Actually, I was thinking that this would be a great feature to add to the Spring integration security component. Not sure how much the community would use this feature, but I would benefit from it. Example XML declaration:
Examples setting from header or payload...
<!-- globally sets SecurityContext's Authentication object based on AutheticatedToken found in message. NOTE: AuthenticatedToken could be anywhere in Message, either as a seperate header or part of the message payload.
<si-security:global-secured-context expression="headers.AUTH_TOKEN" />
<si-security:global-secured-context expression="payload.authToken" />