Table of Contents
The AbstractSecurityInterceptor
is able to
temporarily replace the Authentication
object in
the SecurityContext
and
SecurityContextHolder
during the secure object
callback phase. This only occurs if the original
Authentication
object was successfully processed by
the AuthenticationManager
and
AccessDecisionManager
. The
RunAsManager
will indicate the replacement
Authentication
object, if any, that should be used
during the SecurityInterceptorCallback
.
By temporarily replacing the Authentication
object during the secure object callback phase, the secured invocation
will be able to call other objects which require different
authentication and authorization credentials. It will also be able to
perform any internal security checks for specific
GrantedAuthority
objects. Because Spring Security
provides a number of helper classes that automatically configure
remoting protocols based on the contents of the
SecurityContextHolder
, these run-as replacements
are particularly useful when calling remote web services