Which two statements are true regarding storing user details in Spring Security? (Choose two.)
Which two statements are true regarding storing user details in Spring Security? (Choose two.)
User details can be stored in custom storage by implementing the UserDetailsService interface and retrieved as needed. Additionally, user details can be stored in various places, including a database, LDAP, or in-memory. These options provide flexibility in how user information is managed and accessed within a Spring Security application.
A is incorrect because if a custom UserDetailsService is defined in the ApplicationContext, Spring Boot will not create the default user. B is incorrect because the default hashing algorithm for passwords in Spring Security is BCrypt. E is incorrect because the user details also includes authorities, which are the roles that the user has.
Authorities are part of a Principal. Default user is not created when you define your own UserDetailsService in memory or not...