#93 Fix JSP include of security content

[Scott M Stark]

Fix a security problem that showed up in the 2.4.0
release. The issue is that if a secured JSP page
includes a sequence of jsp includes like:

<jsp:include page="test.jsp" flush="true">
<jsp:param name="name" value="d1"/>
</jsp:include>
<jsp:include page="test.jsp" flush="true">
<jsp:param name="name" value="d2"/>
</jsp:include>
<jsp:include page="test.jsp" flush="true">
<jsp:param name="name" value="d3"/>
</jsp:include>
<jsp:include page="test.jsp" flush="true">
<jsp:param name="name" value="d4"/>
</jsp:include>

where test.jsp looks up a secured stateless session
bean, only the first include succeeds. The later
includes fail because the security association of the
servlet request thread was lost.