Well that was easy; I didn't even have to modify my policy file. It does still leave me with the impression that RunAs (from the web container to the ejb container anyway) is broken.
I looked at the spec and it seems that what I want to do should be possible: Create role which maps to a user, in application.xml and put a @RunAs on a servlet.
2.7 javax.annotation.security.RunAs
The RunAs annotation defines the role of the application during execution in a Java
EE container. It can be specified on a class. This allows developers to execute an
application under a particular role. The role MUST map to the user / group
information in the container’s security realm. The value element in the annotation
is the name of a security role.
[code]
package javax.annotation.security;
import static java.lang.annotation.ElementType.*;
import static java.lang.annotation.RetentionPolicy.*;
@Target(TYPE)
@Retention(RUNTIME)
public @interface RunAs {
String value();
}
[/code]
The following example shows the usage of the annotation defined above:
[code]
@RunAs(“Admin”)
public class Calculator {
//....
}
[/code]
Should I create a bug report for this, or am I totally misunderstanding the purpose of RunAs?
[Message sent by forum member 'jeffreyrodriguez' (jeffreyrodriguez)]
http://forums.java.net/jive/thread.jspa?messageID=236280