You can extend the capabilities of WebSphere Application Server
by plugging in your own authorization provider. You
can use the default authorization or an external JACC authorization provider.You can use the default authorization, a System Authorization
Facility (SAF) authorization, or an external JACC authorization provider.
About this task
For an explanation of the administrative console panels that support
these capabilities, see:
Procedure
- Use the default authorization provider. It is recommended
that you do not modify any settings on the authorization provider panels if
you use the Default authorization option. For more information, see External authorization provider settings.
- Use an external authorization provider. If you use the External
authorization using a JACC provider option, the external providers must
be based on the Java™ Authorization Contract for Containers (JACC) specification
to handle the Java 2 Platform, Enterprise Edition (J2EE) authorization. By
default, WebSphere Application Server enables you to configure the Tivoli
Access Manager Java Authorization Contract for Containers (JACC) provider
as the default external JACC provider. For more information, see External Java Authorization Contract for Containers provider settings and Tivoli Access Manager JACC provider settings.
Use a System Authorization Facility (SAF).
Use the System Authorization Facility (SAF) authorization option
to specify that SAF EJBROLE profiles be used for user-to-role authorization
for both Java 2 Platform, Enterprise Edition (J2EE) applications and the role-based
authorization requests (naming and administration) that are associated with
application server runtime. This option is available only when your environment
contains z/OS nodes. For more information, see External authorization provider settings and z/OS System Authorization Facility authorization.