I have a message drive bean which I annotated with @RunAs("SYSTEM"). In the onMessage method I'm checking now the subject like this:
and also like this:
Both of them are null.
1. I expected that due to the RunAs, I'd get some subject with a "SYSTEM" principal.
2. I don't understand what's the difference between the two pieces of code, getting the subject. In some other cases, one is null, the other isn't. Which one is the correct to use?
3. Is there a great book, explaining the security internals? Everything I found was rather sketchy, I need to know some more details about how things work togeter (loginmodule, interceptor, identities, principals) cause I need to implement some custom security features