Index: AbstractSecurityInterceptor.java =================================================================== RCS file: /cvsroot/acegisecurity/acegisecurity/core/src/main/java/net/sf/acegisecurity/intercept/AbstractSecurityInterceptor.java,v retrieving revision 1.16 diff -a -r1.16 AbstractSecurityInterceptor.java 362c362,363 < if (SecurityContextHolder.getContext().getAuthentication() == null) { --- > Authentication currentAuthentication = SecurityContextHolder.getContext().getAuthentication(); > if (currentAuthentication == null) { 367c368 < // Attempt authentication --- > // Attempt authentication if not already authenticated. 368a370,378 > if (!currentAuthentication.isAuthenticated()) { > try { > authenticated = this.authenticationManager.authenticate(currentAuthentication); > } catch (AuthenticationException authenticationException) { > AuthenticationFailureEvent event = new AuthenticationFailureEvent(object, > attr, > currentAuthentication, > authenticationException); > this.context.publishEvent(event); 370,381c380,381 < try { < authenticated = this.authenticationManager.authenticate(SecurityContextHolder.getContext() < .getAuthentication()); < } catch (AuthenticationException authenticationException) { < AuthenticationFailureEvent event = new AuthenticationFailureEvent(object, < attr, < SecurityContextHolder.getContext().getAuthentication(), < authenticationException); < this.context.publishEvent(event); < < throw authenticationException; < } --- > throw authenticationException; > } 383c383,386 < authenticated.setAuthenticated(true); --- > authenticated.setAuthenticated(true); > if (logger.isDebugEnabled()) { > logger.debug("Authenticated: " + authenticated.toString()); > } 385,386c388,390 < if (logger.isDebugEnabled()) { < logger.debug("Authenticated: " + authenticated.toString()); --- > SecurityContextHolder.getContext().setAuthentication(authenticated); > } else { > authenticated = currentAuthentication; 389,390d392 < SecurityContextHolder.getContext().setAuthentication(authenticated); <