Calling fluent withRequest(request) method on HttpMessageContextWrapper will loose the wrapper.

[darranl]

Callers of this method are supposed to be able to assume they will receive back the instance they called.

https://github.com/jakartaee/security/blob/master/api/src/main/java/jakarta/security/enterprise/authentication/mechanism/http/HttpMessageContext.java#L143-L151

However the wrapper returns the wrapped instance instead of itself.

https://github.com/jakartaee/security/blob/master/api/src/main/java/jakarta/security/enterprise/authentication/mechanism/http/HttpMessageContextWrapper.java#L106-L109

It should likely call getWrapped().withRequest(request); as these objects are not immutable but then return this instead.