Appendix D - ThreadSubject

Applicable Platforms:

NT, Windows 2000, Windows 2000 64 Bit, and OS/390®.

Description of Functionality:

This is an extension to the normal Subject.doAs. ThreadSubject.doAs basically replaces the current underlying OS's thread userid with the one in the passed in subject. This allows OS security checking to be done using the subject userid versus a possible different userid that is associated with the thread.

The methods used to invoke ThreadSubject.doAs are the same as the ones for Subject.doAs:

    public static Object doAs(final Subject subject,
                         final java.security.PrivilegedAction action);

    public static Object doAs(final Subject subject,
                         final java.security.PrivilegedExceptionAction action)
                         throws java.security.PrivilegedActionException;

    public static Object doAsPrivileged(final Subject subject,
                         final java.security.PrivilegedAction action,
                         final java.security.AccessControlContext acc);

    public static Object doAsPrivileged(final Subject subject,
                         final java.security.PrivilegedExceptionAction action,
                         final java.security.AccessControlContext acc)
                         throws java.security.PrivilegedActionException;

These methods are utilized in the same manner as Subject.doAs.

Platform Specifics:

NT, Windows 2000, Windows 2000 64 Bit:

A logged-on system administrator is allowed to authenticate other users when using an ActiveLogon LoginModule, i.e. NTActiveLoginModule or Win64ActiveLoginModule. Then the administrator may impersonate the authenticated user by applying their Subject to a system thread (using the ThreadSubject.doAs and ThreadSubject.doAsPrivileged methods listed previously).

When using ThreadSubject methods, please note that the security policy will need to include AuthPermission("threadSubjectDoAs") or AuthPermission("threadSubjectDoAsPrivilege") entries as well as their cousins AuthPermission("doAs") or AuthPermission("doAsPrivileged") from the Subject class.

OS/390:

This function will allow the user identifier that is currently associated with the current thread to be changed to the user identifier associated with the current Subject. In order for this to been done however, there is some SAF (RACF®) setup that must be done before this function will work properly. This code makes use of the pthread_security_np service call. This call requires that main thread's userid have the necessary authority to be able to act as a surrogate for other users. Your local SAF (RACF) administrator should be able to enable this environment. The necessary information to set up this environment can be found in z/OS® V1R2.0 UNIX System Services Planning document number GA22-7800-01 in the section called "Defining Servers to Use Thread-Level Security" and in z/OS V1R2.0 SecureWay Security Server RACF Security Administrator's Guide document number SA22-7683-01 in the section titled "z/OS UNIX Application Considerations".