Multiple traces are generated for failing requests

[MatthiasDrews]

Describe the bug
When a REST request fails, duplicate traces are generated. This behavior exists for authentication errors (e.g. unauthenticated -> 401), as well as for other errors dispatching to the error page (e.g. wrong URL -> 404).
It seems that requests which are dispatched to the error page by the framework, get a fresh observation and thus traceId, instead of taking any existing observation which was generated by the initial request handling.

The result in Grafana looks similar to this:
example with 404

Tested with SpringBoot 3.0.2, Spring Security 6.0.1

To Reproduce
Fire a request against a secured RestController method, without authentication token.
or
Fire a request with a wrong URL which will result in a 404.

Expected behavior
A single traceId should be generated, dispatched requests should reuse the original traceId

[nkonev]

Hi, @jzheaux, @marcusdacoregio

Seems I managed to reproduce this exactly bug.

to reproduce invoke

./mvnw spring-boot:run # or launch AaaApplication.main via IDE

# usecase 1
curl -i 'http://localhost:8060/api/aaa/login' -X POST -H 'Accept: application/json, text/plain, */*' -H 'Content-Type: application/x-www-form-urlencoded;charset=utf-8' -H 'X-XSRF-TOKEN: 724f5acd-3d1e-421b-a386-eb17dcacece8' -H 'Cookie: VIDEOCHAT_XSRF_TOKEN=724f5acd-3d1e-421b-a386-eb17dcacece8' --data-raw 'login=admin&password=admin'

# usecase 2
curl -i 'http://localhost:8060/internal/profile/auth' -X GET -H 'Accept: text/plain, */*'

and check logs (stdout).

Also I noticed that if I comment out .failureHandler(authenticationFailureHandler) here then the bug disappears.

---

UPD added usecase 2, more expressive, which works regardless commenting out .failureHandler(authenticationFailureHandler)