Well, if there are no hints, here is my view.
I checked the code for locations where org.apache.catalina.Globals.SUBJECT_ATTR
(or the String "javax.security.auth.subject") is used. There are seemingly two
locations:
- org.apache.catalina.connector.Request.setUserPrincipal(...)
- org.apache.catal
Thank you, Martin, for answering despite of the messed up email!
A short point to clarify: I am using JAASRealm, and a custom jaas.config file
which does not refer to AASMemoryLoginModule. So JAASMemoryLoginModule is also
not called.
As for my custom login module, I checked it, and it does us
