WebSphere Application Server Network Deployment, Version 6.1
             Operating Systems: z/OS

             Personalize the table of contents and search results
This topic applies only on the z/OS operating system.

Application Synch to OS Thread Allowed

Use application Sync to OS Thread Allowed to synchronize a Java thread identity (or JAAS subject) with the OS thread identity for the duration of the current Java 2 Platform, Enterprise Edition (J2EE) application request.

If you do not choose this option, the OS thread identity value is the same as the servant identity value. Refer to Java thread identity and an operating system thread identity for more information.

Application Sync to OS Thread Allowed requires configuration in both the application and the application server as well as resource access control facility (RACF) permissions:
  1. The WebSphere Application Server developer must configure the application to declare that it wants to run with application Sync to OS Thread
  2. The WebSphere Application Server administrator must configure the application server to enable application Sync to OS Thread Allowed
  3. The RACF administrator must define a FACILITY class profile and optional SURROGAT class profile to ensure that Synch to OS Thread Allowed is utilized.

The J2EE application developer configures the application for individual Enterprise JavaBeans (EJB) or Web applications by setting a special env-entry in the deployment descriptor com.ibm.websphere.security.SyncToOSThread={true|false}. The default case in which this deployment descriptor is not specified is equivalent to defining it with a value of false.

When an EJB or Web application that requests Sync to OS Thread Allowed is dispatched, the application server (at the request of the EJB Container or the Web Container) synchronizes the OS thread identity associated with the current Java thread identity so the Java thread identity is current on the native thread. This synchronization is effective as long as the EJB or Web application is running the current request. When the EJB or Web completes processing, the native thread is restored to its former state.

If the application requests Sync to OS Thread Allowed but Sync to OS Thread Allowed is not enabled in the application server, when the application attempts to run a no permission exception is issued. If the application does not request Sync to OS Thread Allowed but Sync to OS Thread Allowed is enabled in the application server, no synchronization occurs and the current OS thread identity remains the same as the server identity.

Refer to Java 2 Platform, Enterprise Edition identity and an operating system thread identity for more information about the identities discussed above.




Related concepts
When to use application Synch to OS Thread Allowed
Java 2 Platform, Enterprise Edition identity and an operating system thread identity
Connection Manager RunAs Identity Enabled and system security
Java thread identity and an operating system thread identity
Concept topic    

Terms of Use | Feedback

Last updated: Feb 25, 2009 9:32:38 AM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/csec_understandappsync.html