Think it misses details. Do you have a reverse p or gateway in front of it? Some might run into header size Issues.
You could add a ContainerRequestFilter to log all incoming requests to confirm whether your request reaches the app before security filters (with appropriate priority). Or you add a RequestDumperValve for more information in your server.xml: https://tomcat.apache.org/tomcat-10.1-doc/config/filter.html#Request_Dumper_Filter , so you get more details. Gruß Richard Am 12. Juni 2025 18:25:11 MESZ schrieb COURTAULT Francois <francois.courta...@thalesgroup.com.INVALID>: >THALES GROUP LIMITED DISTRIBUTION to email recipients > >Hello everyone, > >We have a Rest application that uses the microprofile-jwt-auth-spec-2.1 >specification. > >We have an issue with some of our requests, having a JWT in the Authorization >header (eg Authorization: Bearer <JWT 64 bits encoded>), where we get a 400 >(BAD REQUEST) and we don’t know why ☹’ >No stack trace written in the logs. >For such behavior, it seems that the request doesn’t reach the application. > >What could we do in order to troubleshoot this kind of issue ? > >Best Regards. > > > >