if (metaData.getUnauthenticatedPrincipal() == null)
String name = appMetaData.getUnauthenticatedPrincipal(); if (name != null) caller = new SimplePrincipal(name);
principalName = applicationMetaData.getUnauthenticatedPrincipal();
/** * Called by the super class to set the container to which this interceptor * belongs. We obtain the security manager and runAs identity to use here. */ public void setContainer(Container container) { super.setContainer(container); if (container != null) { BeanMetaData beanMetaData = container.getBeanMetaData(); ApplicationMetaData application = beanMetaData.getApplicationMetaData(); AssemblyDescriptorMetaData assemblyDescriptor = application.getAssemblyDescriptor(); SecurityIdentityMetaData secMetaData = beanMetaData.getSecurityIdentityMetaData(); if (secMetaData != null && secMetaData.getUseCallerIdentity() == false) { String roleName = secMetaData.getRunAsRoleName(); String principalName = secMetaData.getRunAsPrincipalName(); if( principalName == null ) principalName = application.getUnauthenticatedPrincipal(); // the run-as principal might have extra roles mapped in the assembly-descriptor Set extraRoleNames = assemblyDescriptor.getSecurityRoleNamesByPrincipal(principalName); runAsIdentity = new RunAsIdentity(roleName, principalName, extraRoleNames); } securityManager = container.getSecurityManager(); } }