JACC policy context identifiers (ContextID) format

A policy context identifier is defined as a unique string that represents a policy context. A policy context contains all of the security policy statements as defined by the Java Contract for Containers (JACC) specification that affect access to the resources in a Web or EJB module. During policy propagation to the JACC provider, a PolicyConfiguration object is created for each policy context. The object is populated with the policy statements (represented by the JACC permission objects) that correspond to the context. The object is then propagated to the JACC provider using the JACC specification APIs.

WebSphere Application Server makes the contextID unique by using the string href:cellName/appName/moduleName as the contextID format for the modules. The href part of the string indicates that a hierarchical name is passed as the contextID.

The cellName represents the name of the deployment manager cell or the base cell where the application is installed. After an application is installed in one cell (for example, in a base application server where the cell name is base1) and is added to a deployment manager cell whose name is cell1 by using addNode, the contextID for the modules in the application contain base1 (not cell1 ) as the cell name since the application was initially installed in base1.

The appName part of the string in the contextID represents the application name containing the module. The moduleName refers to the name of the module.

As an example, the contextID for the module Increment.jar in an application named DefaultApplication that is installed in cell1 is href:cell1/DefaultApplication/Increment.jar.


 

See Also


Authorization in WebSphere Application Server
Tivoli Access Manager integration as the JACC provider
JACC support in WebSphere Application Server

 

Related Tasks


Enabling an external JACC provider
Configuring a JACC provider
Propagating security policy of installed applications to a JACC provider using wsadmin scripting

 

See Also


Interfaces used to support JACC
Troubleshooting authorization providers