https://bz.apache.org/bugzilla/show_bug.cgi?id=59823
--- Comment #4 from Arjan Tijms <arjan.ti...@gmail.com> --- >true if AuthStatus.SUCCESS Is that also when a null is passed to the CallerPrincipalCallback? Since in that case the container will establish this unauthenticated identity (see http://docs.oracle.com/javaee/7/api/javax/security/auth/message/callback/CallerPrincipalCallback.html). This means HttpServletRequest.getUserPrincipal() will return a null. But the JavaDoc for the return value of HttpServletRequest#authenticate says "true when non-null values were or have been established as the values returned by getUserPrincipal, getRemoteUser, and getAuthType." -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
