https://bz.apache.org/bugzilla/show_bug.cgi?id=62036
--- Comment #8 from Mark Thomas <[email protected]> --- Regardless, this does look like a bug that needs to be fixed. Apart from NonLoginAuthenticator.doAuthenticate() everywhere else that caches the Principal in the session caches the TomcatPrincipal. Switching to s/getUserPrincipal()/getPrincipal()/ looks like it will work - but I want to see if we need to validate any GSSCredential at this point. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
