The configuration differences in the security capability between the Liberty profile and full profile indicates the items that you might need to know during applications migration.
The Liberty profile security supports only a subset of security features in the full profile. Unless the support is explicitly mentioned in the Liberty profile documentation, you must assume that the support is not available yet.
In the Liberty profile, you can configure user-to-role
mappings and RunAs users in the application-bnd element
of the server.xml file. For a Run-As entry, the password is optional. In
the full profile,
you can only configure the Run-AS entry in the ibm-application-bnd.xml/xmi file.
For a Run-As entry, the password is required. See Configuring authorization for applications on the Liberty profile.
In the Liberty profile, role names can be referenced by the HttpServletRequest.isUserInRole and EJBContext.isCallerInRole APIs or by elements in the deployment descriptor without first declaring the role names using the @DeclareRoles annotation or the <security-role/> element in the deployment descriptor. However, roles must be declared before being used in the full profile.