I have a custom httpActionAdabter and i match matchers once also in the action adapter pac4jcsrf token and other matchers only will be present on register login and logout what i do to have them on all request?
i tried using security filter and make matches these matchers on all request but it doesn’t affect it in security logic with logs i see them that are included in requests in webcontext but in browser inspect element i can’t see response header unless on callback url.

@Secure doesn’t work for websocket in pac4j-play how do i secure a websocket in java pac4j play
thanks
this what i don now
if (!profilesHelper.getProfilesWithHeader(request).isEmpty()) {
UserProfile profile = profilesHelper.getProfilesWithHeader(request).get(0);