Authorizing access to Java EE resources using Tivoli Access Manager

Authorizing access to Java EE resources using Tivoli Access Manager

The Java Authorization Contract for Containers (JACC) defines a contract between Java EE containers and authorization providers. We can use the default authorization or an external JACC authorization provider.We can use the default authorization, a System Authorization Facility (SAF) authorization, or an external JACC authorization provider. When security is enabled in WebSphere Application Server, the default authorization is used unless a JACC provider is specified.

JACC enables any third-party authorization providers to plug into a Java EE application server (such as WebSphere Application Server) to make the authorization decisions when a Java EE resource is accessed. By default, WebSphere Application Server implements the JACC provider by using Tivoli Access Manager as the external authorization provider.
Read the following articles for more detailed information about JACC before you attempt to configure WebSphere Application Server to use a JACC provider:

JACC support in WebSphere Application Server

JACC providers

Tivoli Access Manager integration as the JACC provider

Subtopics

Use the built-in authorization provider
We can extend the capabilities of WAS by plugging in our own authorization provider. We can use the built-in authorization or an external JACC authorization provider.You can use the built-in authorization, a System Authorization Facility (SAF) authorization, or an external JACC authorization provider.

Enable an external JACC provider
Use this topic to enable an external JACC provider using the console.

Related concepts

Tivoli Access Manager integration as the JACC provider
Authorization providers
JACC providers
JACC support in WebSphere Application Server

Interfaces that support JACC
Security authorization provider troubleshooting tips
External Java Authorization Contract for Containers provider settings