SubjectInfo.getRoles is null with cached credentials in SPNEGO -------------------------------------------------------------- Key: SECURITY-747 URL: https://issues.jboss.org/browse/SECURITY-747 Project: PicketBox Issue Type: Bug Security Level: Public(Everyone can see) Components: Negotiation Environment: EAP 6.1 SPNEGO setup with KERBEROS Reporter: Chris Dolphy Assignee: Darran Lofthouse SecurityContextAssociation.getSecurityContext().getSubjectInfo().getRoles() returns the user's roles on the initial login, but if you refresh you get null. All subsequent calls will return null. I'm using the 3rd test in JBoss Negotiation Toolkit. If you refresh after logging in, you get a NullPointerException It appears that with Basic autentication, JBossWebRealm.authenticate calls JBossAuthenticationManager.getSubjectRoles which sets the roles on the SubjectInfo. However, with SPNEGO (NegotiationAuthenticator) JBossWebRealm.authenticate is not called on subsequent requests due to request.getUserPrincipal() being set, so the roles are never set on SubjectInfo. However, the role information is in SubjectInfo as a principal.