When AuthConfigFactoryImpl.getRegistrationIDs() is called with null parameter in order to get all active registrations' IDs, it always returns in the result list the default registration id, even if there is no registration with this ID. It adds the default registration ID to the list if the default registration map is not null, but it actually is always non-null becuase it is created upon creation of the AuthConfigFactoryImpl instance.
This pull request contains a test case, which illustrates the problem and a fix for it: https://github.com/apache/tomcat/pull/88 One comment - in the proposed fix I add a check if the default registrations map is empty. However, here the check for null seems not to be necessary as the map is created upon creation of the AuthConfigFactoryImpl instance.
Agreed. It looks like some refactoring took place that wasn't fully taken into account. The null check is unnecessary. As is making the map volatile.
Thanks for the pull request. I tweaked it slightly as per my previous comment before applying it. Fixed in: - trunk for 9.0.2 onwards - 8.5.x for 8.5.24 onwards