This is my understanding of the SecurityInterceptor mechanics:
For each request a Authentication object is retrieved from the SecureContext. The Authentication object gets authenticated and the authenticated Authentication object gets placed back in the SecureContext.
Question: Why is it necessary to (re)authenticate a Authentication object even if it has already been authenticated in a previous request? Specifically are there any security concerns regarding this procedure or could the (re)authentication also be avoided by simply reusing an authenticated Authentication object?
Thanks for your patience