The thread identity function allows you to assign a thread
identifier as an owner of a connection when you first obtain the connection.
This function only applies to J2EE Connector Architecture (JCA) resource
adapters and Relational Resource Adapter (RRA) wrappered Java Database
Connectivity (JDBC) providers that support the use of thread identity
for connection ownership.
- Define resauth=Container for the application
resource. See the Connection thread identity article for
details.
- Ensure the JCA resource adapters or JDBC providers support
the thread identity function.
Review the supported
resource adapters and data source providers, and the level of support:
REQUIRED, ALLOWED, and NOTALLOWED. The article Connection thread identity contains a table of the JCA resource
adapter processes and the JDBC provider processes that support thread
identity and thread security.
If the adapter or provider is
not listed, then thread identity support is NOTALLOWED, by default.
- Set the Container-managed authentication alias to
NULL, if you configure the connector locally.
When the
connector is configured locally, the resource adapter determines the
level of thread identity support as ALLOWED. If
thread identity support is allowed and you specify Container-managed
authentication alias as NULL, the connector uses the current
thread identity as the owner for each connection that is created.
When
the resource adapter or JDBC provider determines that the level of
thread identity support is REQUIRED, any specification
for the Container-managed authentication alias
is ignored. Thread identity support in this case always applies.
- Determine connector behavior when Java™ 2 security is a factor. See
the article Security states with thread identity support for more information.
If you want the thread identity associated with a connection
to be the thread identity, then you must enable Java 2 security. In the case
of JDBC providers that support the thread identity function and require
the thread to be pushed to the z/OS thread of execution, you must set the server Connection Manager
RunAs Identity Enabled property to true.
Note: With
Bean Managed Persistence (BMP) beans, if you obtain a connection under
the ejbLoad() or ejbStore() functions during pre-invoke
or post-invoke method processing, your thread identity support
does not become the RunAs identity
because the container during this processing is running under server
identity. With BMP beans, instead of using thread identity, specify
a Container-managed alias to associate the user with the connection.