the securityContext will be lost in jsp page when use the spring async controller.

### Summary

spring security: 4.1.2.RELEASE

the securityContext will be lost in jsp page when use the spring async controller with callable dispatcher result, and the authorize tag will not work.
### Actual Behavior
1. in a spring controller method, return a Callable<String> type to dispatch to a jsp page.
   `
   public Callable<String> list() {
   
   ```
   return () -> {
       //doSomething
       return "jsppage";
   };
   ```
   
   }
   `
2. in jsppage, use the authorize tag
   `
   < security:authorize access="hasAuthority('code')" >
   test
   < /security:authorize >
   `
   the 'test' will not be show although I login with a user which has the 'code' authority.
3. in fact, the below code in the AbstractAuthorizeTag#authorizeUsingAccessExpression that want to obtain the authentication will return null.
   `if (SecurityContextHolder.getContext().getAuthentication() == null) {
   return false;
   }
   `
4. The reason of this issue  is the page dispatch and render in difference thread that managed by container which without set securityContext.
### Expected Behavior

when I use async controller, the jsp tag authorize should be work correctly.
### Configuration
### Version

spring security: 4.1.2.RELEASE
tomcat: 8.0.30
### Sample


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

the securityContext will be lost in jsp page when use the spring async controller. #4047

Summary

Actual Behavior

Expected Behavior

Configuration

Version

Sample

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

the securityContext will be lost in jsp page when use the spring async controller. #4047

Description

Summary

Actual Behavior

Expected Behavior

Configuration

Version

Sample

Metadata

Metadata

Assignees

Labels

Type

Fields

Projects

Milestone

Relationships

Development

Issue actions