Merge "JERSEY-2543: ApplicationHandler.apply() always overrides the SecurityContext of the ContainerRequest"

Michal Gajdoš · Gerrit Code Review · commit 78afc6e1f14a · 2014-06-12T16:39:55.000+02:00
diff --git a/core-server/src/main/java/org/glassfish/jersey/server/ApplicationHandler.java b/core-server/src/main/java/org/glassfish/jersey/server/ApplicationHandler.java
@@ -929,7 +929,9 @@ public Future<ContainerResponse> apply(final ContainerRequest request,
         final FutureResponseWriter responseFuture =
                 new FutureResponseWriter(request.getMethod(), outputStream, runtime.getBackgroundScheduler());
 
-        request.setSecurityContext(DEFAULT_SECURITY_CONTEXT);
+        if (request.getSecurityContext() == null) {
+            request.setSecurityContext(DEFAULT_SECURITY_CONTEXT);
+        }
         request.setWriter(responseFuture);
 
         handle(request);
