Currently, if an user is using a custom Account type to represent their users, he needs to provide an additional CredentialHandler in order to be able to load the custom type during the authentication.

Althought we have this properly documented (http://docs.jboss.org/picketlink/2/latest/reference/html/ch04.html#d5e919), I think we can simplify that and remove the need for custom credential handlers when using a custom account type.

As a suggestion, we can change Credentials to accept a previously loaded Account instance and use this instance when validating credentials. That way we can get the identifier for the account and use it to check if it really exists and retrieve its credentials.

I think this will increase a lot the usability, specially if we consider that in most cases the Account is always loaded by the application before the authentication begins.