The connector providing the RMIAdaptor clears the calling thread security context so as not to leak this back to the invoking thread pool. This was only intended for use by remote clients and so there was no concern for maintaing any existing security context. Since people have been using the connector in this way, a change was added for the 3.2.6 release to restore any incoming security context at the end of the call.
Thank you! I'll shelve this until we can move to 3.2.6.
Does this also work properly in 4.0?