+

Search Tips   |   Advanced Search

(ZOS) Connection Manager RunAs Identity Enabled and system security

WebSphere Application Server includes connector configurations that use operating system thread security. By enabling Connection Manager Sync to OS Thread support, the Java EE identity (the RunAs identity, for example) can be used to obtain the EIS connection for connector configurations that use operating system thread security.

Operating system thread security: Under certain configurations of Java EE Connector Architecture (JCA), Java Message Service (JMS), or Java database connectivity (JDBC) connectors on WAS for z/OS, the OS thread identity is the identity used to create the enterprise information systems (EIS) connection. Refer to Connection threadfor more information on which configurations support OS thread security.

The Connection Manager Sync to OS Thread support is enabled by selecting the Enable the connection manager RunAs thread identity option, which is available by clicking Security > Global security > z/OS security options. If the Enable WAS and z/OS thread identity synchronization option is not enabled on the same administrative console panel, the connection to a resource manager under a connector configuration that uses operating system thread security is obtained using the server identity (which serves as a default in this case). Refer to the topic, z/OS security options, for more information.

The WebSphere Connection Manager performs the operating system thread security-related functions. The Connection Manager synchronizes the OS thread identity with the Java thread identity (this Java thread identity corresponds to the Java EE identity) before obtaining the EIS connection. Refer to the topic, Java thread identity and an operating system thread identity, for more information. After the Connection Manager performs the synchronization, the OS thread identity is temporarily replaced with the Java thread identity, and the Java thread identity is the identity used to obtain the EIS connection. This means that Connection Manager Sync to OS Thread support provides a way to obtain an EIS connection using the Java thread identity (the RunAs identity, for example). After obtaining the connection the Connection Manager restores the previous OS thread identity.

Refer to the topic, Connection thread identity, for details concerning connector configurations that use operating system thread security. We can also refer to the topic, Using thread identity support.

Refer to the topic, Java Platform, Enterprise Edition identity and an operating system thread identity, for more information about the identities.


Related:

  • Java thread identity and an operating system thread identity
  • Application Synch to OS Thread Allowed
  • Java Platform, Enterprise Edition identity and an operating system thread identity
  • When to use application Synch to OS Thread Allowed
  • Connection thread identity
  • Use thread identity support
  • z/OS security options