@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; Remembered r = getCookie(request); if (r == null || r.isExpired()) // вычищаем контекст, чтобы обновить авторизацию SecurityContextHolder.clearContext(); super.doFilter(req, res, chain); }