I'm using spring and acegi in a webapp that's deployed in tomcat 5.5.26.
I want to see if the user is logged in on the 404 page, so that we can show their name if they're logged in, and a login link otherwise.
I have the HttpSessionContextIntegrationFilter, in the filters on the REQUEST dispatcher. I also have it in the ERROR dispatcher.
The code path appears that the request goes into my app, through the REQUEST dispatcher to the HttpSessionContextIntegrationFilter which records that it has already been applied, sets up the user context then continues the filter chain, and then clears the user context. It then makes its way down the ERROR dispatcher, but the HttpSessionContextIntegrationFilter doesn't do anything because it has already been run for this request, so when it gets to the 404 page, there is no authentication in the context (as it was cleared on the way out) and not put back in.