We should consider introducing a new component model for authentication and authorization with the main goal of improving usability.
The Servlet API is a low-level API and inherently may be more difficult to work with. Introducing a higher-level component API could simplify usage.
Ideally, the component API would completely abstract the Servlet API, in that, the component developer would never need to work with Filter, FilterChain, ServletRequest, ServletResponse, etc.
The existing Filter implementations would need to be replaced with simpler components and the request processing flow controlled via FilterChain would need to be replaced with a specialized component that knows how to orchestrate the request/response processing pipeline.
Related gh-13266, gh-12985