PreReq: User logs in and is given roles got from the database using a custom implementation of userService. i.e. authentication-provider user-service-ref="securityPolicyService" The implemented method loadUserByUsername gets called and the roles are load for the user for the particular club they are logging into, Default one is loaded first time in. The user then click on a different club from the UI and I call a method on a service that gets the new list of authorities for this club. I then perform the following: Object principle = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); SecureMember sm = (SecureMember) principle; Authentication auth = new UsernamePasswordAuthenticationToken(sm, null, newAuthories); <br><br> SecurityContextHolder.getContext().setAuthentication(auth);<br> request.getSession(false).invalidate(); SecureMember extends User from SpringFramework. The problem is the SecureMember authorities are never updated with the new ones. thanks Gary