Although the spec does not spell out that init() should be run with the runas
identity, I would expect it would.
Because Sevlet.init() is called after @PostConstruct, and after the
ServletContext is
initialized (ServletContextListener.contextInitialized). Also (In
Glassfish) an EJB that is @Startup @Singleton and @RunAs will properly
delegate the identity to calls made in @PostConstruct.
If a Servlet cannot use init() to use call injected EJBs with an identity,
then what is the mechanism by which code can be run at Web App Startup and
assume an identity? It is not satisfying to say it cannot.
--
[Message sent by forum member 'joelstewart']
View Post: http://forums.java.net/node/782089