I plan to close this issue as discussed below.
Please let me know if there is any other opinion.
Shing Wai Chan
On 8/31/11 11:04 AM, Shing Wai Chan wrote:
> I have filed an issue http://java.net/jira/browse/SERVLET_SPEC-8
> to track this.
> Thanks.
> Shing Wai Chan
>
>> On 30/08/2011 23:31, Shing Wai Chan wrote:
>>> I have discussed with Ronald Monzillo about the run-as in servlet.
>>> I try to summarize his comments as follows:
>>>
>>> a) In "A.8 Changes Since Servlet 2.3", it states
>>>
>>> Clarification: “run-as” identity must apply to all calls from a servlet
>>> including init() and destroy() (12.7)
>>>
>>> There is no such clarification in the section 12.7 or in the security
>>> chapter, so the clarification may have been lost, but the appendix
>>> clearly notes the intent, and thus he thinks it is required that a
>>> specified run-as identity be in effect during init() and destroy().
>>>
>>> b) Note that section 15.3.1 Propagation of Security Identity in EJB
>>> Calls, requires that propagation occur whenever an ejb is called by a
>>> servlet (without consideration of the Servlet method form which the ejb
>>> call is made). That may be going too far, but it would at least support
>>> that run-as should be honored within init(); where it is has become
>>> common practice to invoke ejbs, and where (unlike the case of calls to
>>> ejbs from servlet context listeners), there is a mapping to a specific
>>> servlet on which to look for a run-as specification.
>>>
>>> I think we should only propagate the security identity when
>>> Servlet#init, Servlet#destroy and Servlet#service are called.
>>> (So, there will be no security identity propagation for
>>> Servlet#getServletConfig, Servlet#getServletInfo.)
>>> I think we need to clarify this in spec.
>>> Any comments?
>> Seems reasonable to me.
>>
>> Mark
>