Authentication differs per-environment

Hey everyone.

In my app, I use a before_filter called 'authorize' to set up a User object @current_user for the logged-in user (or reject the client if I can't match their credentials). But depending on my environment, this filter needs to behave differently. In production, it needs to get the (already-authenticated, through a corporate SSO package) username from request.env[CUSTOM_KEY]. In development and test, we can't get to the SSO, so we just let the client pick a user account to masquerade as, and put the username into the session.

I found a simple way to do this, but it's ugly:

   def authenticate
     if RAILS_ENV == 'production'
       @current_user = User.find_by_eid(request.env['CUSTOM_KEY'])
       unless @current_user
         redirect_to :controller => :login, :action => :unauthorized
       @current_user = User.find_by_eid(session[:fake_eid])
       unless @current_user
         session[:original_uri] = request.request_uri
         flash[:notice] = "Please log in"
         redirect_to(:controller => "login", :action => "login")

I tried moving some of this code to config/environments/production.rb (for example), but of course when the configuration is happening, there is no request or session object, so I couldn't do something like:

CURRENT_USER = request.env['CUSTOM_KEY']

Does anyone have any suggestions on a cleaner way to do this than the hardcoded RAILS_ENV in ApplicationController.authenticate?

Many thanks,