Hello list When processing events and jobs, the corresponding subject triggering the event usually gets lost. This lead to event handlers / job consumers often operating with administrative sessions/resolvers to do their work, which in turn can lead to privilege escalations.
A possible solution to this problem could be to add a serialization of the event-triggering subject (if available) as a property to the event by default, so the handlers could easily recreate the session by using JAAS doAsPrivileged(). Would that make sense? Best greetings Lars
