Version 2

    Jacc Delegation For Unsecured Web Resources


    Based on JBAS-2519, starting jboss-4.0.4.GA, it is possible to delegate to a JACC provider for resources that are not secured via the web.xml security constraints.



    There is an attribute on the JACCAuthorizationRealm that needs to be enabled. It is called as unprotectedResourceDelegation.

    • When this flag is enabled, the JACCAuthorizationRealm will look for an implementation of "findSecurityConstraints"

    from either the JACC policy provider or a special provider class that is plugged in via the

    securityConstraintProviderClass attribute.


    <Realm className="" unprotectedResourceDelegation="true" securityConstraintProviderClass=""