This topic applies only on the z/OS operating system.

Connection Manager RunAs Identity Enabled and system security

WebSphere Application Server includes connector configurations that use operating system thread security. By enabling Connection Manager Sync to OS Thread support, the J2EE identity (the RunAs identity, for example) can be used to obtain the EIS connection for connector configurations that use operating system thread security.

Operating system thread security: Under certain configurations of J2EE Connector Architecture (JCA), Java Message Service (JMS), or Java database connectivity (JDBC) connectors on WebSphere Application Server for z/OS, the OS thread identity is the identity used to create the enterprise information systems (EIS) connection. Refer to Connection thread identity for more information on which configurations support OS thread security.

The Connection Manager Sync to OS Thread support is enabled by selecting the Enable the connection manager RunAs thread identity option, which is available by clicking Security > Global security > z/OS security options. If the Support the synchronization of the OS thread option is not enabled on the same administrative console panel, the connection to a resource manager under a connector configuration that uses operating system thread security is obtained using the server identity (which serves as a default in this case). Refer to z/OS security options for more information.

The WebSphere Connection Manager performs the operating system thread security-related functions. The Connection Manager synchronizes the OS thread identity with the Java thread identity (this Java thread identity corresponds to the J2EE identity) before obtaining the EIS connection. Refer to Java thread identity and an operating system thread identity for more information. After the Connection Manager performs the synchronization, the OS thread identity is temporarily replaced with the Java thread identity, and the Java thread identity is the identity used to obtain the EIS connection. This means that Connection Manager Sync to OS Thread support provides a way to obtain an EIS connection using the Java thread identity (the RunAs identity, for example). After obtaining the connection the Connection Manager restores the previous OS thread identity.

Note:

Refer to Connection thread identity for information for details of connector configurations that use operating system thread security. You can also refer to Using thread identity support.

Refer to Java 2 Platform, Enterprise Edition identity and an operating system thread identity for more information about the identities discussed above.




Related concepts
Application Synch to OS Thread Allowed
Java 2 Platform, Enterprise Edition identity and an operating system thread identity
When to use application Synch to OS Thread Allowed
Java thread identity and an operating system thread identity
Concept topic    

Terms of Use | Feedback

Last updated: Sep 20, 2010 11:08:29 PM CDT
http://www14.software.ibm.com/webapp/wsbroker/redirect?version=vela&product=was-nd-mp&topic=csecunderstandconnectmgrsync
File name: csec_understandconnectmgrsync.html