Description
The default SecurityService returns in getLogicalRoles the name of principals when the logical roles matches their names.
TomcatSecurityService, however, overrides this method, interpreting his own principal classes: TomcatUser and RunAsRole, and does not follow the default behavior of SecurityService.
It should interpret any principal, as SecurityService does, granting matching names for logical roles / principal.getName().
There is an old mailing list thread which covers the subject: http://old.nabble.com/Unauthenticated-principal-td21012809.html