SecurityContext In HttpSession after closing Browser with Spring Security

just closing the browser window does not send any request to the server not make any changes to cookies etc. so would not expect it to change anything

Hi objects...the problem seems to be switching from https (login form) to http (landing page after successful login).  I have my login page under https but then I want my
default-target-url to be under http but when I do this and my default-target-url is matched by Spring it has a null HttpSession and thusly a null SecurityContext and auths me as anonymous role instead of user.  When I have both under https its no problem.  Any ideas on how to support this?  Thanks for your help!

10:47:51,373 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'eventDispatcher'
10:47:51,374 DEBUG SessionFixationProtectionStrategy:84 - Invalidating session with Id '3DFFA5FE669496C0A83781B8B8672033' and migrating attributes.
10:47:51,375 DEBUG SessionFixationProtectionStrategy:94 - Started new session: BF8ECD94D1C4821381C8EED0284D1AE6
10:47:51,376 DEBUG UsernamePasswordAuthenticationFilter:289 - Authentication success. Updating SecurityContextHolder to contain: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@48ad5079: Principal: com.dc.api.model.Users@1f529f0; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 76.102.97.125; SessionId: 3DFFA5FE669496C0A83781B8B8672033; Granted Authorities: com.dc.api.model.Authority@1a1de34
10:47:51,377 DEBUG DefaultListableBeanFactory:242 - Returning cached instance of singleton bean 'eventDispatcher'
10:47:51,378 DEBUG SavedRequestAwareAuthenticationSuccessHandler:107 - Using default Url: /registered/home.html
10:47:51,378 DEBUG DefaultRedirectStrategy:36 - Redirecting to '/dreamcatcher/registered/home.html'
10:47:51,379 DEBUG HttpSessionSecurityContextRepository:360 - SecurityContext stored to HttpSession: 'org.springframework.security.core.context.SecurityContextImpl@48ad5079: Authentication: org.springframework.security.authentication.UsernamePasswordAuthenticationToken@48ad5079: Principal: com.dc.api.model.Users@1f529f0; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 76.102.97.125; SessionId: 3DFFA5FE669496C0A83781B8B8672033; Granted Authorities: com.dc.api.model.Authority@1a1de34'

10:47:51,531 DEBUG DefaultFilterInvocationSecurityMetadataSource:200 - Candidate is: '/registered/home.html'; pattern is /registered/*; matched=true
10:47:51,532 DEBUG ChannelProcessingFilter:99 - Request: FilterInvocation: URL: /registered/home.html; ConfigAttributes: [REQUIRES_INSECURE_CHANNEL]
10:47:51,532 DEBUG FilterChainProxy:375 - /registered/home.html at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
10:47:51,532 DEBUG HttpSessionSecurityContextRepository:130 - No HttpSession currently exists
10:47:51,532 DEBUG HttpSessionSecurityContextRepository:88 - No SecurityContext was available from the HttpSession: null. A new one will be created.
10:47:51,533 DEBUG FilterChainProxy:375 - /registered/home.html at position 3 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
10:47:51,533 DEBUG FilterChainProxy:375 - /registered/home.html at position 4 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
10:47:51,533 DEBUG FilterChainProxy:375 - /registered/home.html at position 5 of 11 in additional filter chain; firing Filter: 'XMLAuthenticationFilter'
10:47:51,533 DEBUG FilterChainProxy:375 - /registered/home.html at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
10:47:51,534 DEBUG FilterChainProxy:375 - /registered/home.html at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
10:47:51,534 DEBUG FilterChainProxy:375 - /registered/home.html at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
10:47:51,534 DEBUG AnonymousAuthenticationFilter:67 - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@d45589d8: Principal: guest; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 76.102.97.125; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'


config:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans
        xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:util="http://www.springframework.org/schema/util"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/util
        http://www.springframework.org/schema/util/spring-util-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd
        http://www.springframework.org/schema/context
        http://www.springframework.org/schema/context/spring-context-3.0.xsd">
        <context:annotation-config />
        <context:component-scan base-package="dc" />
        <global-method-security />
           <http access-denied-page="/auth/denied.html">
                  <intercept-url filters="none" pattern="/javax.faces.resource/**" />
             <intercept-url filters="none" pattern="/services/rest-api/1.0/**" />
             <intercept-url filters="none" pattern="/preregistered/*"/>
             <intercept-url
                pattern="/**/*.xhtml"
                access="ROLE_NONE_GETS_ACCESS" />
             <intercept-url
                pattern="/auth/*"
                access="ROLE_ANONYMOUS,ROLE_USER" requires-channel="https"/>
             <intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>
             <intercept-url
                pattern="/preregistered/*"
                access="ROLE_ANONYMOUS,ROLE_USER" requires-channel="http"/>
             <intercept-url
                pattern="/registered/*"
                access="ROLE_USER" requires-channel="http"/>
            <form-login
                login-processing-url="/j_spring_security_check.html"
                login-page="/auth/login.html"
                default-target-url="/registered/home.html"
                authentication-failure-url="/auth/login.html" />
             <logout invalidate-session="true"
                      logout-url="/auth/logout.html"
                      success-handler-ref="DCLogoutSuccessHandler"/>
            <anonymous username="guest" granted-authority="ROLE_ANONYMOUS"/>
           </http>
           <!-- Configure the authentication provider -->
          <authentication-manager>
                <authentication-provider user-service-ref="userManager">
                        <password-encoder ref="passwordEncoder" />
                </authentication-provider>
        </authentication-manager>
    </beans:beans>

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.