https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #15 from Robert Rodewald <robert.rodew...@kopsis.com> --- I found an interesting differentiation on this page: https://github.com/wildfly/wildfly/blob/master/docs/src/main/asciidoc/_elytron/Elytron_and_Java_Authentication_SPI_for_Containers-JASPI.adoc If a SAM requires access to the configured identity management (the realm) of the runtime is uses "integrated" mode (this would be a CallbackHandler implementation that implements Contained). If it establishes the identity and roles of the user by itself it can use "non-itegrated" mode (no access to the realm) and is what was supported by Tomcat before the patch (CallbackHandler does not implement Contained and has no access to the Realm). -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
