Subject original = subject;
subject = new Subject(false,
original.getPrincipals(),
original.getPublicCredentials(),
original.getPrivateCredentials());
subject.getPrincipals().add(new ServletConnectionPrincipal(request));
subject.setReadOnly();
assertManagementAccess(broker.getSecurityManager(), subject);
saveAuthorisedSubject(session, subject);