Test coverage for @RunAs annotated servlets testing is not sufficient in the server.

The WebSecurityRunAsTestCase in testsuite/integration/basic doesn't test the behavior correctly as mentioned in this comment of WFLY-5015.

I suggest to move the coverage to manualmode to be able to test also the behavior of @RunAs annotated HttpServlet.destroy() method during AS server shutdown.

Possible "sun-shine" test scenario:

• prepare deployment
  • use init parameter to configure path to a file which will serve as exceptions-counter for the application
  • add EJB annotated with @RolesAllowed("Admin")
  • add @RunAs("Admin") annotated servlet which calls the EJB in init(), doGet() and destroy() methods - if exception is thrown it increases the counter in the file (init param)
• start server
• deploy the test deployment
• make call to the servlet
• stop the server
• start the server again
• make call to the servlet
• undeploy test deployment
• check the counter (in file) if the exceptions count is 0

Create "cloudy" scenarios based on modifications of the "sun-shine" one. (E.g. alter the run-as role name used in servlet and check the EJB call falls in all cases)