Hello, I'm completing the integration of acegi into an existing application, and I was wondering what is the best way to propagate custom information with the SecureContext into the current thread. What I've done is subclass the context with a custom class and use that class into HttpSessionContextIntegrationFilter: I then complete it with custom data after validation and upon further use in the application. A couple of questions/requests:
1) would it be possible to make the http session attribute key for the secure context configurable? Currently the value is fixed to ACEGI_SECURITY_CONTEXT
2) currently the secure context instance is created into the HttpSessionContextIntegrationFilter.generateNewCon text: this is public and as such it is easily subclassable. What I'd like to do instead is extract a ioc-configured prototype from spring context using a lookup-method. The problem is that acegi's jar are signed, and this seem to be incompatible with the use of aop-features based on subclassing such as this one: the app explodes with the error "signer information does not match signer information of other classes in the same package". Does this mean I can't use this unless I build acegi by myself and produce non-signed jars?