[jboss-dev-forums] [Design of Security on JBoss] - Re: SecurityContext
scott.stark@jboss.org
do-not-reply at jboss.com
Wed Mar 21 14:53:06 EDT 2007
That's correct and what the test is validating. We have gone around on this in the past, but settled on the run-as identity being what should be seen as propagated. use-caller-identity really is a noop default behavior that does not change the previously established authenticated identity vs run-as which is changing it for the call.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4030347#4030347
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4030347
More information about the jboss-dev-forums
mailing list