Security: Authentication gets lost when using representation builder

[jgou]

When using kauri security and the kauri representation builder, the Authentication object is no longer available when the template representation is created.
This is because the SecurityContextHolder.clearContext() method in SecurityFilter is called after returning the KauriRepresentation but before creating the TemplateRepresentation.
This means we can't use security features (t:protect) in the templates in this scenario.

Howto-test in kauri-security-sample:

add a method in RoleSensitiveJaxRsResource

@GET
@Path("representation")
public KauriRepresentation getRepresentation() {
  return new KauriRepresentation("representation", new HashMap<String, Object>());
}

add a file "representation.xml" in the templates folder

<?xml version="1.0"?>
<html t:inherit="module:/templates/layout/layout.xml"
      xmlns:t="http://kauriproject.org/template">
  <t:block name="main">
    <p>This template is called by the representation builder.</p>
    <p>Below is a fragent only visible to a "user".</p>
    <t:protect access="ROLE_USER">
      <p>This is only visible to ROLE_USER.</p>
    </t:protect> 
  </t:block>
</html>

and navigate to ​http://localhost:8888/roleSensitiveJaxRsResource/representation .
This will result in an error : org.kauriproject.template.TemplateException: protect instruction is used but no AccessDecider is provided.

Note: the following issue might be related in case this triggers thinking about storing the securitycontext: #181

[mpo]

First TODO is checking how this is different then the 'securepage' sample page
​http://localhost:8888/securepage.html

[jgou]

(In [1544]) Ensure that the RepresentationFilter? is also executed (when representations are active) before the SecurityFilter? clears the SecurityContext?.
This fixes #233 . Thanks Bruno for the valuable feedback.