Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authenticate users > Use the JAAS programming model for web authentication > Develop custom login modules for a system login configuration for JAAS > Customize application login with JAAS > 4. Configure a server-side JAAS authentication and login configuration. > Customize a server-side JAAS authentication and login configuration
Get the RunAs subject from the thread for JAAS
The RunAs subject or invocation subject contains the user authentication information for the RunAs mode set in the application deployment descriptor for this method. You need the Java 2 security permissions to run this API: permission javax.security.auth.AuthPermission "wssecurity.getRunAsSubject;".
The RunAs subject (or invocation subject) contains the user authentication information for the RunAs mode set in the application deployment descriptor for this method. This subject is marked read-only when returned from the WSSubject.getRunAsSubject API to prevent replacing existing objects.
Most data within the Subject is not propagated downstream to another server. Only the credential token within the WSCredential credential is propagated downstream and a new Caller subject is generated.
Procedure
- Access the WSCredential credential. The WSCredential credential is documented in the API documentation.
- Put or set data in the hashmap within the credential.
Example
try { javax.security.auth.Subject runas_subject; com.ibm.websphere.security.cred.WSCredential runas_cred; runas_subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject(); if (runas_subject != null) { runas_cred = runas_subject.getPublicCredentials com.ibm.websphere.security.cred.WSCredential.class).iterator().next(); String RUNASDATA = (String) runas_cred.get ("MYKEY") System.out.println("My data from the RunAs credential is: " + RUNASDATA ); } } catch (WSSecurityException e) { // log error } catch (Exception e) { // log error }
Customize application login with JAAS
Customize a server-side JAAS authentication and login configuration