To extend the function provided by the Java Authentication and Authorization Service (JAAS) application programming interfaces (APIs), you can set the RunAs subject (or invocation subject) with a different valid entry that is used for outbound requests on this execution thread.
Gives flexibility for associating the Subject with all remote calls on this thread whether using a WSSubject.doAs() to associate the subject with the remote action or not. For example:
try { javax.security.auth.Subject runas_subject, caller_subject; runas_subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject(); caller_subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject(); // set a new RunAs subject for the thread, overriding the one declaratively set com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(caller_subject); // do some remote calls // restore back to the previous runAsSubject com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(runas_subject); } catch (WSSecurityException e) { // log error } catch (Exception e) { // log error }
You need the following Java 2 Security permissions to run these APIs:
permission javax.security.auth.AuthPermission "wssecurity.getRunAsSubject"; permission javax.security.auth.AuthPermission "wssecurity.getCallerSubject"; permission javax.security.auth.AuthPermission "wssecurity.setRunAsSubject";