Is the generic User in Spring Security modifiable? I don't think it's a final class but I'm wondering whether or not I should define my own User entity or just extend the generic User()