Sorry by mistake I posted my previous topic before I finished it writing.
OK, the issue is that if I have authorized user that calls some object and this object is created with this users principals, other not authorized user can obtain this
object from pool with authorized users principals.
I don't think this should be like this. In my opinion
container should check each user roles before it takes
object from pool.
Does any of you have some expiriance with this case?
Sorry I had party last night and I didn't sleep to much, of course I wanted to post this topis in Security forum