Get the RunAs Subject from the Thread (Version 5.0.2 or later)

The RunAs subject (or invocation subject) contains the user authentication information for the RunAs mode set in the application deployment descriptor for this method.

The RunAs subject (or invocation subject) contains the user authentication information for the RunAs mode set in the application deployment descriptor for this method. This subject is marked read-only when returned from the WSSubject.getRunAsSubject() API to prevent replacing objects existing in it. This can be used to get access to the WSCredential so you can put or set data in the hashmap within the credential.

Note: Most data within the Subject is not propogated downstream to another server. Only the credential token within the WSCredential is propagated downstream and a new Caller subject is generated.

import javax.security.auth.*;
import com.ibm.websphere.security.auth.*;
import com.ibm.websphere.security.cred.*;

...

try {
  Subject runas_subject;
  WSCredential runas_cred;
 
  runas_subject = WSSubject.getRunAsSubject();

  if (runas_subject != null) {
    runas_cred =
      runas_subject.getPublicCredentials(WSCredential.class).iterator().next();
    String RUNASDATA = (String) runas_cred.get ("MYKEY");
    System.out.println("My data from the RunAs credential is:  " + RUNASDATA );
  }
}
catch (WSSecurityException e) {
  // log error
}
catch (Exception e) {
  // log error
}

Note: You need the following Java 2 Security permissions to execute this API:

permission javax.security.auth.AuthPermission "wssecurity.getRunAsSubject;"