Module ibm.security.auth

Package com.ibm.security.auth

Class ThreadSubject

java.lang.Object

com.ibm.security.auth.ThreadSubject

Direct Known Subclasses:

OS390ThreadSubject

public abstract class ThreadSubject
extends Object

Subclasses of this abstract class provide a way to set the underlying operating system thread identity to the appropriate value, the default implementation is OS390ThreadSubject.

The default ThreadSubject implementation for OS390 is com.ibm.security.auth.OS390ThreadSubject. This can be overridded by specifying or modifying the value of the "thread.subject.provider" security property (in the Java security properties file) to the fully qualified name of the desired ThreadSubject implementation class. The Java security properties file is located in the file named <JAVA_HOME>/lib/security/java.security, where <JAVA_HOME> refers to the directory where the JDK was installed. To disallow ThreadSubject processing completely, the following line can be inserted in the Java security properties file:

thread.subject.provider=

Each implementation must have a constructor which takes no arguments. This allows the doAs method to properly instantiate it.

This implementation will perform a pthread_security_np for the existing thread to set the identity of the thread prior to executing the action.

Method Summary

Modifier and Type	Method	Description
static Object	doAs(Subject subject, PrivilegedAction<?> action)	Perform work as a particular Subject.
static Object	doAs(Subject subject, PrivilegedExceptionAction<?> action)	Perform work as a particular Subject.
static Object	doAsPrivileged(Subject subject, PrivilegedAction<?> action, AccessControlContext acc)	Perform work as a particular Subject.
static Object	doAsPrivileged(Subject subject, PrivilegedExceptionAction<?> action, AccessControlContext acc)	Perform work as a particular Subject.
static void	whoaminow()

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details

doAs

public static Object doAs(Subject subject,
 PrivilegedAction<?> action)

Perform work as a particular Subject. This method implementation is identical to the corresponding Subject.doAs method implementation but with one major addition:

This method instantiates the default or specified ThreadSubject which invokes pthread_security_np for the existing thread to set the identity of the thread prior to executing the PrivilegedAction. After the PrivilegedAction execution completes, pthread_security_np is again invoked to restore the environment to that of the original thread identity.

Parameters:

subject - the Subject that the specified action will run as.

action - the code to be run as the specified Subject.

Returns:

the Object returned by the PrivilegedAction's execution.

Throws:

NullPointerException - if the PrivilegedAction is null.

SecurityException - if the caller attempts to invoke this method and does not have permission, or if the caller invokes this method as privileged and does not have permission. Note that since ThreadSubject also incorporates Subject processing, the permissions must include doAs permissions as well as threadSubjectDoAs.

UnsupportedOperationException - if the ThreadSubject implementation fails or is not supported, or if there is no OS/390 public principal for the Subject.

doAs

public static Object doAs(Subject subject,
 PrivilegedExceptionAction<?> action)
                   throws PrivilegedActionException

Perform work as a particular Subject. This method implementation is identical to the corresponding Subject.doAs method implementation but with one major addition:

This method instantiates the default or specified ThreadSubject and invokes pthread_security_np for the existing thread to set the identity of the thread prior to executing the PrivilegedExceptionAction. After the PrivilegedExceptionAction execution completes, pthread_security_np is again invoked to restore the environment to that of the original thread identity.

Parameters:

subject - the Subject that the specified action will run as.

action - the code to be run as the specified Subject.

Returns:

the Object returned by the PrivilegedAction's execution.

Throws:

NullPointerException - if the PrivilegedAction is null.

SecurityException - if the caller attempts to invoke this method and does not have permission, or if the caller invokes this method as privileged and does not have permission. Note that since ThreadSubject also incorporates Subject processing, the permissions must include doAs permissions as well as threadSubjectDoAs.

UnsupportedOperationException - if the ThreadSubject implementation fails or is not supported, or if there is no OS/390 public principal for the Subject.

PrivilegedActionException

doAsPrivileged

public static Object doAsPrivileged(Subject subject,
 PrivilegedAction<?> action,
 AccessControlContext acc)

Perform work as a particular Subject. This method implementation is identical to the corresponding Subject.doAsPrivileged method implementation but with one major addition:

This method instantiates the default or specified ThreadSubject then invokes pthread_security_np for the existing thread to set the identity of the thread prior prior to executing the PrivilegedAction. After the PrivilegedAction execution completes, pthread_security_np is again invoked to restore the environment to that of the original thread identity.

Parameters:

subject - the Subject that the specified action will run as.

action - the code to be run as the specified Subject.

Returns:

the Object returned by the PrivilegedAction's execution.

Throws:

NullPointerException - if the PrivilegedAction is null.

SecurityException - if the caller attempts to invoke this method and does not have permission, or if the caller invokes this method as privileged and does not have permission. Note that since ThreadSubject also incorporates Subject processing, the permissions must include doAs permissions as well as threadSubjectDoAs.

UnsupportedOperationException - if the ThreadSubject implementation fails or is not supported, or if there is no OS/390 public principal for the Subject.

doAsPrivileged

public static Object doAsPrivileged(Subject subject,
 PrivilegedExceptionAction<?> action,
 AccessControlContext acc)
                             throws PrivilegedActionException

Perform work as a particular Subject. This method implementation is identical to the corresponding Subject.doAsPrivileged method implementation but with one major addition:

This method instantiates the default or specified ThreadSubject then invokes pthread_security_np for the existing thread to set the identity of the thread prior to executing the PrivilegedExceptionAction. After the PrivilegedExceptionAction execution completes, pthread_security_np is again invoked to restore the environment to that of the original thread identity.

Parameters:

subject - the Subject that the specified action will run as.

action - the code to be run as the specified Subject.

Returns:

the Object returned by the PrivilegedAction's execution.

Throws:

NullPointerException - if the PrivilegedAction is null.

SecurityException - if the caller attempts to invoke this method and does not have permission, or if the caller invokes this method as privileged and does not have permission. Note that since ThreadSubject also incorporates Subject processing, the permissions must include doAs permissions as well as threadSubjectDoAs.

UnsupportedOperationException - if the ThreadSubject implementation fails or is not supported, or if there is no OS/390 public principal for the Subject.

PrivilegedActionException

whoaminow

public static void whoaminow()