Hello everyone...

I have a new project where the user must authenticate with three parameters, the usual username and password, plus an authority/role... For example: A user named John Smith has the role of administrator (ROLE_ADMIN) and when he tries to authenticate he must enter his username, his password, and chose from a drop-down thingy his authority... If any of these parameters is invalid, the authentication should fail, so if he choses a role he doesn't have, he shouldn't be able to login...

The question comes up, because in theory I know what to do, but in practice I'm a little confused. So this is my plan:

1. Create a custom UserDetailsService implementation and override the loadUserByUsername method.

2. Create a custom authentication manager and override the authenticate method.

3. Config the two classes in my Spring configuration .xml files.

I want to know if those steps are correct or should I need to extend the User class too, or any other thing I might be missing... If possible, an example would be ace but any kind of help is highly appreciated... Thanks in advance!