Does SecurityFilterChain uses UserDetailsService internally to verify the username and password?

No, the SecurityFilterChain does not directly use UserDetailsService to verify a username and password. Instead, it delegates this work to other components in the Spring Security architecture. 

The SecurityFilterChain is a high-level component that contains a series of filters. When a request with a username and password (e.g., from a login form or HTTP Basic Auth) is processed, the chain orchestrates the following flow: 

1. A specific authentication filter in the chain, such as the UsernamePasswordAuthenticationFilter for form login, extracts the username and password from the request.
2. The filter then packages these credentials into an Authentication token, like a UsernamePasswordAuthenticationToken.
3. The filter sends this token to the AuthenticationManager to attempt authentication.
4. The AuthenticationManager (the default implementation is ProviderManager) delegates the request to a list of configured AuthenticationProvider instances to find one that can handle the token.
5. For standard username and password authentication, the DaoAuthenticationProvider is used. This provider is the component that uses the UserDetailsService.
6. The DaoAuthenticationProvider calls the loadUserByUsername() method on the UserDetailsService to retrieve the user's details, including the stored (encoded) password and authorities.
7. The DaoAuthenticationProvider then uses a PasswordEncoder to compare the provided password with the stored encoded password.
8. If the passwords match, the authentication succeeds, and an authenticated Authentication object is returned up the chain. This object is then stored in the SecurityContext. 

In summary, the UserDetailsService is part of a multi-layered process. The SecurityFilterChain acts as the traffic controller, directing requests to the appropriate components, with the DaoAuthenticationProvider being the specific component that leverages UserDetailsService for verification.