When default and run-as principals are in-effect they should be treated the same way as any other principal; (eg granting of privilege to perform certain tasks); That means we should track these objects in the login-service and believe that these objects are authentic; We rely on the login-service to produce principal objects that we believe to be authentic, not the interceptor code;
There is a kludge possible such as granting interceptor code-source privilege to insert subjects into the context, but this is authentication by assertion is disguise; better to be done explicitly; on top of that any code that inserts subjects into the context also inserts a bunch of principals trying to compensate for not doing authentication and should be avoided; Simon >Why would we need to authenticate the default and run-as principals? >Aren't they just object we create? > > >-dain
