doAs requests mainly come from WL and Websphere migration users because there is a facility provided to perform any privileged action once an authenticated subject is obtained.This is Java2 security model and not a JEE mandated requirement.