This is related to https://java.net/jira/browse/GLASSFISH-20317, which has more detail.
First request to a protected resource gets authenticated successfully by the SAM.
On the second request, the SAM tries to retrieve the user principal from request.getUserPrincipal() and gets null. However on the third request, request.getUserPrincipal() returns the correct principal in SAM's validateRequest() method!
|Field||Original Value||New Value|
|Assignee||Shing Wai Chan [ swchan2 ]||JeffTancill [ jefftancill ]|
|Component/s||security [ 10618 ]|
|Component/s||web_container [ 10622 ]|
|Assignee||JeffTancill [ jefftancill ]||quang.dang [ quang.dang ]|
|Summary||Authenticated user principal is not found in the web session(during second request) after initial successful authentication by a JASPIC ServerAuthModule (SAM)||Authenticated user principal is not cached in the web session after initial successful authentication by a JASPIC ServerAuthModule (SAM)|
|Status||Open [ 1 ]||Resolved [ 5 ]|
|Resolution||Fixed [ 1 ]|