https://bz.apache.org/bugzilla/show_bug.cgi?id=62104

--- Comment #2 from Remy Maucherat <r...@apache.org> ---
The problem is that ContextConfig.authenticatorConfig is not appropriate with
the login API (which was introduced later). Assuming the webapp has no security
constraints, before r1823310 there would be a problem if metadata-complete was
true (not very common), but now it's always. Oops.

This fix is rather obvious (always set the NLA is there is no login config).
The side effect is that a realm is now mandatory (Tomcat has no way to know if
an app will call login).

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to