That doesn't look right. In JBossWeb we used to register both the principal used for authentication and the principal that should be returned by getUserPrincipal() and they would not get mixed. That is, JAAS authentication would always deal with the original principal. We need to check how undertow is doing this to avoid using the wrong principal in subsequent calls.
thanks for your answer.
Is there already news on this, or can you tell if a fix for this will make it into the Final?
I'm having the same problem.
Does anyone have news about that?
I was able to solve this problem by updating from Wildfly 8.1.0.Final to Wildfly 8.2.0.Final.
I hope this helps!