Recent changes for
MODE-1107 and MODE-1205 added the ability to create and plug in custom authentication and authorization logic. And thus our older-style mechanism of creating custom SecurityContext implementations and passing them in through the Credentials was deprecated. MODE-1107 and MODE-1205 actually change the behavior to no longer enable the SecurityContextCredentials by default, though it can be enabled with the Option.USE_SECURITY_CONTEXT_CREDENTIALS option.
We still have a number of unit and integration tests that use this option and set up their own SecurityContext. We should remove these and use a standard approach (either anonymous or JPA, or if absolutely needed a custom AuthorizationProvider).
See https://github.com/ModeShape/modeshape/pull/134#r60321 for a recent discussion.