(zos)Application Synch to OS Thread Allowed
Use application Sync to OS Thread Allowed to synchronize a Java thread identity (or JAAS subject) with the OS thread identity for the duration of the current Java EE application request.
If we do not choose this option, the OS thread identity value is the same as the servant identity value. Refer to Java thread identity and an operating system thread identity for more information.
Application Sync to OS Thread Allowed requires configuration in both the application and the application server as well as resource access control facility (RACF ) permissions:
- The WebSphere Application Server developer must configure the application to declare that it wants to run with application Sync to OS Thread
- The WebSphere Application Server administrator must configure the application server to enable application Sync to OS Thread Allowed
- The RACF administrator must define a FACILITY class profile and optional SURROGAT class profile to ensure that Synch to OS Thread Allowed is utilized.
The Java EE application developer configures the application for individual EJB or web applications by setting a special env-entry in the deployment descriptor com.ibm.websphere.security.SyncToOSThread={true|false}. The default case in which this deployment descriptor is not specified is equivalent to defining it with a value of false.
When an EJB or web application that requests Sync to OS Thread Allowed is dispatched, the application server (at the request of the EJB container or the web container) synchronizes the OS thread identity associated with the current Java thread identity so the Java thread identity is current on the native thread. This synchronization is effective as long as the EJB or web application is running the current request. When the EJB or web completes processing, the native thread is restored to its former state.
If the application requests Sync to OS Thread Allowed but Sync to OS Thread Allowed is not enabled in the application server, when the application attempts to run a no permission exception is issued. If the application does not request Sync to OS Thread Allowed but Sync to OS Thread Allowed is enabled in the application server, no synchronization occurs and the current OS thread identity remains the same as the server identity.
Refer to JEE identity and an operating system thread identity for more information about the identities.
Related concepts
Java thread identity and an operating system thread identity When to use application Synch to OS Thread Allowed JEE identity and an operating system thread identity Connection Manager RunAs Identity Enabled and system security