Geomajas Community Documentation
The security context allows access to the currently valid user's policies and some limited information (user id, name and organization). In your code, you just have to inject the security context. The face is responsible for assuring the current thread has the correct security context based on the credentials used when accessing the back-end (it will use the SecurityManager service to do that).
The security context contains all methods from the UserInfo and Authorization interfaces, plus some methods to get the current token and get the list of authentication objects which have been combined.