Network Deployment (Distributed operating systems), v8.0 > Secure applications and their environment > Authorizing access to resources > Authorization technology
WAS supports authorization that is based on the JACC specification in addition to the default authorization. If a JACC provider is configured, authorization decisions are delegated to the third-party JACC provider.
WAS supports security for Java EE applications and also for its administrative components. Java EE applications, such as Web and EJB components are protected and authorized per the Java EE specification. The administrative components are internal to WAS and are protected by the role-based authorizer. The administrative components include the admin console, MBeans, and components such as naming and security.
When a JACC provider is used for authorization in WAS, all of the Java EE application-based authorization decisions are delegated to the provider per the JACC specification. However, all administrative security authorization decisions are made by the WAS default authorization engine.
Both authorization models satisfy the J2EE specification, and function the same. Choose a JACC provider only to work with an external security provider such as Tivoli Access Manager.
JACC support in WAS
JACC policy context handlers
JACC policy context identifiers (ContextID) format
JACC policy propagation
JACC registration of the provider implementation classes
Role-based security with embedded Tivoli Access Manager
Tivoli Access Manager integration as the JACC provider
Tivoli Access Manager security for WAS
Java Servlet 3.0 support for security
Servlet security dynamic annotations
Enable an external JACC provider
Authorizing access to Java EE resources using Tivoli Access Manager
Propagate security policy of installed applications to a JACC provider using wsadmin.sh
Interfaces that support JACC
Security authorization provider troubleshooting tips