  1. I implement the UserDetails interface in my User class. I will have additional information not needed for UserDetails stored in User, like e-mail address and other User data.
  2. I use DaoAuthenticationProvider and create a class MyHibernateUserService which implements the UserDetailsService interface. I set DaoAuthenticationProvider to use MyHibernateUserService. In MyHibernateUserService I load users from the database when loadUserByUsername(...) is called. I also make DaoAuthenticationProvider use my custom PasswordEncoder implementation.

Did I miss anything or do you have any additional comments on the above?

I also have some questions for things I'm puzzled on how to do:
  • The JavaDoc says that concrete implementations of the UserDetail interface should be immutable. But if I choose to store e-mail etc in the user those will sometimes change. How will these changes be handled?
  • When a new user is created. How should that be handled?
  • When a user changes his/her password. How is that handled?


Best regards,
Kent