You can extend the capabilities of WebSphere® Application
Server by plugging in your own authorization provider. You can use the built-in authorization or
an external JACC authorization provider.You
can use the built-in authorization, a System Authorization Facility
(SAF) authorization, or an external JACC authorization provider.
About this task
For an explanation of the administrative console panels
that support these capabilities, see:
Procedure
- Use the built-in authorization provider. It
is recommended that you do not modify any settings on the authorization
provider panels if you use the Built-in authorization option.
For more information, see External authorization provider settings.
- Use an external authorization provider. If you
use the External authorization using a JACC provider option,
the external providers must be based on the Java Authorization
Contract for Containers (JACC) specification to handle the Java Platform, Enterprise Edition (Java EE) authorization. By default, WebSphere Application Server enables you
to configure the Tivoli® Access Manager Java Authorization
Contract for Containers (JACC) provider as the default external JACC
provider. For more information, see External Java Authorization Contract for Containers provider settings.
Use a System Authorization Facility (SAF).
Use the System Authorization Facility (SAF) authorization option
to specify that SAF EJBROLE profiles be used for user-to-role authorization
for both Java Platform, Enterprise Edition
(Java EE) applications and the role-based authorization
requests (naming and administration) that are associated with application
server runtime. This option is available only when your environment
contains z/OS® nodes. For more information, see External authorization provider settings.