AuthConfigFactoryImpl.getConfigProvider() always creates a listener wrapper, even if the listener parameter is actually null. When after that AuthConfigFactoryImpl.removeRegistration() is called, the listeners in all listener wrappers for this registration are notified for the removal. However, no check for null listener in the listener wrapper is made, therefore if there is a null listener within a wrapper a NPE is thrown.
This pull request contains a test case, which illustrates the problem and a fix for it: https://github.com/apache/tomcat/pull/87
Again, many thanks. Fixed in: - trunk for 9.0.2 onwards - 8.5.x for 8.5.24 onwards