[Version 5.0.2 and later]Security states with thread identity support

[Version 5.0.2 and later]In this article the term thread identity refers to the J2EE Identity (such as the RunAs Identity), as opposed to the OS thread identity. Refer to Synchronizing a Java thread identity and an operating system thread identity and Understanding Connection Manager RunAs Identity Enabled and operating system security for more information.

The combinations of global security, server configurations, connector configurations, and container-managed alias support determine the processing that results when you use the thread identity function. Thread identity support is only available with specific resource adapters and JDBC providers. Review the supported resource adapters and JDBC providers to determine if you can use thread identity. If your resource adapter or JDBC provider is in the supported list, use the following tables to determine the processing that occurs, based on the settings of the specified properties:


Table 1. Security state
Global security enabled?
Yes No
Go to table 2. Go to table 3.



Table 2. Global security enabled
Container-managed alias specified?
No Yes
Connector Allows or Requires Thread Identity? Connector Requires Thread Identity?
No Yes No Yes
Processing is dependent on connector: may throw exception may default to connector user/password custom properties Connector requires OS thread security? Use specified alias Connector requires OS thread security?
No Yes No Yes
Use identity associated with current thread Server Sync-To-Thread enabled? Use identity associated with current thread Server Sync-To-Thread enabled?
No Yes No Yes
Use Server identity Use identity associated with current thread Use server identity Use identity associated with current thread



Table 3. Global Security is not enabled
Container-managed alias specified?
No Yes
Connector ALLOWS or REQUIRES thread identity o be used when getting a connection Connector REQUIRES thread identity to be used when getting a connection?
No Yes No Yes
Processing is dependent on connector:
  • May throw exception
  • May default to connector user/password custom properties
User server identity Use specified alias Use server identity



Related concepts
Connection thread identity



Searchable topic ID:   conthidref
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/rdat_conthidref.html

Library | Support | Terms of Use | Feedback