Package com.sun.enterprise.security.jacc

This package contains much of the implementation code for JACC.

JACC is the EE standard for taking care of the authorization aspects of security.

Code in this package translates constraints from the web and EJB descriptors that are pre-parsed by Payara into various JACC Permission instances. These instances are stored into a pluggable PolicyConfiguration. By default Payara is configured to use the one from "jacc.provider.file". This package also contains the web authorization manager, which is the entry point for all authorization decisions from the web layer. This too is delegated to a pluggable component called the JACC Policy Provider.

The pluggable JACC components are loaded by a class in nucleus: PolicyLoader

Class Summary

Class	Description
JaccEJBConstraintsTranslator	This class is used for translating security constrains from ejb-jar.xml and corresponding annotations into JACC permissions, and writing this to the pluggable PolicyConfiguration (which is EE standard permission repository).
JaccWebAuthorizationManager	This class is the entry point for authorization decisions in the web container.
JaccWebConstraintsTranslator	This class is used for translating security constrains from web.xml and corresponding annotations into JACC permissions, and writing this to the pluggable PolicyConfiguration (which is EE standard permission repository).