From b8d07222511b4d07b5df0ef3909ef0e86dfec643 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Sun, 12 Nov 2006 21:36:52 +0000
Subject: [PATCH] SEC-367: Added clarification of immutability contract.

---
 .../java/org/acegisecurity/userdetails/UserDetails.java     | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/core/src/main/java/org/acegisecurity/userdetails/UserDetails.java b/core/src/main/java/org/acegisecurity/userdetails/UserDetails.java
index bca2aebf82..c1e19adb50 100644
--- a/core/src/main/java/org/acegisecurity/userdetails/UserDetails.java
+++ b/core/src/main/java/org/acegisecurity/userdetails/UserDetails.java
@@ -38,6 +38,12 @@ import java.io.Serializable;
  * {@link org.acegisecurity.userdetails.User} for a
  * reference implementation (which you might like to extend).
  * </p>
+ * 
+ * <p>
+ * Concrete implementations should be immutable (value object semantics,
+ * like a String). This is because the <code>UserDetails</code> will be
+ * stored in caches and as such multiple threads may use the same instance.
+ * </p>
  *
  * @author Ben Alex
  * @version $Id$