JACC is a specification that ties in the authorization world to the java permission based model.
Since you have a need for xacml, you will have to do a lot of work, in mapping the xacml request/response semantics to the permissions model. I am not sure if this is worth the effort.
At JBoss, we have been thinking about the Authorization space, with a model that is extensible. Jacc, xacml and ws-* specs can be implementation details.
There is a feature request for xacml impl: