This could be a username/password from a login controller.
This method is called while initializing the security context. By returning TRUE you
make sure that the authentication manager will (re-)authenticate the tokens with the current credentials.
Note: You should not persist the credentials!