Authorization information determines whether a user or group has the necessary privileges to access resources.
WAS supports many authorization technologies including the following:
- Authorization involving the Web container and Java EE technology
- Authorization involving an enterprise bean application and Java EE technology
- Authorization involving Web services and Java EE technology
- Java Authorization Contract for Containers (JACC)
WAS supports both a default authorization provider and an authorization provider that is based on the Java Authorization Contract for Containers (JACC) specification. The JACC-based authorization provider enables third-party security providers to handle the Java EE authorization.
- Java Authentication and Authorization Service (JAAS)
- Java 2 security
- Naming and admin authorization
- Pluggable authorization
WAS supports an authorization infrastructure that enables you to plug in an external authorization provider.
Administrative roles and naming service authorization
Web component security
Java 2 security
Multiple security domains
Secure enterprise bean applications