Hi @Artur,
I’m wondering why in VaadinAwareSecurityContextHolderStrategy the getContext() method checks the VaadinSession before falling back to the contextHolder while the setContext() always uses the contextHolder.
We use a JWT based authentication filter in our app. For new sessions the SecurityContext (including Authentication object) is correctly set, but when after some time a new JWT comes in and the SecurityContext is set by the filter, we still get the old one from SecurityContextHolder.getContext().
Shouldn’t VaadinAwareSecurityContextHolderStrategy.setContext() also use the VaadinSession to update the context?
Or am I missing something here?
Thanks,
Gunnar
(had to insert spaces in title because Discourse doesn’t like long words ;-) )