Example: Overriding the RunAs subject on the thread

Example: Overriding the RunAs subject on the thread

To extend the function that is provided by the Java Authentication and Authorization Service (JAAS) APIs, you can set the RunAs subject or invocation subject with a different valid entry that is used for outbound requests on this running thread. This extension gives you the flexibility to associate the Subject with all the remote calls on this thread whether you use a WSSubject.doAs method to associate the subject with the remote action. For example:
try
{
javax.security.auth.Subject runas_subject, caller_subject;

runas_subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject();
caller_subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject();

// set a new RunAs subject for the thread, overriding the one declaratively set
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(caller_subject);

// do some remote calls

// restore back to the previous runAsSubject
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(runas_subject);
}
catch (WSSecurityException e)
{
// log error
}
catch (Exception e)
{
// log error
}
We need the following Java 2 security permissions to run these APIs:

permission javax.security.auth.AuthPermission "wssecurity.getRunAsSubject"

permission javax.security.auth.AuthPermission "wssecurity.getCallerSubject"

permission javax.security.auth.AuthPermission "wssecurity.setRunAsSubject"

Related tasks

Customizing application login with Java Authentication and Authorization Service

Related Reference

Authentication protocol support
Customization of a server-side Java Authentication and Authorization Service authentication and login configuration

Reference topic