diff --git a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
index 3ed92599bf1..aae79cacf82 100644
--- a/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
+++ b/src/main/java/org/elasticsearch/shield/authc/InternalAuthenticationService.java
@@ -52,14 +52,14 @@ public class InternalAuthenticationService extends AbstractComponent implements
     @Override
     @SuppressWarnings("unchecked")
     public AuthenticationToken token(String action, TransportMessage<?> message, AuthenticationToken defaultToken) {
-        AuthenticationToken token = message.getHeader(TOKEN_CTX_KEY);
+        AuthenticationToken token = (AuthenticationToken) message.getContext().get(TOKEN_CTX_KEY);
         if (token != null) {
             return token;
         }
         for (Realm realm : realms) {
             token = realm.token(message);
             if (token != null) {
-                message.putHeader(TOKEN_CTX_KEY, token);
+                message.putInContext(TOKEN_CTX_KEY, token);
                 return token;
             }
         }
@@ -71,7 +71,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
             throw new AuthenticationException("Missing authentication token for request [" + action + "]");
         }
 
-        message.putHeader(TOKEN_CTX_KEY, defaultToken);
+        message.putInContext(TOKEN_CTX_KEY, defaultToken);
         return defaultToken;
     }
 
@@ -95,7 +95,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
     @SuppressWarnings("unchecked")
     public User authenticate(String action, TransportMessage<?> message, AuthenticationToken token) throws AuthenticationException {
         assert token != null : "cannot authenticate null tokens";
-        User user = message.getHeader(USER_CTX_KEY);
+        User user = (User) message.getContext().get(USER_CTX_KEY);
         if (user != null) {
             return user;
         }
@@ -103,7 +103,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
             if (realm.supports(token)) {
                 user = realm.authenticate(token);
                 if (user != null) {
-                    message.putHeader(USER_CTX_KEY, user);
+                    message.putInContext(USER_CTX_KEY, user);
                     return user;
                 } else if (auditTrail != null) {
                     auditTrail.authenticationFailed(realm.type(), token, action, message);
diff --git a/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java b/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
index 57a2caaa8a0..d4fcbbf8eb7 100644
--- a/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
+++ b/src/main/java/org/elasticsearch/shield/authc/support/UsernamePasswordToken.java
@@ -49,7 +49,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
     }
 
     public static UsernamePasswordToken extractToken(TransportMessage<?> message, UsernamePasswordToken defaultToken) {
-        UsernamePasswordToken token = message.getHeader(TOKEN_KEY);
+        UsernamePasswordToken token = (UsernamePasswordToken) message.getContext().get(TOKEN_KEY);
         if (token != null) {
             return token;
         }
@@ -59,7 +59,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
             if (defaultToken == null) {
                 return null;
             }
-            message.putHeader(TOKEN_KEY, defaultToken);
+            message.putInContext(TOKEN_KEY, defaultToken);
             return defaultToken;
         }
 
@@ -74,7 +74,7 @@ public class UsernamePasswordToken implements AuthenticationToken {
             throw new AuthenticationException("Invalid basic authentication header value");
         }
         token = new UsernamePasswordToken(userpasswd.substring(0, i), userpasswd.substring(i+1).toCharArray());
-        message.putHeader(TOKEN_KEY, token);
+        message.putInContext(TOKEN_KEY, token);
         return token;
     }
 
diff --git a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
index 7bea941aa85..cab814f459a 100644
--- a/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
+++ b/src/test/java/org/elasticsearch/shield/authc/InternalAuthenticationServiceTests.java
@@ -76,7 +76,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
         }
         verify(auditTrail).anonymousAccess("_action", message);
         verifyNoMoreInteractions(auditTrail);
-        assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
+        assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
     }
 
     @Test
@@ -89,7 +89,7 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
         }
         verify(auditTrail).anonymousAccess("_action", message);
         verifyNoMoreInteractions(auditTrail);
-        assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
+        assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), nullValue());
     }
 
     @Test
@@ -98,21 +98,21 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
         assertThat(result, notNullValue());
         assertThat(result, is(token));
         verifyZeroInteractions(auditTrail);
-        assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
-        assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
+        assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
+        assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
     }
 
     @Test @SuppressWarnings("unchecked")
     public void testToken_Cached() throws Exception {
-        message.putHeader(InternalAuthenticationService.TOKEN_CTX_KEY, token);
+        message.putInContext(InternalAuthenticationService.TOKEN_CTX_KEY, token);
         AuthenticationToken result = service.token("_action", message, token);
         assertThat(result, notNullValue());
         assertThat(result, is(token));
         verifyZeroInteractions(auditTrail);
         verifyZeroInteractions(firstRealm);
         verifyZeroInteractions(secondRealm);
-        assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
-        assertThat(message.getHeader(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
+        assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), notNullValue());
+        assertThat(message.getContext().get(InternalAuthenticationService.TOKEN_CTX_KEY), is((Object) token));
     }
 
     @Test @SuppressWarnings("unchecked")
@@ -127,8 +127,8 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
         assertThat(result, notNullValue());
         assertThat(result, is(user));
         verify(auditTrail).authenticationFailed("first", token, "_action", message);
-        assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
-        assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
+        assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
+        assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
     }
 
     @Test @SuppressWarnings("unchecked")
@@ -143,22 +143,22 @@ public class InternalAuthenticationServiceTests extends ElasticsearchTestCase {
         assertThat(result, is(user));
         verifyZeroInteractions(auditTrail);
         verify(firstRealm, never()).authenticate(token);
-        assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
-        assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
+        assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
+        assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
     }
 
     @Test @SuppressWarnings("unchecked")
     public void testAuthenticate_Cached() throws Exception {
         User user = new User.Simple("_username", "r1");
-        message.putHeader(InternalAuthenticationService.USER_CTX_KEY, user);
+        message.putInContext(InternalAuthenticationService.USER_CTX_KEY, user);
         User result = service.authenticate("_action", message, token);
         assertThat(result, notNullValue());
         assertThat(result, is(user));
         verifyZeroInteractions(auditTrail);
         verifyZeroInteractions(firstRealm);
         verifyZeroInteractions(secondRealm);
-        assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
-        assertThat(message.getHeader(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
+        assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), notNullValue());
+        assertThat(message.getContext().get(InternalAuthenticationService.USER_CTX_KEY), is((Object) user));
     }
 
     @Test