private void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException { final String servletPath = RequestUtils.getServletPathFromRequest(request); // add no cache header to web app request RequestUtils.addNoCacheToWebAppRequest(servletPath, response); String method = request.getMethod(); if ((servletPath == null || "/".equals(servletPath) || servletPath.length() == 0) && "get".equalsIgnoreCase(method)) { // We were called with an empty path - redirect to the app main page response.sendRedirect(HttpUtils.ANGULAR_WEBAPP + "/"); return; } // Reuse the authentication if it exists Authentication authentication = RequestUtils.getAuthentication(request); boolean isAuthenticated = authentication != null && authentication.isAuthenticated(); // Make sure this is called only once boolean reAuthRequired = reAuthenticationRequired(request, authentication); if (reAuthRequired) { /** * A re-authentication is required but we might still have data that needs to be invalidated * (like the Wicket session) */ Map<String, LogoutHandler> logoutHandlers = ContextHelper.get().beansForType(LogoutHandler.class); for (LogoutHandler logoutHandler : logoutHandlers.values()) { logoutHandler.logout(request, response, authentication); } } boolean authenticationRequired = !isAuthenticated || reAuthRequired; SecurityContext securityContext = SecurityContextHolder.getContext(); if (authenticationRequired) { if (authFilter.acceptFilter(request)) { authenticateAndExecute(request, response, chain, securityContext); } else { useAnonymousIfPossible(request, response, chain, securityContext); } } else { log.debug("Using authentication {} from Http session.", authentication); useAuthentication(request, response, chain, authentication, securityContext); } }