REST API security setting blocks classloading

Hello,
While making tutorial for Java Process Application noticed one thing regarding classloading mechanism. If there is enabled authentication on REST API level, then execution returns folowing error regarding missing class:

org.camunda.bpm.engine.ProcessEngineException: ENGINE-09008 Exception while instantiating class 'com.olegcrafts.bpm.getstarted.approval.ProcessRequestDelegate': ENGINE-09017 Cannot load class 'com.olegcrafts.bpm.getstarted.approval.ProcessRequestDelegate': 

When following configuration is removed then delegate class works as expected.

web.xml

<filter>
   <filter-name>camunda-auth</filter-name>
   <filter-class>
      org.camunda.bpm.engine.rest.security.auth.ProcessEngineAuthenticationFilter
   </filter-class>
   <async-supported>true</async-supported>
   <init-param>
      <param-name>authentication-provider</param-name>
      <param-value>org.camunda.bpm.engine.rest.security.auth.impl.HttpBasicAuthenticationProvider</param-value>
   </init-param>
</filter>
<filter-mapping>
   <filter-name>camunda-auth</filter-name>
   <url-pattern>/*</url-pattern>
</filter-mapping>

Why enabling REST API security blocks classloading? Is it expected, and if so how to make both REST API security and classloading work together?

@Oleg_Ladizhensky Are you using spring boot setup or pre packaged distributions like tomcat, wildfly, etc?

@aravindhrs pre packaged on Tomcat.