Version 2

    Support for Java Authorization Contract for Containers (JACC) - JSR-115 - has been added to AS7.


    Common Configuration

    To add JACC authorization for an application, configure the security domain to used to include the JACC policy module as the authorization module. Here is an example:


    <security-domain name="jacc" cache-type="default">
            <login-module code="UsersRoles" flag="required">
            <policy-module code="JACC" flag="required"/>


    Web Configuration

    One additional step is required to enable JACC for web applications. Add the <use-jboss-authorization> element in WEB-INF/jboss-web.xml. Here is an example:




    EJB Configuration




    Section for Contributors to JBoss AS Codebase

    Web Subsystem


    The permissions are added to JACC PolicyConfiguration in the class.  The input will be the WarMetadata.  The JACC context id is the full name of the war application - something like "myapplication.war".