EJB3 In Action
page 210
Using @RunAs, we can temporarily assign a (CSR) role an (Admin) role so that the statistics-tracking
EJB thinks an admin is invoking the method
@RunAS(ADMIN)
@RolesAllowed(CSR)
public void cancelBid( Bid bid, Item item){
}
I am bit confused here, RolesAllowed is CSR, so
CSR can run this method (then why I need to use RunAs annotaion).