Override the RunAs Subject on the Thread (Version 5.0.2 or later)

To extend the function provided by the Java Authentication and Authorization Service (JAAS) APIs, you can set the RunAs subject (or invocation subject) with a different valid entry that is used for outbound requests on this execution thread.

To extend the function provided by the Java Authentication and Authorization Service (JAAS) APIs, you can set the RunAs subject (or invocation subject) with a different valid entry that is used for outbound requests on an execution thread. This gives flexibility for associating the Subject with all remote calls on this thread without having to do a WSSubject.doAs() to associate the subject with the remote action. For example:

try {
  javax.security.auth.Subject runas_subject, caller_subject;
 
  runas_subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject();
  caller_subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject();

  // Set a new RunAs subject for the thread, overriding the one declaratively set
  com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(caller_subject);

  // Do some remote calls

  // Restore back to the previous runAsSubject
  com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(runas_subject);
}
catch (WSSecurityException e) {
  // log error
}
catch (Exception e) {
  // log error
}

Note: You need the following Java 2 Security permissions to execute these APIs:

permission javax.security.auth.AuthPermission "wssecurity.getRunAsSubject";
permission javax.security.auth.AuthPermission "wssecurity.getCallerSubject";
permission javax.security.auth.AuthPermission "wssecurity.setRunAsSubject";