https://bz.apache.org/bugzilla/show_bug.cgi?id=60824
--- Comment #2 from Jan Engehausen <smurf...@gmail.com> --- Hi Chuck, I understand. We're seeing this in production with 7.0.54, and have a standalone reproduceable scenario with 7.0.47 (embedded). We believe the issue to be in org.apache.catalina.connector.Request.setUserPrincipal(java.security.Principal) and looking at the code of 7.0.63 or 8.0.24 it seems to be still in there as well. http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/7.0.63/org/apache/catalina/connector/Request.java#Request.setUserPrincipal%28java.security.Principal%29 http://grepcode.com/file/repo1.maven.org/maven2/org.apache.tomcat/tomcat-catalina/8.0.24/org/apache/catalina/connector/Request.java#Request.setUserPrincipal%28java.security.Principal%29 Kind regards, Jan -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org