Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Use the JAAS programming model for web authentication > Develop custom login modules for a system login configuration for JAAS > Customize application login with JAAS > 4. Configure a server-side JAAS authentication and login configuration. > Customize a server-side JAAS authentication and login configuration
Ovveride the RunAs subject on the thread for JAAS
To extend the function provided by the Java Authentication and Authorization Service (JAAS) API, you can set the RunAs subject or invocation subject with a different valid entry that is used for outbound requests on this running thread.
You need the following Java 2 security permissions to run these APIs:
- permission javax.security.auth.AuthPermission "wssecurity.getRunAsSubject"
- permission javax.security.auth.AuthPermission "wssecurity.getCallerSubject"
- permission javax.security.auth.AuthPermission "wssecurity.setRunAsSubject"
This extension gives you the flexibility to associate the Subject with all the remote calls on this thread whether you use a WSSubject.doAs method to associate the subject with the remote action.
Procedure
- Set a new RunAs subject for the thread, overriding the one declaratively set.
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(caller_subject);- Perform some remote calls.
- Restore the previous RunAs subject.
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(runas_subject);
Example
try { javax.security.auth.Subject runas_subject, caller_subject; runas_subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject(); caller_subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject(); // set a new RunAs subject for the thread, overriding the one declaratively set com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(caller_subject); // do some remote calls // restore back to the previous runAsSubject com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(runas_subject); } catch (WSSecurityException e) { // log error } catch (Exception e) { // log error }
Customize application login with JAAS
Customize a server-side JAAS authentication and login configuration
Related
Authentication protocol support