private boolean reAuthenticationRequired(
HttpServletRequest request, Authentication authentication) {
if (authentication == null || !authentication.isAuthenticated()) {
// Not authenticated so not required to redo ;-)
return false;
}
// If user changed force re-auth
String username = authentication.getName();
AuthenticationCache authenticationCache = userChangedCache.get(username);
if (authenticationCache != null && authenticationCache.isChanged(authentication)) {
authenticationCache.loggedOut(authentication);
return true;
}
return authFilter.requiresReAuthentication(request, authentication);
}
