[Version 5.0.2 and later]Understanding Connection Manager RunAs Identity Enabled and operating system security

Operating system thread security: Under certain configurations of J2EE Connector Architecture (JCA), Java Message Service (JMS), or Java database connectivity (JDBC) connectors on WebSphere Application Server for z/OS, the OS thread identity is the identity used to create the enterprise information systems (EIS) connection. Refer to Connection thread identity for more information on which configurations support OS thread security.

We introduce a new term when saying that these connector configurations "use OS thread security". By enabling Connection Manager Synch to OS Thread support, the J2EE identity (the RunAs identity, for example) can be used to obtain the EIS connection for connector configurations that use OS thread security. The Connection Manager Synch to OS Thread support is enabled by selecting the Connection Manager RunAs Identity Enabled checkbox. If the Connection Manager RunAs Identity Enabled setting is not enabled, the connection to a resource manager under a connector configuration that uses OS thread security is obtained using the server identity if the thread identity is REQUIRED (which serves as a default in this case). If the thread identity is not REQUIRED, the container-managed or application-managed alias can be used to establish the identity. See WebSphere Application Server for z/OS global security options for more information.

The WebSphere Connection Manager performs the operating system thread security-related functions. The Connection Manager synchronizes the Java thread identity with the OS thread identity (this Java thread identity corresponds to the J2EE identity) before obtaining the EIS connection.

[Version 5.0.2 and later]Refer to Synchronizing a Java thread identity and an operating system thread identity for more information.

After the Connection Manager performs the synchronization, the OS thread identity is temporarily replaced with the Java thread identity, and the Java thread identity is the identity used to obtain the EIS connection. This means that Connection Manager Synch to OS Thread support provides a way to obtain an EIS connection using the Java thread identity (the RunAs identity, for example). After obtaining the connection the Connection Manager restores the previous OS thread identity.

Note:

Refer to Connection thread identity for information for details of connector configurations that use operating system thread security. You can also refer to Using thread identity support.

[Version 5.0.2 and later]Refer to Understanding Java 2 Platform, Enterprise Edition identities and operating system thread identities for more information about the identities discussed above.





Searchable topic ID:   csecunderstandconnectmgrsync
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/csec_understandconnectmgrsync.html

Library | Support | Terms of Use | Feedback