SpringSecurity缓存问题

Security在securityContextPersistenceFilter这个过滤器中把SecurityContextHolder清除了，

finally {

//先从SecurityContextHolder获取SecurityContext实例

SecurityContext contextAfterChainExecution = SecurityContextHolder.getContext();

// Crucial removal of SecurityContextHolder contents - do this before anything else.

//再把SecurityContext实例从SecurityContextHolder中清空

SecurityContextHolder.clearContext();

//将SecurityContext实例持久化到session中

repo.saveContext(contextAfterChainExecution, holder.getRequest(), holder.getResponse());

request.removeAttribute(FILTER_APPLIED);

if (debug) {

logger.debug("SecurityContextHolder now cleared, as request processing completed");

}

}

而在sec:authorize标签鉴权时，还是使用Authentication auth = SecurityContextHolder.getContext().getAuthentication();这样获取的值为null，标签无法使用，这个问题怎么解决，框架这么做不合理啊。

http://haohaoxuexi.iteye.com/blog/2159871