The Java Authorization Container Contract (JACC) is a specification that was introduced in Java 2 Platform, Enterprise Edition (J2EE) 1.4 through the Java Specification Request (JSR) 115 process. This specification defines a contract between J2EE containers and authorization providers. This enables any third-party authorization providers to plug into any J2EE 1.4 Application Servers such as WebSphere to make authorization decisions when a J2EE resource is being accessed. The access decisions is made through the standard java.security.Policy object.
When an authenticated user makes a request to a web or a EJB resource, the security runtime makes the decision of whether to allow the access. This is called an access decision. Based on JACC, the appropriate permission object is created, the appropriate policy context handlers are registered, and the appropriate policy context identifier (contextID) is set. A call is made to the java.security.Policy object that is implemented by the provider to make the access decision.
In IBM WebSphere Application Server (WAS), when security is enabled, the default authorization is used unless a JACC provider is specified. The default authorization does not require special setup, and the default authorization engine makes all of the authorization decisions. However, if a JACC provider is configured and set up for WAS, all of the enterprise bean and web resource access decision will be delegated to the JACC provider.
Tuesday, October 02, 2007
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment