SecurityContextHolder authentication object not available to subsequent requests from the client

Question

Inside getUserObject() method we are not able to get Authentication object. It's available for 1st request only. But its setting to null for subsequent requests from client. So please help me to configure it properly so that its available for all the requests calls.

I am not sure how to configure inside configure method in AuthConfig.java so that authentication object would be available for all the requests chain

AuthConfig.java:

@Configuration
@EnableWebSecurity
public class AuthConfig extends WebSecurityConfigurerAdapter {
@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.csrf().disable();
        http.authorizeRequests()
                .antMatchers("/callback", "/", "/auth0/authorize", "/resources/**", "/public/**", "/static/**",
                        "/login.do", "/logout.do", "/thankYou.do", "/customerEngagement.do",
                        "/oldCustomerEngagement.do", "/registerNew.do", "/forgotPassword.do", "/checkMongoService.do",
                        "/reset.do", "/rlaLogin.do", "/fnfrefer.do", "/thankYouLeadAggregator.do", "/referral")
                .permitAll()
                .anyRequest().authenticated().and().
                logout()
                .logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler());
    }
------------------------------------------------------------------------------
AuthController.java:

@RequestMapping(value = "/callback", method = RequestMethod.GET)
    public void callback(HttpServletRequest request, HttpServletResponse response)
            throws IOException, IdentityVerificationException {
        try {
            Tokens tokens = authenticationController.handle(request, response);
            DecodedJWT jwt = JWT.decode(tokens.getIdToken());
            List<GrantedAuthority> grantedAuths = new ArrayList<GrantedAuthority>();
            grantedAuths.add(new SimpleGrantedAuthority("ROLE_USER"));
            Authentication auth = new UsernamePasswordAuthenticationToken(jwt.getSubject(), jwt.getToken(), grantedAuths);
    
            
            SecurityContext context = SecurityContextHolder.getContext();
            context.setAuthentication(auth);
            
            response.sendRedirect(config.getContextPath(request) + "/loancenter/home.do");
        } catch (Exception e) {
            LOG.info("callback page error");
            response.sendRedirect(config.getContextPath(request) + "/loancenter");
        }
    }
--------------------------------------------------------------------------------
HomeController.java:

@Controller
public class DefaultController implements InitializingBean {

@RequestMapping(value = "home.do")
    public ModelAndView showCustomerPage(HttpServletRequest req, HttpServletResponse res, Model model) {
ModelAndView mav = new ModelAndView();

        try {

            User user = getUserObject(req);
            if(user==null) {
                LOG.info("User not found in session");
                mav.setViewName(JspLookup.LOGIN);
                return mav;
            }
          } catch (Exception e) {
            LOG.error("Exception in Home page ", e);
        }
        return mav;

}

protected User getUserObject(HttpServletRequest request) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        LOG.info("authentication::{}", authentication);

        User user = null;
        if (authentication == null) {
            return user;
        }

        if (authentication.getPrincipal() instanceof User) {
            user = (User) authentication.getPrincipal();
            LOG.info("User already authenticated and logging :{}", user.getEmailId());
            sendUserLoginEmailToLO(user);
        } else {
            UsernamePasswordAuthenticationToken token = (UsernamePasswordAuthenticationToken) authentication;
            DecodedJWT jwt = JWT.decode(token.getCredentials().toString());
            user = userProfileDao.findByUserEmail(jwt.getClaims().get("email").asString());
            if (user != null) {
                LOG.info("First time authentication:{}", user.getEmailId());
                boolean auth0EmailVerified = jwt.getClaims().get("email_verified").asBoolean();
                LOG.info("First time authentication email verified flag from auth0:{}", auth0EmailVerified);
                LOG.info("First time authentication email verified flag from nlc:{}", user.getEmailVerified());
                if (BooleanUtils.isFalse(user.getEmailVerified()) && auth0EmailVerified) {
                    LOG.info("Email is verified in Auth0, updating email_verified flag to true in DB for userId: {}",
                            user.getId());
                    userProfileDao.verifyEmail(user.getId());
                    LOG.info("First time authentication updated email verified flag in nlc db:{}", user.getEmailId());
                }

                if (user.getNewEmailVerified() != null && BooleanUtils.isFalse(user.getNewEmailVerified())) {
                    LOG.info("The user is verifying his email: set his verified to true");
                    userProfileDao.verifyNewEmail(user.getId());
                }
                Authentication auth = new UsernamePasswordAuthenticationToken(user, jwt.getToken(),
                        token.getAuthorities());
                messageServiceHelper.checkIfUserFirstLogin(user);
                LOG.info("Authentication provided for user : {}", user.getEmailId());
                LOG.debug("Auth object constructed : {}", auth);
                SecurityContextHolder.getContext().setAuthentication(auth);
                HttpSession session = request.getSession(true);
                session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
                sendUserLoginEmailToLO(user);
            }
        }
        return user;
    }
}