I'm trying to understand <security-identity> tag.
Let's say that a client calls Bean A,and Bean A in turn calls Bean B ,you want the Bean B to think that someone else is calling.
Then we use <run-as > tag right???
So, when do we use <use-caller-identity>???
I think we use this tag , if you want the Bean B to know that Bean A is indeed calling ,not (eventhough Bean A was called by the client initially)someone else.
What my question is in <use-caller-identity/> tag Is the caller here the client or the Bean A.Which caller's identity is used??
I've gone through all the old threads but did not find a good explanation .
thanks for any inputs in advance