To extend the function provided by the Java Authentication and Authorization Service (JAAS) application programming interfaces (APIs), you can set the RunAs subject (or invocation subject) with a different valid entry that is used for outbound requests on this execution thread.
try
{
javax.security.auth.Subject runas_subject, caller_subject;
runas_subject = com.ibm.websphere.security.auth.WSSubject.getRunAsSubject();
caller_subject = com.ibm.websphere.security.auth.WSSubject.getCallerSubject();
// set a new RunAs subject for the thread, overriding the one declaratively set
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(caller_subject);
// do some remote calls
// restore back to the previous runAsSubject
com.ibm.websphere.security.auth.WSSubject.setRunAsSubject(runas_subject);
}
catch (WSSecurityException e)
{
// log error
}
catch (Exception e)
{
// log error
}
permission javax.security.auth.AuthPermission "wssecurity.getRunAsSubject";
permission javax.security.auth.AuthPermission "wssecurity.getCallerSubject";
permission javax.security.auth.AuthPermission "wssecurity.setRunAsSubject";
Related concepts
Programmatic login
Related reference
Supported authentication protocols