SecurityContext does not clear the credentials of a SOAP-Gateway. Consecutive calls to the gateway add the credentials of each call. If we want to extract the credentials later in the exchange we get wrong(previously added) credentials.

Cause: SecurityContext is a InheritableThreadLocal, so the object is reused for each call with the same thread (http thread).