Security context implementation that uses the session as storage.
The currently authenticated user, if one exists.
The name of this context.
The repository from which to draw users.
Authenticate the given user and persist the authentication.
Authenticate the given user, without persisting the authentication. That is, when the lifecycle ends, the user will be unauthenticated implicitly.
Unauthenticate the current user, if one exists, and persist the change.
Unauthenticate the current user, if one exists, but do not persist the change.
Returns true if there is a currently authenticated user.
Called when the context is created. Can be used by child-classes to do setup work.
Write the current state of the security context to whatever storage medium the context's host provides.
Assuming a user is still authenticated in the context, try to look up and fill in the user.
If there is NO USER to be resumed, then the method should flush the user from this context.
Get the current user or throw an authorization error.