Module ibm.security.auth
Package com.ibm.security.auth

Class ThreadSubject

  • Direct Known Subclasses:
    OS390ThreadSubject
    public abstract class ThreadSubject
extends java.lang.Object
    Subclasses of this abstract class provide a way to set the underlying operating system thread identity to the appropriate value, the default implementation is OS390ThreadSubject.

    The default ThreadSubject implementation for OS390 is com.ibm.security.auth.OS390ThreadSubject. This can be overridded by specifying or modifying the value of the "thread.subject.provider" security property (in the Java security properties file) to the fully qualified name of the desired ThreadSubject implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed. To disallow ThreadSubject processing completely, the following line can be inserted in the Java security properties file:

    thread.subject.provider=

    Each implementation must have a constructor which takes no arguments. This allows the doAs method to properly instantiate it.

    This implementation will perform a pthread_security_np for the existing thread to set the identity of the thread prior to executing the action.

    • Constructor Summary

      Constructors 
      Constructor Description
      ThreadSubject()  

    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      static java.lang.Object doAs​(javax.security.auth.Subject subject, java.security.PrivilegedAction action)
      Perform work as a particular Subject.
      static java.lang.Object doAs​(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action)
      Perform work as a particular Subject.
      static java.lang.Object doAsPrivileged​(javax.security.auth.Subject subject, java.security.PrivilegedAction action, java.security.AccessControlContext acc)
      Perform work as a particular Subject.
      static java.lang.Object doAsPrivileged​(javax.security.auth.Subject subject, java.security.PrivilegedExceptionAction action, java.security.AccessControlContext acc)
      Perform work as a particular Subject.
      static void whoaminow()  

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    • Constructor Detail

      • ThreadSubject

        public ThreadSubject()

    • Method Detail

      • doAs

        public static java.lang.Object doAs​(javax.security.auth.Subject subject,
                                    java.security.PrivilegedAction action)
        Perform work as a particular Subject. This method implementation is identical to the corresponding Subject.doAs method implementation but with one major addition:

        This method instantiates the default or specified ThreadSubject which invokes pthread_security_np for the existing thread to set the identity of the thread prior to executing the PrivilegedAction. After the PrivilegedAction execution completes, pthread_security_np is again invoked to restore the environment to that of the original thread identity.

        Parameters:
        subject - the Subject that the specified action will run as.

        action - the code to be run as the specified Subject.

        Returns:
        the Object returned by the PrivilegedAction's execution.

        Throws:
        java.lang.NullPointerException - if the PrivilegedAction is null.

        java.lang.SecurityException - if the caller attempts to invoke this method and does not have permission, or if the caller invokes this method as privileged and does not have permission. Note that since ThreadSubject also incorporates Subject processing, the permissions must include doAs permissions as well as threadSubjectDoAs.

        java.lang.UnsupportedOperationException - if the ThreadSubject implementation fails or is not supported, or if there is no OS/390 public principal for the Subject.

      • doAs

        public static java.lang.Object doAs​(javax.security.auth.Subject subject,
                                    java.security.PrivilegedExceptionAction action)
                             throws java.security.PrivilegedActionException
        Perform work as a particular Subject. This method implementation is identical to the corresponding Subject.doAs method implementation but with one major addition:

        This method instantiates the default or specified ThreadSubject and invokes pthread_security_np for the existing thread to set the identity of the thread prior to executing the PrivilegedExceptionAction. After the PrivilegedExceptionAction execution completes, pthread_security_np is again invoked to restore the environment to that of the original thread identity.

        Parameters:
        subject - the Subject that the specified action will run as.

        action - the code to be run as the specified Subject.

        Returns:
        the Object returned by the PrivilegedAction's execution.

        Throws:
        java.lang.NullPointerException - if the PrivilegedAction is null.

        java.lang.SecurityException - if the caller attempts to invoke this method and does not have permission, or if the caller invokes this method as privileged and does not have permission. Note that since ThreadSubject also incorporates Subject processing, the permissions must include doAs permissions as well as threadSubjectDoAs.

        java.lang.UnsupportedOperationException - if the ThreadSubject implementation fails or is not supported, or if there is no OS/390 public principal for the Subject.

        java.security.PrivilegedActionException

      • doAsPrivileged

        public static java.lang.Object doAsPrivileged​(javax.security.auth.Subject subject,
                                              java.security.PrivilegedAction action,
                                              java.security.AccessControlContext acc)
        Perform work as a particular Subject. This method implementation is identical to the corresponding Subject.doAsPrivileged method implementation but with one major addition:

        This method instantiates the default or specified ThreadSubject then invokes pthread_security_np for the existing thread to set the identity of the thread prior prior to executing the PrivilegedAction. After the PrivilegedAction execution completes, pthread_security_np is again invoked to restore the environment to that of the original thread identity.

        Parameters:
        subject - the Subject that the specified action will run as.

        action - the code to be run as the specified Subject.

        Returns:
        the Object returned by the PrivilegedAction's execution.

        Throws:
        java.lang.NullPointerException - if the PrivilegedAction is null.

        java.lang.SecurityException - if the caller attempts to invoke this method and does not have permission, or if the caller invokes this method as privileged and does not have permission. Note that since ThreadSubject also incorporates Subject processing, the permissions must include doAs permissions as well as threadSubjectDoAs.

        java.lang.UnsupportedOperationException - if the ThreadSubject implementation fails or is not supported, or if there is no OS/390 public principal for the Subject.

      • doAsPrivileged

        public static java.lang.Object doAsPrivileged​(javax.security.auth.Subject subject,
                                              java.security.PrivilegedExceptionAction action,
                                              java.security.AccessControlContext acc)
                                       throws java.security.PrivilegedActionException
        Perform work as a particular Subject. This method implementation is identical to the corresponding Subject.doAsPrivileged method implementation but with one major addition:

        This method instantiates the default or specified ThreadSubject then invokes pthread_security_np for the existing thread to set the identity of the thread prior to executing the PrivilegedExceptionAction. After the PrivilegedExceptionAction execution completes, pthread_security_np is again invoked to restore the environment to that of the original thread identity.

        Parameters:
        subject - the Subject that the specified action will run as.

        action - the code to be run as the specified Subject.

        Returns:
        the Object returned by the PrivilegedAction's execution.

        Throws:
        java.lang.NullPointerException - if the PrivilegedAction is null.

        java.lang.SecurityException - if the caller attempts to invoke this method and does not have permission, or if the caller invokes this method as privileged and does not have permission. Note that since ThreadSubject also incorporates Subject processing, the permissions must include doAs permissions as well as threadSubjectDoAs.

        java.lang.UnsupportedOperationException - if the ThreadSubject implementation fails or is not supported, or if there is no OS/390 public principal for the Subject.

        java.security.PrivilegedActionException

      • whoaminow

        public static void whoaminow()