How to find username (principal) in Heap Dump of Spring Application deployed on Tomcat

1. Load Heap Dump with MAT (Eclipse Memory Analyzer)
2. Find suspicious org.apache.tomcat.util.threads.TaskThread instance
3. Open outgoing references for it
4. Order by class name descending to easier find spring classes
5. Look for class   org.springframework.security.web.servletapi.HttpServlet3RequestFactory$Servlet3SecurityContextHolderAwareRequestWrapper

6. Look for response
7. Look for authBeforeExecution and select it
8. In Inspector window on the left you have Attributes and principal is the username of suspicious request