private boolean reAuthenticationRequired( HttpServletRequest request, Authentication authentication) { if (authentication == null || !authentication.isAuthenticated()) { // Not authenticated so not required to redo ;-) return false; } // If user changed force re-auth String username = authentication.getName(); AuthenticationCache authenticationCache = userChangedCache.get(username); if (authenticationCache != null && authenticationCache.isChanged(authentication)) { authenticationCache.loggedOut(authentication); return true; } return authFilter.requiresReAuthentication(request, authentication); }