Security context implementation that uses the session as storage.
The currently authenticated user, if one exists.
Authenticate the given user and persist the authentication.
Authenticate the given user, without persisting the authentication. That is, when the lifecycle ends, the user will be unauthenticated implicitly.
Unauthenticate the current user, if one exists, and persist the change.
Unauthenticate the current user, if one exists, but do not persist the change.
Returns true if there is a currently authenticated user.
Called when the context is created. Can be used by child-classes to do setup work.