Get the Caller Subject from the Thread (Version 5.0.2 or later)

The Caller subject (or "received subject") contains the user authentication information used in the call for this request. This subject is returned after issuing the WSSubject.getCallerSubject() API to prevent replacing objects existing in it. It is marked read-only. This API can be used to get access to the WSCredential so you can put or set data in the hashmap within the credential.

Note: Most data within the subject is not propogated downstream to another server. Only the credential token within the WSCredential is propogated downstream (and a new caller subject generated).

import javax.security.auth.*;
import com.ibm.websphere.security.cred.*;

...

try {
  Subject caller_subject;
  WSCredential caller_cred;
  
  caller_subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject();

  if (caller_subject != null) {
    caller_cred =
       caller_subject.getPublicCredentials(WSCredential.class).iterator().next();
    String CALLERDATA = (String) caller_cred.get ("MYKEY");
    System.out.println("My data from the Caller credential is:  " + CALLERDATA);
  }
}
catch (WSSecurityException e) {
  // log error
}
catch (Exception e) {
  // log error
}

Note: You need the following Java 2 Security permissions to execute this API:

permission javax.security.auth.AuthPermission "wssecurity.getCallerSubject;"