Clear Origin ThreadLocal after AuthN in ExternalOAuthAuthenticationManager (#3619)

* Add clearing of ThreadLocal after authentication

* Wrap super.authenticate call in try-finally and move clearing of ThreadLocal to finally block

Author: adrianhoelzl-sap

server/src/main/java/org/cloudfoundry/identity/uaa/provider/oauth/ExternalOAuthAuthenticationManager.java

@@ -178,6 +178,16 @@ public void setOrigin(String origin) {
         this.origin.set(origin);
     }
 
+    @Override
+    public Authentication authenticate(final Authentication request) throws AuthenticationException {
+        try {
+            return super.authenticate(request);
+        } finally {
+            // clear ThreadLocal holding the origin key
+            origin.remove();
+        }
+    }
+
     public IdentityProvider resolveOriginProvider(String idToken) throws AuthenticationException {
         try {
             Map<String, Object> claims = parseClaimsFromIdTokenString(idToken);