SEC-112: Bug when SecurityEnforcementFilter used with disabled Authentication and remember-me services.

core/src/main/java/org/acegisecurity/intercept/web/SecurityEnforcementFilter.java

@@ -279,6 +279,10 @@ public class SecurityEnforcementFilter implements Filter, InitializingBean {
                 targetUrl);
         }
         
+        // SEC-112: Clear the SecurityContextHolder's Authentication, as the
+        // existing Authentication is no longer considered valid
+        SecurityContextHolder.getContext().setAuthentication(null);
+
         authenticationEntryPoint.commence(request,
             (HttpServletResponse) fi.getResponse(), reason);
     }