I'm fairly new with J2EE security, so I'm sure that I have some (maybe many) misconceptions.
I was under the impression that JACC provides the piece of authorization that JAAS misses, namely a dynamic form of enforcing policies. And like JAAS, you would implement a pluggable module, but unlike JAAS, the module is for authorization instead of authentication. This would essentially be another level of authorization that can essentially replace the application level of authorization defined by JAAS. I was hoping to provide a JACC implementation that would essentially handle my authorization needs to decide who can access what, etc. Say for example, I define a policy that says my ejb or some of its methods are off limits after 5:00 pm. So, I'd like my client app to be able to know how to handle it. However, my lack of expertise (reading through the specs has not sunk in much) in the subject field in conjunction with the lack of example implementations (or just plain examples for that matter) has left me a bit confused on the whole matter. If you or someone else can provide answers to the following questions, it would probably clear things up for me. Can an application developer use JACC or a JACC policy provider implementation (namely, are there api's that I can program to?)? Can you define who the security provider should be that provides the JACC policy provider implementation (for example, joe developer, or a security specialist company, or JBoss, etc)? Are there any JACC policy provider implementations out there? I've scoured newgroups, and googled many times over, and cant find anything. Thanks for any answers you can provide. I realize this is the JAAS JBoss forum, but would not be surprised that there are other developers who've used JAAS, and are wondering not just what, but how JACC will bring something new to the table. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3848627#3848627 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3848627 ------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user