You can extend the capabilities of WebSphere® Application
Server by plugging in your own authorization provider. You
can use the built-in authorization, a System Authorization Facility
(SAF) authorization, or an external JACC authorization provider.
About this task
For an explanation of the administrative console panels
that support these capabilities, see:
Procedure
- Use the built-in authorization provider. It
is recommended that you do not modify any settings on the authorization
provider panels if you use the Built-in authorization option.
For more information, see External authorization provider settings.
- Use an external authorization provider. If you
use the External authorization using a JACC provider option,
the external providers must be based on the Java™ Authorization
Contract for Containers (JACC) specification to handle the Java Platform, Enterprise Edition (Java EE) authorization. By default, WebSphere Application Server enables you
to configure the Tivoli® Access Manager Java Authorization
Contract for Containers (JACC) provider as the default external JACC
provider. For more information, see External Java Authorization Contract for Containers provider settings.
- Use a System Authorization Facility (SAF).
Use the System Authorization Facility (SAF) authorization option
to specify that SAF EJBROLE profiles be used for user-to-role authorization
for both Java Platform, Enterprise Edition
(Java EE) applications and the role-based authorization
requests (naming and administration) that are associated with application
server runtime. This option is available only when your environment
contains z/OS® nodes. For more information, see External authorization provider settings.