diff --git a/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/AuthenticationState.java b/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/AuthenticationState.java
index 1d45443ebdc..a18eca34971 100644
--- a/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/AuthenticationState.java
+++ b/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/AuthenticationState.java
@@ -17,6 +17,7 @@ import java.security.Principal;
 
 import org.eclipse.jetty.http.HttpException;
 import org.eclipse.jetty.http.HttpStatus;
+import org.eclipse.jetty.http.HttpURI;
 import org.eclipse.jetty.security.IdentityService.RunAsToken;
 import org.eclipse.jetty.security.authentication.LoginAuthenticator;
 import org.eclipse.jetty.security.internal.DeferredAuthenticationState;
@@ -274,9 +275,19 @@ public interface AuthenticationState extends Request.AuthenticationState
      * The {@link SecurityHandler} will use this to wrap the {@link Request}.
      * And then will return a {@link Deferred} authentication to bypass security constraints.
      */
-    interface ServeAs extends AuthenticationState
+    class ServeAs implements AuthenticationState
     {
-        Request wrap(Request request);
+        private final HttpURI _uri;
+
+        public ServeAs(HttpURI uri)
+        {
+            _uri = uri;
+        }
+
+        public Request wrap(Request request)
+        {
+            return Request.serveAs(request, _uri);
+        }
     }
 
     static Deferred defer(LoginAuthenticator loginAuthenticator)
diff --git a/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java b/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
index c0cac775c92..508f584ad5d 100644
--- a/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
+++ b/jetty-core/jetty-security/src/main/java/org/eclipse/jetty/security/authentication/FormAuthenticator.java
@@ -360,7 +360,7 @@ public class FormAuthenticator extends LoginAuthenticator
         {
             String newPath = URIUtil.addPaths(request.getContext().getContextPath(), path);
             HttpURI.Mutable newUri = HttpURI.build(request.getHttpURI()).pathQuery(newPath);
-            return (AuthenticationState.ServeAs)req -> Request.serveAs(req, newUri);
+            return new AuthenticationState.ServeAs(newUri);
         }
         catch (Throwable t)
         {