[Version 5.0.2 and later]When to use application Synch to OS Thread Allowed

Application Synch to OS Thread Allowed uses the Java thread identity (or WSPrincipal currently associated with the thread) to access the non-WebSphere-managed resources accessed by your application. As a result of exploiting the application Synch to OS Thread Allowed support, access control privileges associated with the current Java thread identity (not the access control privileges for the servant process identity) are applied when accessing these resources. (An example of a non-WebSphere-managed resource is the file system.)

Use application Synch to OS Thread Allowed to control non-WebSphere-managed resource access based on the Java thread identity. The default Java thread identity is the client identity, which is the user who invoked the application. The Java 2 Platform, Enterprise Edition (J2EE) RunAS role deployment descriptor settings can override this default to choose from other choices. These choices include the server identity or the specified role, such as a user ID (chosen by the application server) configured to be in the specified role. By running with the Java thread identity and specifying Synch to OS Thread Allowed, all non-WebSphere-managed resource access control decisions are based on the access privileges of the Java thread identity. Refer to Deploying secured applications and Developing secured applications for details on WebSphere role-based security.

Application Synch to OS Thread Allowed is not relevant for container managed persistence (CMP) entity beans but Connection Management RunAs Identity Enabled might be relevant, depending on the JDBC Provider.

[Version 5.0.2 and later]Refer to Understanding Connection Manager RunAs Identity Enabled and operating system security for more information for CMP entity beans.

[Version 5.0.2 and later]Refer to Understanding Java 2 Platform, Enterprise Edition identities and operating system thread identities for more information about the identities discussed previously





Searchable topic ID:   csecwhenuseappsynctoosthread
Last updated: Jun 21, 2007 9:56:50 PM CDT    WebSphere Application Server for z/OS, Version 5.0.2
http://publib.boulder.ibm.com/infocenter/wasinfo/index.jsp?topic=/com.ibm.websphere.zseries.doc/info/zseries/ae/csec_whenuseappsynctoosthread.html

Library | Support | Terms of Use | Feedback