When I dump the session object of an authenticated (JNDIRealm) user on my
local dev environment versus my development server, for some reason
the javax.security.auth.subject shows up on the dev server but not my
local. I also spun up a docker container with pretty much default tomcat
config and javax.security.auth.subject doesn't show up in the session
object there either. My code is exactly the same in all envs, is there
something within tomcat configuration which would determine if
javax.security.auth.subject is added to the session object? I can't figure
out the difference why it's on one instance but not the other.
