Hi All,

I am trying to set security context from a servlet using code below. The purpose of this override it to execute number of calls in some other users context (without specifying password). We use a custom JAAS auth module for authentication purpose. THough below code works, I need to confirm if its correct way for overriding logged in context.

SecurityContext oldContext = SecurityContextAssociation.getSecurityContext();
// Prepare security context with some new user.
SecurityContext tmpContext = SecurityContextFactory.createSecurityContext(somePrincipal,null,someSubject,someDomain);
       
SecurityContextAssociation.setSecurityContext(tmpContext);
AccessController.doPrivileged(somePriviledgedAction);
       
// Revert the context to original
SecurityContextAssociation.setSecurityContext(oldContext);

The environment details are:

JBOSS EAP 6.2.0

Java 1.6.0_65