Sorry, yes, the code needs also to be running with partial trust, otherwise it can simply disable CAS itself using the SecurityManager
SecurityManager.SecurityEnabled = false;
Regards
Richard Blewett - DevelopMentor
http://staff.develop.com/richardb/weblog
Sorry, but the calling code does not need to be run in an admin user context
to bypass SNIP checks. In addition, there are plenty of scenarios in which
a machine administrator may be considered potentially malicious wrt any
given piece of code. For example, an ISV may consider its clients to be
potential abusers of libraries that the clients have not paid to use outside
the applications with which they are packaged. Similar scenarios can also
be encountered within a single enterprise where, for example, a satellite
location might attempt to misuse a centrally distributed application. The
"attackers" in such cases rarely considers that their actions are malicious,
but the software provider may have a very different opinion.