There are two major built-in identity stores available, for RDBMS and LDAP. The @DataBaseIdentityStoreDefinition annotation is used to configure an RDBMS-based Identity Store, as follows:

@DatabaseIdentityStoreDefinition(dataSourceLookup = "jndiPathForDataStore",callerQuery = "Query to fetch user details",groupsQuery = "Query to fetch group details",priority=30)

Similar to database-based identity stores, we can use a built-in annotation, @LdapIdentityStoreDefinition, for an LDAP-based Identity Store:

@LdapIdentityStoreDefinition(url = "ldap://localhost:10389",callerBaseDn = "ou=caller,dc=example,dc=com",groupSearchBase = "ou=group,dc=example,dc=com")

In most cases, built-in stores are sufficient for IdentityStore, but if required, one can create a custom implementation. The IdentityStore interface provides four methods, all of which have default implementations. One can override one or all of the methods based on requirements. Here are the four methods: 

• default CredentialValidationResult validate(Credential credential): This is a validate method, which as the name suggests, is responsible for validating the given credentials and returns CredentialValidationResult.
• default Set<String> getCallerGroups(CredentialValidationResult validationResult):The method getCallerGroups,  is responsible for returning set a of groups which the user is associated with.
• default int priority(): The priority method, only comes into play if more than one IdentityStore is available; the one with the lowest value will be given the highest priority. 
• default Set<ValidationType> validationTypes(): Here, validationTypes returns a set of ValidationType being implemented by the current setup.