This article should guide you to choose an authorization system for your applications running in JBoss AS. The applications in question are web components and EJB components. This article does not describe the authorization scheme for other EE components.
Type of Authorization
- Specification - Conform to the Servlet and EJB specifications. (web.xml, ejb-jar.xml/annotations)
- JACC - Conform to the JSR 115 specification.
- XACML - Conforms to the Oasis XACML v2 specification. This is a non-standard extension.
Documentation
- Specification: Refer to the standard JBoss AS documentation.
- JACC: Refer to JBoss AS documentation to configure the JACC providers.
- XACML: http://java.dzone.com/articles/security-features-jboss-510-1
Some Caveats:
- We do not support an XACML based JACC provider. Keep the concepts separate. XACML is an extensive access control specification where as JACC is a EE specification that extends the Java Permission Model to the Web and EJB Components.
Comments