Documentation on Authentication and JPA

[Crain-32]

Expected Behavior Quick Note about JPA Caching Interactions with the Authentication Chain

Current Behavior Nothing currently noting the interaction with the EntityManager when using defaults.

Context (This is mostly Conjecture, based on Stack Traces and a lot of break point, but the Current Behavior is currect) As the Spring Security Filter Chain is typically one of the first filters, the OpenEntityManagerInViewFilter/OpenEntityInViewInterceptor Filters are not called yet. This means if your UserDetailsService is JPA based, any DB Entity will not be associated to the JPA Persistence Context for the rest of the request. Although this behavior is preferred, it would be good to document that the Entity is unmanaged when using defaults.

[marcusdacoregio]

Hi, @Crain-32. Can you elaborate more on what you would like to be detailed? At first, it doesn't feel that it should be included in the documentation as it can happen with any entity, not just the ones related to Spring Security. I think that such documentation is out of scope.

[Crain-32]

@marcusdacoregio I think something like the following Screenshot would be fine. Not a full section, just a nice little "heads up". Obviously the wording can (and likely should) change. This is just the example.