Hi Renier I developed some cusom JAAS login modules for our companies existing security framework - this was done before we started using Spring. I briefly took a look at ACEGI, but time caused me not to persue it further.
I'm not sure what you mean by "create a context object".... I'm not sure how I would go about doing this. One solution that was suggested by a colleague was to to make my POJO "Spring Application Context Aware". I'm banking on having access to the HTTP request object from the spring application context - but even if this is not the case, then I could use a filter to save the user principle into springs application context - and consequently pick it up again inside my Application Context Aware POJO. I'm not sure yet how to get to the Spring Application Context from within the POJO - how does this solution sound to you though?
