public RunAsSecurityInterceptor() 
{

}

 public Object invoke(Invocation mi) throws Exception 
{
      String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
      if(securityManager != null)
      {
         securityDomain = securityManager.getSecurityDomain();
      } 
      //Establish a security context if one is missing for Run-As push
      if(SecurityActions.getSecurityContext() == null)
      {
         SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
               mi.getCredential(), securityDomain);
      }
      /* If a run-as role was specified, push it so that any calls made
       by this bean will have the runAsRole available for declarative
       security checks.
      */
      SecurityActions.pushRunAsIdentity(runAsIdentity);  
      SecurityActions.pushCallerRunAsIdentity(runAsIdentity);  
      try
      {
         Object returnValue = getNext().invoke(mi);
         return returnValue;
      }
      finally
      {
         SecurityActions.popRunAsIdentity();
         SecurityActions.popCallerRunAsIdentity();
      }
}

 public Object invokeHome(Invocation mi) throws Exception 
{
      String securityDomain = SecurityConstants.DEFAULT_APPLICATION_POLICY;
      if(securityManager != null)
      {
         securityDomain = securityManager.getSecurityDomain();
      } 
      //Establish a security context if one is missing for Run-As push
      if(SecurityActions.getSecurityContext() == null)
      {
         SecurityActions.createAndSetSecurityContext(mi.getPrincipal(),
               mi.getCredential(), securityDomain);
      }
      /* If a run-as role was specified, push it so that any calls made
       by this bean will have the runAsRole available for declarative
       security checks.
      */
      SecurityActions.pushRunAsIdentity(runAsIdentity);  
      SecurityActions.pushCallerRunAsIdentity(runAsIdentity); 
      try
      {
         Object returnValue = getNext().invokeHome(mi);
         return returnValue;
      }
      finally
      {
         SecurityActions.popRunAsIdentity();
         SecurityActions.popCallerRunAsIdentity();
      }
}

 public  void setContainer(Container container) 
{
      super.setContainer(container);
      if (container != null)
      {
         BeanMetaData beanMetaData = container.getBeanMetaData();
         ApplicationMetaData application = beanMetaData.getApplicationMetaData();
         AssemblyDescriptorMetaData assemblyDescriptor = application.getAssemblyDescriptor();
         SecurityIdentityMetaData secMetaData = beanMetaData.getSecurityIdentityMetaData();
         if (secMetaData != null && secMetaData.getUseCallerIdentity() == false)
         {
            String roleName = secMetaData.getRunAsRoleName();
            String principalName = secMetaData.getRunAsPrincipalName();
            if( principalName == null )
               principalName = application.getUnauthenticatedPrincipal();
            // the run-as principal might have extra roles mapped in the assembly-descriptor
            Set extraRoleNames = assemblyDescriptor.getSecurityRoleNamesByPrincipal(principalName);
            runAsIdentity = new RunAsIdentity(roleName, principalName, extraRoleNames);
         }
         securityManager = container.getSecurityManager();
      }
}

Called by the super class to set the container to which this interceptor belongs. We obtain the security manager and runAs identity to use here.

 public  void start() throws Exception 
{
      super.start();
}