When there is an invocation into the web container and the current security context is already set and is of a different security domain than the one configured for the web application, then the SecurityContextEstablishmentValve needs to cache the current context, set a new security context with the configured security domain name and on the return path, put back the cached context.