https://bz.apache.org/bugzilla/show_bug.cgi?id=64715
--- Comment #3 from Robert Rodewald <robert.rodew...@kopsis.com> --- Sorry, I got the section number wrong, it's section 3.5 Chapter 3 is Servlet Container Profile. Here is an excerpt from section 3.5: The CallbackHandler passed to ServerAuthModule.initialize is determined by the handler argument passed in the AuthConfigProvider.getServerAuthConfig call that acquired the corresponding authentication context configuration object. The handler argument must not be null, and the argument handler and the CallbackHandler passed to ServerAuthModule.initialize MUST support the following callbacks: • CallerPrincipalCallback • GroupPrincipalCallback • PasswordValidationCallback So it is a bug, if Tomcat claims to be JASPIC 1.1 compatible in my opinion. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org