Authorization technology
Authorization information determines whether a user or group has the necessary privileges to access resources. WAS supports many authorization technologies including the following:
- Authorization involving the Web container and Java 2 Platform, Enterprise Edition (J2EE) technology
- Authorization involving an enterprise bean application and J2EE technology
- Authorization involving Web services and J2EE technology
- JMS
- Java Authorization Contract for Containers (JACC)
WebSphere Application Server supports both a default authorization provider, which was supported in previous releases, and an authorization provider that is based on the Java Authorization Contract for Containers (JACC) specification. The JACC-based authorization provider enables third-party security providers to handle the J2EE authorization. For more information, see JACC support in WAS.
- JAAS
For more information, see Java Authentication and Authorization Service.
- Java 2 security
For more information, see Java 2 security.
- Naming and administrative authorization
- Pluggable authorization
WAS supports an authorization infrastructure that enables you to plug in an external authorization provider. For more information, see Enabling an external JACC provider.
Sub-topics
Administrative roles and naming service authorization
Role-based authorization
Administrative roles
Authorization providers
Delegations
Programmatic login
Related concepts
Web component security
Java 2 security
Related tasks
Securing enterprise bean applications
Related Reference
Naming roles