Support for Java Authorization Contract for Containers (JACC) - JSR-115 - has been added to AS7.

Common Configuration

To add JACC authorization for an application, configure the security domain to used to include the JACC policy module as the authorization module. Here is an example:

<security-domain name="jacc" cache-type="default">
    <authentication>
        <login-module code="UsersRoles" flag="required">
        </login-module>
    </authentication>
    <authorization>
        <policy-module code="JACC" flag="required"/>
    </authorization>
</security-domain>

Web Configuration

One additional step is required to enable JACC for web applications. Add the <use-jboss-authorization> element in WEB-INF/jboss-web.xml. Here is an example:

<jboss-web>
    <security-domain>jacc</security-domain>
    <use-jboss-authorization>true</use-jboss-authorization>
</jboss-web>

EJB Configuration

TBD

Section for Contributors to JBoss AS Codebase

Web Subsystem

The permissions are added to JACC PolicyConfiguration in the org.jboss.web.security.WarJaccService class.  The input will be the WarMetadata.  The JACC context id is the full name of the war application - something like "myapplication.war".