I'm trying to get a simple form login on google apps engine to work using Spring Security Framework.

As far as I understand I need to create a UserDetailsService to populate the UserDetails object for the authentication.

Code:
@Service("springUserDetailsService")
public class SpringUserDetailsService implements UserDetailsService, Serializable {
	@Resource(name="userDao")
	private IUserDao userDao;

	@Override
	public UserDetails loadUserByUsername(String username){...}
}
So I do that. But now my SpringUserDetailsService gets a NotSerializableException. Google persists the session to datastore. If I make my class Serializable, then I get exceptions downstream in the DAO object.

Somewhere I read a suggestion to use @Scope("session") but this neither makes sense to me (this object should be a global singleton) and it also produces a less comprehensible exception.

Any advice? This seems like such a simple use case and I have not gotten it to work in 2 days been over the internet 10 times over and posted a variety of questions without success. I must be missing some simple concept here.