SEC-761: HttpSessionContextIntegrationFilter.contextObject should be created in afterPropertiesSet(), not the constructor

http://jira.springframework.org/browse/SEC-761. Added call to generateNewContext() in the afterPropertiesSet() method to take account of custom security context classes.

core/src/main/java/org/springframework/security/context/HttpSessionContextIntegrationFilter.java

@@ -180,6 +180,8 @@ public class HttpSessionContextIntegrationFilter extends SpringSecurityFilter im
             throw new IllegalArgumentException(
                     "If using forceEagerSessionCreation, you must set allowSessionCreation to also be true");
         }
+        
+        contextObject = generateNewContext();
     }
 
     public void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain)