I've made a couple changes in security behavior in 2.2, see
GERONIMO-4155 and GERONIMO-4778.
1. Previously it was possible to set a run-as role on a component
(servlet or ejb) and not define an identity corresponding to the run-
as role. The effect was that the run-as role setting was ignored.
This has been changed to throw and IllegalArgumentException when no
identity for the run-as role is discovered. I also updated the
javadoc a bit to explain this behavior.
2. The servlet spec is silent on what effect, if any, a servlet run-as
role has on a dispatch to another servlet. Since access decisions are
only evaluated for the servlet that maps to the original request, and
not any subsequent dispatches, this only affects stuff like
isUserInRole(foo) calls in the dispatched-to servlet. After some
conversations with Ron Monzillo I think we agree that the best
behavior would be for the run-as role to apply to the dispatched-to
servlet. This is now implemented.
thanks
david jencks
