I'm reading the docs for Acegi Security 1.0.7 and I think I'm close to a design for my authentication scheme. I need to hook into Acegi for a SAML SSO integration.

I think I can achieve this by creating an AuthenticationProvider class that will look for an SSO token (in this case, a browser cookie) - if there is one and its valid, user is authenticated, if either is false, redirect to ServiceProvider to initialize SSO.

My problem of the moment is that I don't see how I can access the HttpRequest to fetch the cookie from within the 'authenticate' method.

From what I understand of the framework, I can create an implementation of Authentication (call it SsoCookieAuthentication) that makes the appropriate cookie (or not) available via getCredentials() and I can access the Authentication via:

SecurityContextHolder().getContext().getAuthentica tion()

But how do I configure or code so that the object returned by this call is my SsoCookieAuthentication ? Do I need to write a filter that explicitly creates and sets the Authentication object?

Thanks,

Jon