It would be nice if we could delay looking up the SecurityContext for requests that might be marked as permitAll. This would provide a significant performance boost for css resources using Spring Session

Comment From: rwinch

Closing in favor of gh-10913