In our current system, the security context of principals invoking the REST APIs is stored in a ThreadLocal variable. The SecurityContext can be retrieved at any level of the execution path and any method signature in any service does not need to explicitly declare a SecurityContext parameter.
Now we would like to introduce OSGi Remote Service Admin (RSA) to distribute services across different OSGi runtimes and I'm wondering what is the right approach to follow: from the RSA specs I cannot see any support from RSA service in distributing the SecurityContext, am I right? On the other hand it would be nice to propagate the context without polluting the service method signatures.
Is there any pattern to follow to achieve this?
