mirror of
https://github.com/spring-projects/spring-security.git
synced 2025-02-23 23:31:27 +00:00
ffe2834f4c
When SEC-1950 was introduced it caused problems when a <filter-mapping> was mapped to multiple dispatchers (i.e. REQUEST and FORWARD) since when the second dispatcher completed execution it cleared the SecurityContext and the original FilterChain would then save the cleared out SecurityContext. We now use a pattern similar to the OncePerRequestFilter to only invoke SecurityContextHolder.clearContext() on the first invocation of the Filter. We do not simply extend OncePerRequestFilter because we want to invoke the delegate filters for every request.