If PicketLink HTTP security is configured, and Servlet API [programmatic login|https://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html#login-java.lang.String-java.lang.String-] is used, the {{ @Default Principal}} CDI bean object is not updated (like it would be if using standard JavaEE security). By "Principal object" I mean both {{request.getUserPrincipal()}} and {{@Default Principal}} CDI bean.
This might break applications being ported to PL HTTP security that rely on the combination of programmatic login and Principal bean object .
|