I am having a hard time understanding some of the authentication concepts in spring security. Specifically AuthoritiesPopulator vs UserService. My current set up is to have an LdapAuthenticationProvider that uses bind authentication from one LDAP directory, but a populates Authorities through another:
<beans:bean id="ldapAuthProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<beans:constructor-arg ref="adLdapContextSource" />
<beans:property name="userSearch">
<beans:bean class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<beans:constructor-arg index="0" value=""/>
<beans:constructor-arg index="1" value="sAMAccountName={0}"/>
<beans:constructor-arg index="2" ref="adLdapContextSource" />
</beans:bean>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="cadaLdapContextSource" />
<beans:constructor-arg value="ou=groups" />
<beans:property name="groupRoleAttribute" value="cn" />
</beans:bean>
</beans:constructor-arg>
</beans:bean>
That all works fine, but the problem is that for spring security to have the 'remember-me' functionality, you need to have a UserService defined. The UserService seems to be exactly the same as the AuthoritiesProvider - is there any way to make them one in the same? Or, is there some concept I am missing?