Cannot access to Principal via Subject.getSubject(AccessController.getContext()). Problem is that in method internalDoFilter of ApplicationFilterChain in call of filter chain the code determinate the Principal but don't use it: if( Globals.IS_SECURITY_ENABLED ) { final ServletRequest req = request; final ServletResponse res = response; Principal principal = ((HttpServletRequest) req).getUserPrincipal(); Object[] args = new Object[]{req, res, this}; SecurityUtil.doAsPrivilege ("doFilter", filter, classType, args); args = null; } else { In this manner a SecurityUtil.doAsPrivilege will be called with Principal == null and method execute create a Subject with no Principals. Then call a Subject.doAsPrivileged(subject, pea, null); and this do not propagate Principals. I obtain a Subject without Principals calling Subject.getSubject(AccessController.getContext()). In attachment we send our solution
Created attachment 22731 [details] a patch for the problem
many thanks for the patch. This has been committed to trunk and proposed for 6.0.19
This has been applied to 6.0.x and will be in 6.0.19 onwards. Thanks again for the patch.