Use this page to enable a Java Authorization Contract for Containers (JACC) provider for authorization decisions.
The application server provides a default authorization engine that performs all of the authorization decisions. In addition, the application server also supports an external authorization provider using the JACC specification to replace the default authorization engine for Java 2 Platform, Enterprise Edition (J2EE) applications.
JACC is part of the J2EE specification, which enables third-party security providers such as Tivoli Access Manager to plug into the application server and make authorization decisions.
Use this option to specify that SAF EJBROLE profiles are used for user-to-role authorization for both Java 2 Platform, Enterprise Edition (J2EE) applications and the role-based authorization requests (naming and administration) that are associated with application server runtime. This option is available when your environment contains z/OS nodes only.
You can enable several SAF authorization properties by clicking z/OS SAF authorization under Related items. You can add a value for the com.ibm.security.SAF.EJBROLE.Audit.Messages.Suppress property. Set this property to turn ICH408I messages on or off. The default value for this property is false, which does not suppress messages. You can set this value to true to suppress the ICH408I messages.
Use this link to configure the application server to use an external JACC provider. For example, to configure an external JACC provider, the policy class name and the policy configuration factory class name are required by the JACC specification.
The default settings that are contained in this link are used by Tivoli Access Manager for authorization decisions. If you intend to use another provider, modify the settings as appropriate.
Use this option all the time unless you want an external security provider such as the Tivoli Access Manager to perform the authorization decision for J2EE applications that are based on the JACC specification.
Default: | Enabled |