If you neither use Java EE authentication nor Servlet authentication (via JSF) nor Spring-Security you either have to provide your own implementation of the net.sf.jpasecurity.configuration.SecurityContext interface or you have to use one of the build-in authentication providers, which are DefaultAuthenticationProvider and StaticAuthenticationProvider.

Both provide methods to authenticate users and roles and methods to apply runAs behavior. The DefaultAuthenticationProvider may be used in server-site applications where the authentication is on a per-thread-basis whereas the StaticAuthenticationProvider may be used on client-site applications where authentication per vm is intended.

You may take a look at the simple tutoral to see an example of using the StaticAuthenticationProvider. In the next chapter you will learn how to provide a custom security context or authentication provider.