JACC providers
The Java Authorization Contract for Containers (JACC) is a new specification that is introduced in J2EE V1.4 through the Java Specifications Request (JSR) 1.5 process. This specification defines a contract between J2EE containers and authorization providers.
The contract enables third-party authorization providers to plug into J2EE 1.4 appservers, such as WAS, to make the authorization decisions when a J2EE resource is accessed. The access decisions are made through the standard java.security.Policy object.
In WAS, two authorization contracts are supported using both a native and a third-party JACC provider implementation.
To plug in to WAS, the third-party JACC provider must implement the policy class, policy configuration factory class, and policy configuration interface, which are all required by the JACC specification.
The JACC specification does not specify how to handle the authorization table information between the container and the provider. It is the responsibility of the provider to provide some management facilities to handle this information. The container is not required to provide the authorization table information in the binding file to the provider.
WAS provides the RoleConfigurationFactory and the RoleConfiguration role configuration interfaces to help the provider obtain information from the binding file, as well as an initialization interface (InitializeJACCProvider). The implementation of these interfaces is optional.
Tivoli Access Manager as the default JACC provider for WebSphere Application Server
The JACC provider in WAS is implemented by both the client and the server pieces of the Tivoli Access Manager. The client piece of Tivoli Access Manager is embedded in WAS. The server piece is located on a separate installable CD that is shipped as part of the WAS ND package.
The JACC provider is not the default authorization. You must configure WAS to use the JACC provider.
Related concepts
Tivoli Access Manager integration as the JACC provider
JACC support in WAS
Authorization providers
Related tasks
Enabling an external JACC provider
Authorizing access to J2EE resources using Tivoli Access Manager
Propagating security policy of installed applications to a JACC provider using wsadmin scripting
Related Reference
Interfaces that support JACC
Security authorization provider troubleshooting tips