run-as does not work for Servlet.init() --------------------------------------- Key: WFLY-998 URL: https://issues.jboss.org/browse/WFLY-998 Project: WildFly Issue Type: Bug Components: Security Reporter: Derek Horton Assignee: Stuart Douglas Fix For: 9.0.0.Alpha1 According to the servlet 2.4 spec, the run-as should be used for Servlet.init() page 285: " Clarification: run-as identity must apply to all calls from a servlet including init() and destroy() (12.7)" This isn't working. In JBoss 5.x, it looks like this functionality was implemented by a RunAsListener. However, that listener does not appear to exist in the EAP 6 code base.