Spring会话-重定向到目标url后在会话中找不到安全上下文

我将spring-session与hazelcast和spring-security一起使用。我正面临spring security无法从HttpSession加载安全上下文的问题。在身份验证期间,我可以看到以下代码将安全上下文设置为会话：

if (contextChanged(context)||  httpSession.getAttribute(springSecurityContextKey) == null) {
  httpSession.setAttribute(springSecurityContextKey, context);
  if (logger.isDebugEnabled()) {
    logger.debug("SecurityContext '" + context
                + "' stored to HttpSession: '" + httpSession);
    }
}

但在spring重定向到目标url时进行身份验证后,它无法从会话中获取安全上下文,代码如下：

Object contextFromSession = httpSession.getAttribute(springSecurityContextKey);

if (contextFromSession == null) {

  if (debug) {
    logger.debug("HttpSession returned null object for SPRING_SECURITY_CONTEXT");
  }
  return null;
}

知道这里有什么问题吗？安全调试日志-

w.a.s.SessionFixationProtectionStrategy : Started new session: 2192be54-aee1-4249-98ba-01a65a401830
c.i.i.w.s.LoggingSecurityEventListener   : event=SessionFixationProtectionEvent username=cgrant remoteAddress=0:0:0:0:0:0:0:1 sessionId=c7363d39-28ff-44e3-83a9-d463f2f371e5
w.a.UsernamePasswordAuthenticationFilter : Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5e87c6c5: Principal: org.springframework.security.core.userdetails.
c.i.i.w.s.LoggingSecurityEventListener   : event=InteractiveAuthenticationSuccessEvent username=cgrant remoteAddress=0:0:0:0:0:0:0:1 sessionId=c7363d39-28ff-44e3-83a9-d463f2f371e5
RequestAwareAuthenticationSuccessHandler : Using default Url: /
o.s.s.web.DefaultRedirectStrategy        : Redirecting to '/myapp/'
w.c.HttpSessionSecurityContextRepository : SecurityContext 'org.springframework.security.core.context.SecurityContextImpl@5e87c6c5: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@5e87c6c5: Principal: org.springframework.security.core.userdetails.User@fb03e089: Username: cgrant; .......... stored to HttpSession: 'org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper@5d2baa59
s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
o.s.s.w.s.HttpSessionEventPublisher      : Publishing event: org.springframework.security.web.session.HttpSessionCreatedEvent[source=org.springframework.session.web.http.ExpiringSessionHttpSession@287a471f]
.....
.....
o.s.security.web.FilterChainProxy        : / at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
o.s.security.web.FilterChainProxy        : / at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.springframework.session.web.http.SessionRepositoryFilter$SessionRepositoryRequestWrapper$HttpSessionWrapper@8d3c315. A new one will be created.
o.s.security.web.FilterChainProxy        : / at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
o.s.s.w.header.writers.HstsHeaderWriter  : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@57f4e063
o.s.security.web.FilterChainProxy        : / at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher  : Checking match of request : '/'; against '/logout'
o.s.security.web.FilterChainProxy        : / at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
o.s.s.w.u.matcher.AntPathRequestMatcher  : Request 'GET /' doesn't match 'POST /login/auth
o.s.security.web.FilterChainProxy        : / at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
o.s.security.web.FilterChainProxy        : / at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
o.s.security.web.FilterChainProxy        : / at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
o.s.s.w.a.AnonymousAuthenticationFilter  : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6fa843a8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2192be54-aee1-4249-98ba-01a65a401830; Granted Authorities: ROLE_ANONYMOUS'
o.s.security.web.FilterChainProxy        : / at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
o.s.security.web.FilterChainProxy        : / at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
o.s.security.web.FilterChainProxy        : / at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
.....
.....
o.s.s.w.a.i.FilterSecurityInterceptor    : Secure object: FilterInvocation: URL: /; Attributes: [authenticated]
o.s.s.w.a.i.FilterSecurityInterceptor    : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6fa843a8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd3270: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 2192be54-aee1-4249-98ba-01a65a401830; Granted Authorities: ROLE_ANONYMOUS
o.s.s.access.vote.AffirmativeBased       : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@1023c8f1, returned: -1
o.s.s.w.a.ExceptionTranslationFilter     : Access is denied (user is anonymous); redirecting to authentication entry point