Allow a configurable strategy to backup runAs() informations

Subject.runAs() saves current subject principal in a stack into user session ; this saved information will be popped by Subject.releaseRunAs().
Thus Subject.runAs() is not usable with the noSessionFilter.
Use of session may not always be desirable (in case of stateless web application where no session should be created).

Alternatively it would be interesting to be able to configure the way runAs() informations are saved.
A RunAsManager (or something similar) in the SecurityManager that could be consulted for runAs operations. Then you could plug in a persistence strategy, whether it be via the session or something else.