Description
The Broker uses the idiom Subject.getPrincipals.iterator().next() in a couple of places to find the principal corresponding to the username of the logged on user. This assumes that corresponding principal will always be returned first. This may not be a safe assumption across different JVM providers, different JVM versions or when running Qpid with a container.
This should be replaced by our utility methods AuthenticatedPrincipal#getOptionalAuthenticatedPrincipalFromSubject and
AuthenticatedPrincipal#getAuthenticatedPrincipalFromSubject