Always store auth context in session

If a session auth context is provided during authentication, we will now always store it
to a session. If no session exists at this point, we will create a session because we
can treat the presence of a SessionAuthContext as a sufficient indicator that the
creation of a session is expected/required.

Previously, we were only storing the auth context in the session if the session existed.
Most likely because of a refactoring of the SessionCreator in
5cdac60, the listener that persists the data is now
called before the session is created.

Author: thll

graylog2-server/src/main/java/org/graylog2/shared/security/PersistSessionDataListener.java

@@ -37,10 +37,8 @@ public void onSuccess(AuthenticationToken token, AuthenticationInfo info) {
         if (info instanceof AuthenticationInfoWithSessionAuthContext(
                 AuthenticationInfo ignored, SessionAuthContext sessionAuthContext
         )) {
-            final var session = SecurityUtils.getSubject().getSession(false);
-            if (session != null) {
-                session.setAttribute(SessionUtils.AUTH_CONTEXT_SESSION_KEY, sessionAuthContext);
-            }
+            SecurityUtils.getSubject().getSession()
+                    .setAttribute(SessionUtils.AUTH_CONTEXT_SESSION_KEY, sessionAuthContext);
         }
     }