Using Run-As replacement

Hopefully someone can help me out with Run-As managers.

I completely understand the mechanics of the RunAsManagerImpl, but I'm struggling with seeing a real-world application of it. The use of RunAsManagerImpl in the contacts example is good, but seems a bit too simple (the comments even state that it isn't necessary for that example).

The sticky point for me in the contacts app is that it seems odd to me that you'd put a facade in front of a backend bean when both reside in the same application (even defined in the same context).

Can someone describe a real-world scenario in which RunAsManagerImpl would be useful? (I don't need specifics, just a high-level picture of what circumstances would benefit from using RunAsManagerImpl).

Run-as replacement has limited value in a single webapp. It can help reduce programming errors in unusual situations where service layer beans call authorised methods of other service layer beans and you don't want to define the same roles against those other service layer beans. I agree this is fairly unusual.

RunAsManager is of most value when coupled with remoting. If you were calling a remote web service, you could get the remoting class to look at the current ContextHolder to obtain the Authentication to use, with that Authentication having been run-as replaced. As such a static username/password could be run-as replaced and used to call the web service. Acegi Security currently doesn't have a class which does this, although the hooks are certainly there.