GitHub user ggam opened a pull request: https://github.com/apache/tomcat/pull/116
Always store the authenticated Subject on the Request Client Subject needs to be stored on the request even when the authentication data was cached. Fixes https://bz.apache.org/bugzilla/show_bug.cgi?id=62547 The issue is present on both Tomcat 8.5.X and 9.X and the fix should easily backported. You can merge this pull request into a Git repository by running: $ git pull https://github.com/ggam/tomcat jaspic-cleansubject Alternatively you can review and apply these changes as the patch at: https://github.com/apache/tomcat/pull/116.patch To close this pull request, make a commit to your master/trunk branch with (at least) the following in the commit message: This closes #116 ---- commit 3168fc0ecb2adc39127b04287e9805cdc90bedaa Author: Guillermo González de Agüero <ggam@...> Date: 2018-07-17T11:26:52Z Always store the authenticated Subject Client Subject needs to be stored on the request even when the authentication data was cached. Fixes https://bz.apache.org/bugzilla/show_bug.cgi?id=62547 ---- --- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org