Security states with thread identity support

Different Java Platform, Enterprise Edition Connector Architecture (JCA) resource adapters and Java Database Connectivity (JDBC) drivers provide different support for authenticating threads that transact with application server resources.

In this article the term thread identity refers to the Java™ Platform, Enterprise Edition (Java EE) Identity, such as the RunAs Identity, as opposed to the OS thread identity. Refer to the topic, Synchronizing a Java thread identity and an operating system thread identity and the topic, Understanding Connection Manager RunAs Identity Enabled and operating system security, for more information.

The combinations of Java 2 security, server configurations, connector configurations, and container-managed alias support determine the processing that results when you use the thread identity function. Thread identity support is only available with specific JCA resource adapters and JDBC providers. See the article Connection thread identity for a table of resource adapter processes and JDBC provider processes that support thread identity. If your resource adapter or JDBC provider is in the supported list, use the following tables to determine the processing that occurs, based on the settings of the specified properties:

Table 1. Security state . Check your security state, and go to table 2 or 3.
Global security enabled?
Yes	No
Go to table 2.	Go to table 3.

Table 2. Global security enabled . When your global security is enabled, use the following table to determine the processing that occurs.
Container-managed alias specified?
No				Yes
Connector Allows or Requires Thread Identity?				Connector Requires Thread Identity?
No	Yes			No	Yes
Processing is dependent on connector: may throw exception may default to connector user/password custom properties	Connector requires OS thread security?			Use specified alias	Connector requires OS thread security?
	No	Yes			No	Yes
	Use identity associated with current thread	Server Sync-To-Thread enabled?			Use identity associated with current thread	Server Sync-To-Thread enabled?
		No	Yes			No	Yes
		Use Server identity	Use identity associated with current thread			Use server identity	Use identity associated with current thread

Table 3. Global Security is not enabled . When your global security is not enabled, use the following table to determine the processing that occurs.
Container-managed alias specified?
No		Yes
Connector ALLOWS or REQUIRES thread identity o be used when getting a connection		Connector REQUIRES thread identity to be used when getting a connection?
No	Yes	No	Yes
Processing is dependent on connector: May throw exception May default to connector user/password custom properties	User server identity	Use specified alias	Use server identity