related to the context changes we have implemented:

• jaas modules can return user
• default jaas moduel uses UserManager (done some month before)
• ctx.login(user)

To make this code testable we have to drop usage of Authenticator (anyway already minimized). The authenticate method goes to SecuritySupport and can get overriden if needed.