The Java Authorization Contract for Containers (JACC) defines a contract between J2EE containers and authorization providers. You can use the default authorization or an external JACC authorization provider. When security is enabled in WebSphere Application Server, the default authorization is used unless a JACC provider is specified.
JACC enables any third-party authorization providers to plug into a J2EE application server (such as WebSphere Application Server) to make the authorization decisions when a J2EE resource is accessed. By default, WebSphere Application Server implements the JACC provider by using Tivoli Access Manager as the external authorization provider.
Read the following articles for more detailed information about JACC before you attempt to configure WebSphere Application Server to use a JACC provider: