This can be used to associate, for example, Site to the adminUser, or to validate that the Site that the adminUser
has access to is the current site. Implementors may also wish to assign additional data to the admin user, persist
custom data, validate additional access rules, etc.
Implementors should not persist the adminUser object. Rather modify or augment the state of the adminUser object
only. Persistence should be handled outside of this.
If an implementor decides that the user is not actually authenticated or should not be allowed access, an instance of
org.springframework.security.core.AuthenticationException should be thrown.