We need to update SLF4J'S MDC with information from the current Authentication object.
For this we've developed a ThreadLocal based SecurityContextHolderStrategy which updates the MDC as required.
Unfortunately all implementations of SecurityContextHolderStrategy are final and package-private and therefore not open for extension. We had to copy and paste the code from ThreadLocalSecurityContextHolderStrategy.
I don't know if there's any good reason for that - if not it would be very handy for developers, who need to provide their own implementations, to make these classes extendable.