Swapping hardcoded users with a Spring Data-backed set of users

Creating a hardcoded set of users is great if we’re creating a demo (or writing a book!), but it’s no way to build a real, production-oriented application. Instead, it’s better to outsource user management to an external database.

By having the application reach out and authenticate against an external user source, it makes it possible for another team, such as our security engineering team, to manage the users through a completely different tool that manages that database.

Decoupling user management from user authentication is a great way to improve the security of the system. So, we’ll combine some of the techniques we learned in the previous chapter with the UserDetailsService interface we learned about in the previous section.

Since we already have Spring Data JPA and H2 on the classpath, we can start off by defining a JPA-based UserAcount domain object as follows:

@Entity
public...