According to their javadoc, these methods should replace the rule and configuration (or SSL context) at the given index with the given rule and configuration.

In case when AuthenticationContext is defined with RuleNode - RuleA, RuleB, RuleC and RuleNode replacing method is called for index1 and RuleD, then:

• correct behavior should be - new AuthenticationContext with rule ordered - RuleA, RuleD, RuleC is created
• current behavior is - new AuthenticationContext with rule ordered - RuleD, RuleD, RuleB RuleC is created

Behavior of these methods is correct only in case when they are called with index 0.