if (isProtected(request) && !identity.isLoggedIn()) {
// Force session creation
request.getSession();
if (creds.getCredential() != null) {
identity.login();
}
if (identity.isLoggedIn()) {
if (this.authenticationScheme.postAuthentication(request, response)) {
chain.doFilter(servletRequest, servletResponse);