https://github.com/spring-projects/spring-security/issues/12504 fixed the SwitchUserFilter by saving the security context explicitly.
Switching users typically implies a user is logged in and has an authenticated session that needs to change across a period of requests. Therefore, it makes sense to use HttpSessionSecurityContextRepository