[ https://issues.apache.org/jira/browse/KARAF-6158?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16770159#comment-16770159 ]
Matt Pavlovich commented on KARAF-6158: --------------------------------------- I haven't had a chance to debug this down. What it appears is that all the Principals get thrown into a single Set<> or List<> and I suspect somewhere in the layers, someone is pulling off the first Principal and expecting it to be the UserPrincipal for the SecurityContext. Off topic <being rant>Why the SecurityContext does not include all principal is beyond me!</end rant> > SecurityContext returns RolePrincipal instead of UserPrincipal in JAX-RS > ------------------------------------------------------------------------ > > Key: KARAF-6158 > URL: https://issues.apache.org/jira/browse/KARAF-6158 > Project: Karaf > Issue Type: Bug > Affects Versions: 4.1.5 > Reporter: Matt Pavlovich > Assignee: Jean-Baptiste Onofré > Priority: Major > > The SecurityContext in a CXFJAX-RS service is ~75% of the time returning a > RolePrincipal instead of UserPrincipal. > * Custom JAAS provider > * Only one JAAS provider > * Realm named 'karaf' > Seems like same issue posted to karaf-users mailinglist [Nabble > link|http://karaf.922171.n3.nabble.com/securityContext-getUserPrincipal-in-JAX-RS-return-unexpected-RolePrincipal-Why-tt4053628.html] -- This message was sent by Atlassian JIRA (v7.6.3#76005)