This method performs a permission check. If the stack indicates that the call is
being made remotely, the check is done in such a way that the codebase is ignored.
This because the Services are granted most permissions, and since the call stack
in a remote call is Java Runtime classes up to the service call, effectively there's
no permission check on the client code. The only way around this is to force a
check based on the Subject.
Local invocations and invocations made by local services, even if the original
call was remote are checked using the standard access control checking mechanism.
This method no longer bypasses or ignores the Securty Manager. If the security
manager is not enabled, then skip the check altogether. If it is enabled, use
it on the local check.
Parameters:
user - A UserContext through which to get a Subject whose principals are checked
for the correct permission.
permission - The permission required by the caller.
