+

Search Tips   |   Advanced Search

Enable an external JACC provider

Use this topic to enable an external JACC provider using the console.

The Java Authorization Contract for Containers (JACC) defines a contract between Java EE containers and authorization providers. This contract enables any third-party authorization providers to plug into a Java EE 5 application server, such as WebSphere Application Server to make the authorization decisions when a Java EE resource is accessed.

  1. From the WAS administrative console, click Security > Global security > External authorization providers.

  2. Under Related items, click External JACC provider.

  3. The fields are set for Tivoli Access Manager by default. If we do not plan to use Tivoli Access Manager as the JACC provider, replace these fields with the details for our own external JACC provider.

  4. If any custom properties are required by the JACC provider, click Custom properties under Additional properties and enter the properties. When using the Tivoli Access Manager, use the Tivoli Access Manager properties link instead of the Custom properties link. For more information, see Configure the JACC provider for Tivoli Access Manager using the administrative console.

  5. On the External authorization providers panel, select the External authorization using a JACC provider option and click OK.

  6. Complete the remaining steps to enable security. If we are using Tivoli Access Manager, you must select LDAP as the user registry and use the same LDAP server. For more information on configuring LDAP registries, see Configure Lightweight Directory Access Protocol user registries.

  7. Verify that all of the changes are synchronized across all nodes.

  8. In a multinode environment, stop and start the deployment manager configuration.

    (dist)(zos) Issue the following commands:

     profile_root/bin/stopManager.bat   -username user_name   -password password
      profile_root/bin/startManager.bat

    (iseries) Issue the following commands on the Qshell command line:

     profile_root/bin/stopManager   -username user_name   -password password
      profile_root/bin/startManager

  9. Restart all servers to make these changes effective.


Subtopics


Related concepts

  • Authorization providers
  • Tivoli Access Manager integration as the JACC provider
  • JACC providers
  • JACC support in WebSphere Application Server


    Related tasks

  • Authorizing access to Java EE resources using Tivoli Access Manager
  • Propagating security policy of installed applications to a JACC provider

    Synchronize nodes using wsdmin.sh

  • External Java Authorization Contract for Containers provider settings
  • Interfaces that support JACC
  • Security authorization provider troubleshooting tips