JACC providers
The Java Authorization Contract for Containers (JACC) is a specification that was first introduced in Java EE Version 1.4 through the Java Specifications Request (JSR) 115 process. JACC specification 1.4 is included for WebSphere Application Server version 7.0 for Java EE 5 support.. This specification defines a contract between Java EE 5 containers and authorization providers.
The contract enables third-party authorization providers to plug into Java EE 5 application servers, such as WebSphere Application Server, to make the authorization decisions when a Java EE 5 resource is accessed. The access decisions are made through the standard java.security.Policy object.
To plug in to WebSphere Application Server, the third-party JACC provider must implement the policy class, policy configuration factory class, and policy configuration interface, which are all required by the JACC specification.
(zos) Note: For WebSphere Application Server for z/OS , if System Authorization Facility (SAF)-based authorization is implemented, the implementation at this point does not use or implement the JACC Policy provider interface.
The JACC specification does not specify how to handle the authorization table information between the container and the provider. It is the responsibility of the provider to provide some management facilities to handle this information. The container is not required to provide the authorization table information in the binding file to the provider.
WebSphere Application Server provides the RoleConfigurationFactory and the RoleConfiguration role configuration interfaces to help the provider obtain information from the binding file, as well as an initialization interface (InitializeJACCProvider). The implementation of these interfaces is optional. See Interfaces that support JACC for more information about these interfaces.
Tivoli Access Manager as the default JACC provider for WebSphere Application ServerThe JACC provider in WebSphere Application Server is implemented by both the client and the server pieces of the Tivoli Access Manager. The client piece of Tivoli Access Manager is embedded in WebSphere Application Server. The server piece is located on a separate installable CD that is shipped as part of the WAS Network Deployment (ND) package.
The JACC provider is not the default authorization. We must configure WebSphere Application Server to use the JACC provider.
Related concepts
Authorization providers Tivoli Access Manager integration as the JACC provider JACC support in WebSphere Application Server
Related tasks
Enable an external JACC provider Authorizing access to Java EE resources using Tivoli Access Manager Propagating security policy of installed applications to a JACC provider
Interfaces that support JACC Security authorization provider troubleshooting tips External authorization provider settings