Overriding the RunAs subject on the thread


To extend the function that is provided by the Java Authentication and Authorization Service (JAAS) APIs, we can set the RunAs subject or invocation subject with a different valid entry used for outbound requests on this running thread. we need the following Java 2 security permissions to run these APIs:

This extension gives you the flexibility to associate the Subject with all the remote calls on this thread whether you use a WSSubject.doAs method to associate the subject with the remote action.

 

  1. Set a new RunAs subject for the thread, overriding the one declaratively set.

    com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(caller_subject);
            
    

  2. Perform some remote calls.

  3. Restore the previous RunAs subject.

    com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(runas_subject);
    

 

Example

try { javax.security.auth.Subject runas_subject, caller_subject; runas_subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject(); caller_subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject(); // set a new RunAs subject for the thread, overriding the one declaratively set com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(caller_subject); // do some remote calls // restore back to the previous runAsSubject com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(runas_subject); } catch (WSSecurityException e) { // log error } catch (Exception e) { // log error }

 

Related tasks


Customizing application login with Java Authentication and Authorization Service
Customizing a server-side Java Authentication and Authorization Service authentication and login configuration

 

Related


Authentication protocol support