https://bz.apache.org/bugzilla/show_bug.cgi?id=62104
--- Comment #2 from Remy Maucherat <r...@apache.org> --- The problem is that ContextConfig.authenticatorConfig is not appropriate with the login API (which was introduced later). Assuming the webapp has no security constraints, before r1823310 there would be a problem if metadata-complete was true (not very common), but now it's always. Oops. This fix is rather obvious (always set the NLA is there is no login config). The side effect is that a realm is now mandatory (Tomcat has no way to know if an app will call login). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org