The Java Authorization Contract for Containers (JACC) is a new specification introduced in J2EE 1.4 through the JSR 115 process, which defines a contract between J2EE containers and authorization providers.
The contract enables third-party authorization providers to plug into J2EE 1.4 application servers (such as WebSphere Application Server) to make the authorization decisions when a J2EE resource is accessed. The access decisions are made through the standard java.security.Policy object.
In WebSphere Application Server, two authorization contracts are supported using both a native and a third-party JACC provider implementation. The default (out-of-box) solution is the WAS default J2EE role based authorization implementation, which does not implement the JACC Policy provider interface.
To plug-in to WebSphere Application Server, the third-party JACC provider must implement the following...
- policy class
- policy configuration factory class
- policy configuration interface
All are required by the JACC specification.
The JACC specification does not specify how to handle the authorization table (user or group to role) information between the container and the provider. It is the responsibility of the provider to provide some management facilities to handle this information. It does not require the container to provide the authorization table information in the binding file to the provider.
WebSphere Application Server provides two role configuration interfaces...
...to help the provider obtain information from the binding file, as well as an initialization interface (InitializeJACCProvider). The implementation of these interfaces is optional.
TAM as the default JACC provider for WAS
The JACC provider in WAS is implemented by both the client and the server pieces of the Tivoli Access Manager server. The client piece of Tivoli Access Manager is embedded in WebSphere Application Server. The server piece is located on a separate installable CD that is shipped as part of the WebSphere network deployment (ND) package.
The JACC provider is not an out-of-box solution. You must configure WAS to use the JACC provider.
Authorization providers settings
See AlsoAuthorization in WebSphere Application Server
Tivoli Access Manager integration as the JACC provider
JACC support in WebSphere Application Server
Enabling an external JACC provider
Configuring a JACC provider
Propagating security policy of installed applications to a JACC provider using wsadmin scripting
Interfaces used to support JACC
Troubleshooting authorization providers
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.