Authorization technology

Authorization information determines whether a user or group has the necessary privileges to access resources.

WebSphere Application Server supports many authorization technologies including the following:

• Authorization involving the Web container and Java 2 Platform, Enterprise Edition (J2EE) technology

• Authorization involving an enterprise bean application and J2EE technology

• Authorization involving Web services and J2EE technology

• Java Message Service (JMS)

• Java Authorization Contract for Containers (JACC)

  WebSphere Application Server supports both a default authorization provider, which was supported in previous releases, and an authorization provider that is based on the Java Authorization Contract for Containers (JACC) specification. The JACC-based authorization provider enables third-party security providers to handle the J2EE authorization. For more information, see JACC support in WebSphere Application Server .

• JAAS

  For more information, see Java Authentication and Authorization Service .

• Java 2 security

  For more information, see Java 2 security .

• Naming and administrative authorization

• Pluggable authorization

  WebSphere Application Server supports an authorization infrastructure that enables you to plug in an external authorization provider. For more information, see Enabling an external JACC provider .

 

See also

Administrative console and naming service authorization
Role-based authorization
Administrative roles
Authorization providers
Delegations
Programmatic login

Related concepts
Web component security Related tasks
Securing enterprise bean applications Related reference
Naming roles

 

---