Using JdbcUserDetailsManager vs own UserDetailsService
I am learning about Spring Security and I don't understand completly if I should use JdbcUserDetailsManager or a custom implementation of UserDetailsService. I am using a database for storing users.
I don't get what the JdbcUserDetailsManager gives you apart from a lot of methods, which I am not sure that I want to use? What if you have validations etc? Do you wrap it in a own implementation of UserDetailsService?
I mean, would you leak this manager class througout your application. Is it better to create your own?
There are some differences:
- UserDetailsService is the core interface to load user details and is used by DaoAuthenticationProvider.
- UserDetailsService has a sub-interface the defines CRUD operations on the abstraction of a user: UserDetailsManager
- JdbcDaoImpl is a JDBC implementation of UserDetailsService.
- JdbcUserDetailsManager is a JDBC implementation of UserDetailsManager and an extension of JdbcDaoImpl. It also provides the interface GroupManager
Based on the differences, it may affect how you decide which to use, expose, wrap or even implement.