Use the built-in authorization provider
We can extend the capabilities of WAS by plugging in our own authorization provider. We can use the built-in authorization or an external JACC authorization provider.You can use the built-in authorization, a System Authorization Facility (SAF) authorization, or an external JACC authorization provider.
For an explanation of the console panels that support these capabilities, see:
- Use the built-in authorization provider. IBM recommends that we do not modify any settings on the authorization provider panels if you use the Built-in authorization option. For more information, see External authorization provider settings.
- Use an external authorization provider. If we use the External authorization using a JACC provider option, the external providers must be based on the Java Authorization Contract for Containers (JACC) specification to handle the Java EE authorization. By default, WebSphere Application Server enables you to configure the Tivoli Access Manager Java Authorization Contract for Containers (JACC) provider as the default external JACC provider. For more information, see External Java Authorization Contract for Containers provider settings and Tivoli Access Manager JACC provider settings.
- (zos) Use a System Authorization Facility (SAF). Use the System Authorization Facility (SAF) authorization option to specify that SAF EJBROLE profiles be used for user-to-role authorization for both Java EE applications and the role-based authorization requests (naming and administration) associated with application server runtime. This option is available only when the environment contains z/OS nodes. For more information, see External authorization provider settings and z/OS System Authorization Facility authorization.
Subtopics
- External authorization provider settings
Use this page to enable a Java Authorization Contract for Containers (JACC) provider for authorization decisions.
- External Java Authorization Contract for Containers provider settings
Use this page to configure the application server to use an external Java Authorization Contract for Containers (JACC) provider. For example, the policy class name and the policy configuration factory class name are required by the JACC specification.
(zos) z/OS System Authorization Facility authorization
Tivoli Access Manager JACC provider settings