(zos)Considerations for setting the Sync to OS Thread Allowed option
There are a number of options to consider when setting the Sync to OS Thread Allowed option.
With the Sync to OS Thread Allowed support:
- The application developer or assembler requests behavior by setting the special application environment entry env-entry in the deployment descriptor: com.ibm.websphere.security.SyncToOSThread=true|false.
- The system administrator grants the request made by the application developer or assembler using an application server configuration setting.
- The resource access control facility (RACF ) administrator controls if Sync to OS Thread Allowed can be used by defining a FACILITY class profile with an optional SURROGAT class profile to refine the control.
We can select the Sync to OS Thread Allowed option at development time or at assembly time:
- At development time, use Rational Application Developer to add an environment entry (environment variable) to the EJB component or web application module.
Important: Environment entries (environment variables) can be defined on individual EJB components but cannot be set on individual web components.
A Java EE standard deployment descriptor can be defined for each EJB component and for each web application module. Note that a web component is either a servlet or JSP files. For web components, environment entries (environment variables) can only be set on a web application module. A web application module contains servlets and JSP files.
- At assembly time, we can add or change environment entries (environment variables) using an assembly tool.
Related concepts
Java thread identity and an operating system thread identity When to use application Synch to OS Thread Allowed JEE identity and an operating system thread identity Application Synch to OS Thread Allowed Connection Manager RunAs Identity Enabled and system security
z/OS security options Summary of controls