Login returns indefinitely HttpSession returned null object for SPRING_SECURITY_CONTEXT

Login returns indefinitely "HttpSession returned null object for SPRING_SECURITY_CONTEXT" unless I do logout.
Happens occasionally. Not known how to reproduce. Seems to be we have this problem after upgrade to spring-security-4.0.3.RELEASE
I m pasting spring-security debug log.

```
11:39:36,223 [http-apr-9080-exec-7] DEBUG DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:9080/application]
11:39:36,223 [http-apr-9080-exec-7] DEBUG Calling Authentication entry point.
11:39:36,223 [http-apr-9080-exec-7] DEBUG Redirecting to 'http://localhost:9080/application/screens/Login'
11:39:36,223 [http-apr-9080-exec-7] DEBUG SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:39:36,223 [http-apr-9080-exec-7] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:36,223 [http-apr-9080-exec-8] DEBUG Checking match of request : '/screens/login'; against '/screens/login'
11:39:36,223 [http-apr-9080-exec-8] DEBUG /screens/Login has an empty filter list
11:39:37,567 [http-apr-9080-exec-9] DEBUG Checking match of request : '/securitycheck'; against '/screens/login'
11:39:37,567 [http-apr-9080-exec-9] DEBUG Checking match of request : '/securitycheck'; against '/resources/**'
11:39:37,567 [http-apr-9080-exec-9] DEBUG Checking match of request : '/securitycheck'; against '/extjs/**'
11:39:37,567 [http-apr-9080-exec-9] DEBUG Checking match of request : '/securitycheck'; against '/services/**'
11:39:37,567 [http-apr-9080-exec-9] DEBUG /SecurityCheck at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:37,567 [http-apr-9080-exec-9] DEBUG HttpSession returned null object for SPRING_SECURITY_CONTEXT
11:39:37,567 [http-apr-9080-exec-9] DEBUG No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@15dff038. A new one will be created.
11:39:37,567 [http-apr-9080-exec-9] DEBUG /SecurityCheck at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:37,567 [http-apr-9080-exec-9] DEBUG /SecurityCheck at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:37,567 [http-apr-9080-exec-9] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:37,567 [http-apr-9080-exec-9] DEBUG /SecurityCheck at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:37,567 [http-apr-9080-exec-9] DEBUG Checking match of request : '/securitycheck'; against '/screens/logout'
11:39:37,567 [http-apr-9080-exec-9] DEBUG /SecurityCheck at position 5 of 11 in additional filter chain; firing Filter: 'CompositeAuthenticationFilter'
11:39:37,567 [http-apr-9080-exec-9] DEBUG Checking match of request : '/securitycheck'; against '/securitycheck'
11:39:37,567 [http-apr-9080-exec-9] DEBUG SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:39:37,567 [http-apr-9080-exec-9] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:37,567 [http-apr-9080-exec-10] DEBUG Checking match of request : '/securitycheck'; against '/screens/login'
11:39:37,567 [http-apr-9080-exec-10] DEBUG Checking match of request : '/securitycheck'; against '/resources/**'
11:39:37,567 [http-apr-9080-exec-10] DEBUG Checking match of request : '/securitycheck'; against '/extjs/**'
11:39:37,567 [http-apr-9080-exec-10] DEBUG Checking match of request : '/securitycheck'; against '/services/**'
11:39:37,567 [http-apr-9080-exec-10] DEBUG /SecurityCheck at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:37,567 [http-apr-9080-exec-10] DEBUG HttpSession returned null object for SPRING_SECURITY_CONTEXT
11:39:37,567 [http-apr-9080-exec-10] DEBUG No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@15dff038. A new one will be created.
11:39:37,567 [http-apr-9080-exec-10] DEBUG /SecurityCheck at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:37,567 [http-apr-9080-exec-10] DEBUG /SecurityCheck at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:37,567 [http-apr-9080-exec-10] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:37,567 [http-apr-9080-exec-10] DEBUG /SecurityCheck at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:37,567 [http-apr-9080-exec-10] DEBUG Checking match of request : '/securitycheck'; against '/screens/logout'
11:39:37,567 [http-apr-9080-exec-10] DEBUG /SecurityCheck at position 5 of 11 in additional filter chain; firing Filter: 'CompositeAuthenticationFilter'
11:39:37,567 [http-apr-9080-exec-10] DEBUG Checking match of request : '/securitycheck'; against '/securitycheck'
11:39:37,567 [http-apr-9080-exec-10] DEBUG SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:39:37,567 [http-apr-9080-exec-10] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:37,567 [http-apr-9080-exec-1] DEBUG Checking match of request : '/securitycheck'; against '/screens/login'
11:39:37,567 [http-apr-9080-exec-1] DEBUG Checking match of request : '/securitycheck'; against '/resources/**'
11:39:37,567 [http-apr-9080-exec-1] DEBUG Checking match of request : '/securitycheck'; against '/extjs/**'
11:39:37,567 [http-apr-9080-exec-1] DEBUG Checking match of request : '/securitycheck'; against '/services/**'
11:39:37,567 [http-apr-9080-exec-1] DEBUG /SecurityCheck at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:37,567 [http-apr-9080-exec-1] DEBUG HttpSession returned null object for SPRING_SECURITY_CONTEXT
11:39:37,567 [http-apr-9080-exec-1] DEBUG No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@15dff038. A new one will be created.
11:39:37,567 [http-apr-9080-exec-1] DEBUG /SecurityCheck at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:37,567 [http-apr-9080-exec-1] DEBUG /SecurityCheck at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:37,567 [http-apr-9080-exec-1] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:37,567 [http-apr-9080-exec-1] DEBUG /SecurityCheck at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:37,567 [http-apr-9080-exec-1] DEBUG Checking match of request : '/securitycheck'; against '/screens/logout'
11:39:37,567 [http-apr-9080-exec-1] DEBUG /SecurityCheck at position 5 of 11 in additional filter chain; firing Filter: 'CompositeAuthenticationFilter'
11:39:37,567 [http-apr-9080-exec-1] DEBUG Checking match of request : '/securitycheck'; against '/securitycheck'
11:39:37,708 [http-apr-9080-exec-1] DEBUG Authentication attempt using app.modules.util.auth.DatabaseAuthenticationProvider
11:39:37,739 [http-apr-9080-exec-1] DEBUG Redirecting to DefaultSavedRequest Url: http://localhost:9080/application
11:39:37,739 [http-apr-9080-exec-1] DEBUG Redirecting to 'http://localhost:9080/application'
11:39:37,739 [http-apr-9080-exec-1] DEBUG SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@df98084: Authentication: app.modules.util.auth.UserAuthentication@df98084' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@15dff038
11:39:37,739 [http-apr-9080-exec-1] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/screens/login'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/resources/**'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/extjs/**'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/services/**'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG No HttpSession currently exists
11:39:37,739 [http-apr-9080-exec-2] DEBUG No SecurityContext was available from the HttpSession: null. A new one will be created.
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/screens/logout'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 5 of 11 in additional filter chain; firing Filter: 'CompositeAuthenticationFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/securitycheck'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
11:39:37,739 [http-apr-9080-exec-2] DEBUG  at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/servlet/shortavailability/**'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/screens/manageusers'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/screens/managepermissions'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Checking match of request : ''; against '/screens/home'
11:39:37,739 [http-apr-9080-exec-2] DEBUG Secure object: FilterInvocation: URL: ; Attributes: [hasAnyRole('Administrator','User')]
11:39:37,739 [http-apr-9080-exec-2] DEBUG Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
11:39:37,739 [http-apr-9080-exec-2] DEBUG Voter: org.springframework.security.web.access.expression.WebExpressionVoter@480af767, returned: -1
11:39:37,739 [http-apr-9080-exec-2] DEBUG Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:232)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:48)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at app.util.WebappInfoProvider.doFilter(WebappInfoProvider.java:41)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:505)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:956)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:423)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1079)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:625)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.doRun(AprEndpoint.java:2517)
    at org.apache.tomcat.util.net.AprEndpoint$SocketProcessor.run(AprEndpoint.java:2506)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)
11:39:37,739 [http-apr-9080-exec-2] DEBUG DefaultSavedRequest added to Session: DefaultSavedRequest[http://localhost:9080/application]
11:39:37,739 [http-apr-9080-exec-2] DEBUG Calling Authentication entry point.
11:39:37,755 [http-apr-9080-exec-2] DEBUG Redirecting to 'http://localhost:9080/application/screens/Login'
11:39:37,755 [http-apr-9080-exec-2] DEBUG SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:39:37,755 [http-apr-9080-exec-2] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:37,755 [http-apr-9080-exec-3] DEBUG Checking match of request : '/screens/login'; against '/screens/login'
11:39:37,755 [http-apr-9080-exec-3] DEBUG /screens/Login has an empty filter list
11:39:42,442 [http-apr-9080-exec-4] DEBUG Checking match of request : '/screens/logout'; against '/screens/login'
11:39:42,442 [http-apr-9080-exec-4] DEBUG Checking match of request : '/screens/logout'; against '/resources/**'
11:39:42,442 [http-apr-9080-exec-4] DEBUG Checking match of request : '/screens/logout'; against '/extjs/**'
11:39:42,442 [http-apr-9080-exec-4] DEBUG Checking match of request : '/screens/logout'; against '/services/**'
11:39:42,442 [http-apr-9080-exec-4] DEBUG /screens/Logout at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:42,442 [http-apr-9080-exec-4] DEBUG HttpSession returned null object for SPRING_SECURITY_CONTEXT
11:39:42,442 [http-apr-9080-exec-4] DEBUG No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@4bb26fb1. A new one will be created.
11:39:42,442 [http-apr-9080-exec-4] DEBUG /screens/Logout at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:42,442 [http-apr-9080-exec-4] DEBUG /screens/Logout at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:42,442 [http-apr-9080-exec-4] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:42,442 [http-apr-9080-exec-4] DEBUG /screens/Logout at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:42,442 [http-apr-9080-exec-4] DEBUG Checking match of request : '/screens/logout'; against '/screens/logout'
11:39:42,442 [http-apr-9080-exec-4] DEBUG Logging out user 'null' and transferring to logout destination
11:39:42,442 [http-apr-9080-exec-4] DEBUG Invalidating session: 738F4699178D36D04E3C38703DE0991F
11:39:42,442 [http-apr-9080-exec-4] DEBUG Using default Url: /screens/Login
11:39:42,442 [http-apr-9080-exec-4] DEBUG Redirecting to '/application/screens/Login'
11:39:42,442 [http-apr-9080-exec-4] DEBUG SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:39:42,442 [http-apr-9080-exec-4] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:42,442 [http-apr-9080-exec-5] DEBUG Checking match of request : '/screens/login'; against '/screens/login'
11:39:42,442 [http-apr-9080-exec-5] DEBUG /screens/Login has an empty filter list
11:39:45,145 [http-apr-9080-exec-6] DEBUG Checking match of request : '/securitycheck'; against '/screens/login'
11:39:45,145 [http-apr-9080-exec-6] DEBUG Checking match of request : '/securitycheck'; against '/resources/**'
11:39:45,145 [http-apr-9080-exec-6] DEBUG Checking match of request : '/securitycheck'; against '/extjs/**'
11:39:45,145 [http-apr-9080-exec-6] DEBUG Checking match of request : '/securitycheck'; against '/services/**'
11:39:45,145 [http-apr-9080-exec-6] DEBUG /SecurityCheck at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:45,145 [http-apr-9080-exec-6] DEBUG No HttpSession currently exists
11:39:45,145 [http-apr-9080-exec-6] DEBUG No SecurityContext was available from the HttpSession: null. A new one will be created.
11:39:45,145 [http-apr-9080-exec-6] DEBUG /SecurityCheck at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:45,145 [http-apr-9080-exec-6] DEBUG /SecurityCheck at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:45,145 [http-apr-9080-exec-6] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:45,145 [http-apr-9080-exec-6] DEBUG /SecurityCheck at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:45,145 [http-apr-9080-exec-6] DEBUG Checking match of request : '/securitycheck'; against '/screens/logout'
11:39:45,145 [http-apr-9080-exec-6] DEBUG /SecurityCheck at position 5 of 11 in additional filter chain; firing Filter: 'CompositeAuthenticationFilter'
11:39:45,145 [http-apr-9080-exec-6] DEBUG Checking match of request : '/securitycheck'; against '/securitycheck'
11:39:45,145 [http-apr-9080-exec-6] DEBUG SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:39:45,145 [http-apr-9080-exec-6] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:45,145 [http-apr-9080-exec-7] DEBUG Checking match of request : '/securitycheck'; against '/screens/login'
11:39:45,145 [http-apr-9080-exec-7] DEBUG Checking match of request : '/securitycheck'; against '/resources/**'
11:39:45,145 [http-apr-9080-exec-7] DEBUG Checking match of request : '/securitycheck'; against '/extjs/**'
11:39:45,145 [http-apr-9080-exec-7] DEBUG Checking match of request : '/securitycheck'; against '/services/**'
11:39:45,145 [http-apr-9080-exec-7] DEBUG /SecurityCheck at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:45,145 [http-apr-9080-exec-7] DEBUG No HttpSession currently exists
11:39:45,145 [http-apr-9080-exec-7] DEBUG No SecurityContext was available from the HttpSession: null. A new one will be created.
11:39:45,145 [http-apr-9080-exec-7] DEBUG /SecurityCheck at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:45,145 [http-apr-9080-exec-7] DEBUG /SecurityCheck at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:45,145 [http-apr-9080-exec-7] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:45,145 [http-apr-9080-exec-7] DEBUG /SecurityCheck at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:45,145 [http-apr-9080-exec-7] DEBUG Checking match of request : '/securitycheck'; against '/screens/logout'
11:39:45,145 [http-apr-9080-exec-7] DEBUG /SecurityCheck at position 5 of 11 in additional filter chain; firing Filter: 'CompositeAuthenticationFilter'
11:39:45,145 [http-apr-9080-exec-7] DEBUG Checking match of request : '/securitycheck'; against '/securitycheck'
11:39:45,145 [http-apr-9080-exec-7] DEBUG SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
11:39:45,145 [http-apr-9080-exec-7] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:45,145 [http-apr-9080-exec-8] DEBUG Checking match of request : '/securitycheck'; against '/screens/login'
11:39:45,145 [http-apr-9080-exec-8] DEBUG Checking match of request : '/securitycheck'; against '/resources/**'
11:39:45,145 [http-apr-9080-exec-8] DEBUG Checking match of request : '/securitycheck'; against '/extjs/**'
11:39:45,145 [http-apr-9080-exec-8] DEBUG Checking match of request : '/securitycheck'; against '/services/**'
11:39:45,145 [http-apr-9080-exec-8] DEBUG /SecurityCheck at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:45,145 [http-apr-9080-exec-8] DEBUG No HttpSession currently exists
11:39:45,145 [http-apr-9080-exec-8] DEBUG No SecurityContext was available from the HttpSession: null. A new one will be created.
11:39:45,145 [http-apr-9080-exec-8] DEBUG /SecurityCheck at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:45,145 [http-apr-9080-exec-8] DEBUG /SecurityCheck at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:45,145 [http-apr-9080-exec-8] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:45,145 [http-apr-9080-exec-8] DEBUG /SecurityCheck at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:45,145 [http-apr-9080-exec-8] DEBUG Checking match of request : '/securitycheck'; against '/screens/logout'
11:39:45,145 [http-apr-9080-exec-8] DEBUG /SecurityCheck at position 5 of 11 in additional filter chain; firing Filter: 'CompositeAuthenticationFilter'
11:39:45,145 [http-apr-9080-exec-8] DEBUG Checking match of request : '/securitycheck'; against '/securitycheck'
11:39:45,301 [http-apr-9080-exec-8] DEBUG Authentication attempt using app.modules.util.auth.DatabaseAuthenticationProvider
11:39:45,333 [http-apr-9080-exec-8] DEBUG Using default Url: /screens/Home
11:39:45,333 [http-apr-9080-exec-8] DEBUG Redirecting to '/application/screens/Home'
11:39:45,333 [http-apr-9080-exec-8] DEBUG HttpSession being created as SecurityContext is non-default
11:39:45,333 [http-apr-9080-exec-8] DEBUG SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@21ce8bee: Authentication: app.modules.util.auth.UserAuthentication@21ce8bee' stored to HttpSession: 'org.apache.catalina.session.StandardSessionFacade@6c5e3473
11:39:45,333 [http-apr-9080-exec-8] DEBUG SecurityContextHolder now cleared, as request processing completed
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/screens/login'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/resources/**'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/extjs/**'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/services/**'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 1 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Obtained a valid SecurityContext from SPRING_SECURITY_CONTEXT: 'org.springframework.security.core.context.SecurityContextImpl@21ce8bee: Authentication: app.modules.util.auth.UserAuthentication@21ce8bee'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 2 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@71e87e8e
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/screens/logout'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 5 of 11 in additional filter chain; firing Filter: 'CompositeAuthenticationFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/securitycheck'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG SecurityContextHolder not populated with anonymous token, as it already contained: 'app.modules.util.auth.UserAuthentication@21ce8bee'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
11:39:45,333 [http-apr-9080-exec-9] DEBUG /screens/Home at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/servlet/shortavailability/**'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/screens/manageusers'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/screens/managepermissions'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Checking match of request : '/screens/home'; against '/screens/home'
11:39:45,333 [http-apr-9080-exec-9] DEBUG Secure object: FilterInvocation: URL: /screens/Home; Attributes: [isAuthenticated()]
11:39:45,333 [http-apr-9080-exec-9] DEBUG Previously Authenticated: app.modules.util.auth.UserAuthentication@21ce8bee
11:39:45,333 [http-apr-9080-exec-9] DEBUG Voter: org.springframework.security.web.access.expression.WebExpressionVoter@480af767, returned: 1
11:39:45,333 [http-apr-9080-exec-9] DEBUG Authorization successful
```

Please notice that the section with the time 11:39:37,567
3 different threads printing same log.
Similar log as from The section with time 11:39:37,567 repeats several times until I do logout and login, I just pasted the last piece to make it shorter here.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Login returns indefinitely HttpSession returned null object for SPRING_SECURITY_CONTEXT #3796

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Login returns indefinitely HttpSession returned null object for SPRING_SECURITY_CONTEXT #3796

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions