I need to provide my users the ability to assume different sets of Authorities on one account, without logging out and back in. The idea is that users have multiple roles avaliable to them, allowing them to fill in for other users. At login a user is assigned a default set of Authorities, but they may choose to switch to choose a different role with a different set of Authorities at any time.
What is the best way to dyamically update the Authorities associated with their Authentication object? I can think of a few ways it might be done... ACLs come to mind as a way it COULD be done, but they are not a perfect match since I am not really trying to manage permissions on a domain object.