04ef9e
@@ -73,6 +73,7 @@
public class JASPIAuthenticationMechanism implements AuthenticationMechanism {
 
     public static final AttachmentKey<HttpServerExchange> HTTP_SERVER_EXCHANGE_ATTACHMENT_KEY = AttachmentKey.create(HttpServerExchange.class);
     public static final AttachmentKey<SecurityContext> SECURITY_CONTEXT_ATTACHMENT_KEY = AttachmentKey.create(SecurityContext.class);
+    private static final AttachmentKey<Boolean> ALREADY_WRAPPED = AttachmentKey.create(Boolean.class);
 
     private final String securityDomain;
     private final String configuredAuthMethod;
@@ -220,6 +221,10 @@
public class JASPIAuthenticationMechanism implements AuthenticationMechanism {
     }
 
     private void secureResponse(final HttpServerExchange exchange, final SecurityContext securityContext, final JASPIServerAuthenticationManager sam, final GenericMessageInfo messageInfo, final JASPICallbackHandler cbh) {
+        if(exchange.getAttachment(ALREADY_WRAPPED) != null || exchange.isResponseStarted()) {
+            return;
+        }
+        exchange.putAttachment(ALREADY_WRAPPED, true);
         // we add a response wrapper to properly invoke the secureResponse, after processing the destination
         exchange.addResponseWrapper(new ConduitWrapper<StreamSinkConduit>() {
             @Override
