Security states with thread identity support
In this article the term thread identity refers
to the J2EE Identity (such as the RunAs Identity), as opposed to the OS thread
identity. Refer to Synchronizing
a Java thread identity and an operating system thread identity and Understanding Connection
Manager RunAs Identity Enabled and operating system security for more
information.
The combinations of global security, server configurations, connector configurations,
and container-managed alias support determine the processing that results
when you use the thread identity function. Thread identity support is only
available with specific resource adapters and JDBC providers. Review the supported resource adapters and JDBC providers to
determine if you can use thread identity. If your resource adapter or JDBC
provider is in the supported list, use the following tables to determine the
processing that occurs, based on the settings of the specified properties:
Table 1. Security state
Global security enabled? |
Yes |
No |
Go to table 2. |
Go to table 3. |
Table 2. Global security enabled
Container-managed alias
specified? |
No |
Yes |
Connector Allows or
Requires Thread Identity? |
Connector Requires
Thread Identity? |
No |
Yes |
No |
Yes |
Processing is dependent
on connector: may throw exception may default to connector user/password custom
properties |
Connector requires
OS thread security? |
Use specified alias |
Connector requires
OS thread security? |
No |
Yes |
No |
Yes |
Use identity associated with current
thread |
Server Sync-To-Thread enabled? |
Use identity associated with current
thread |
Server Sync-To-Thread enabled? |
No |
Yes |
No |
Yes |
Use Server identity |
Use identity associated with current thread |
Use server identity |
Use identity associated with current thread |
Table 3. Global Security is not enabled
Container-managed alias
specified? |
No |
Yes |
Connector ALLOWS or REQUIRES thread identity
o be used when getting a connection |
Connector REQUIRES thread identity to
be used when getting a connection? |
No |
Yes |
No |
Yes |
Processing is dependent on connector:
- May throw exception
- May default to connector user/password custom properties
|
User server identity |
Use specified alias |
Use server identity |

Connection thread identity
Searchable topic ID:
conthidref
Last updated: Jun 21, 2007 9:56:50 PM CDT
WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/rdat_conthidref.html