Core Documentation

JACC stands for Java Authentication Contract for Containers. It’s defined in the JSR 115 specification and all Java EE complaint servers are mandated to provide a JACC Policy by default.

How to install a custom JACC provider

Having coded a JACC provider, the first thing to do it is to make these classes available for the server. For that purpose, you need to put the implementation JAR, with all its dependencies, under the {PAYARA_HOME}/lib folder.

The next thing to do is to tell Payara you want to use the custom JACC provider. To do this, you have to execute the following administration command:

create-jacc-provider
--policyConfigurationFactoryProvider=com.example.CustomPolicyConfigurationFactory
--policyProvider=com.example.CustomPolicy --target=server-config custom-provider set configs.config.server-config.security-service.jacc=custom-provider

This will result in the following configuration element added to the domain.xml file:

<security-service jacc="custom-provider">
    <jacc-provider policy-provider="com.example.CustomPolicy" name="custom-provider"
      policy-configuration-factory-provider="com.example.CustomPolicyConfigurationFactory">
    </jacc-provider>
    <!-- More providers can be defined -->
</security-service>

As you can see on the XML excerpt, more JACC providers can be defined (by default, the simple and default providers are already defined), but only one will be used at runtime, specified by the jacc attribute on the security-service element.