Core Documentation
JACC stands for Java Authentication Contract for Containers. It’s defined in the JSR 115 specification and all Java EE complaint servers are mandated to provide a JACC Policy by default.
How to install a custom JACC provider per Server (Global)
Having coded a JACC provider, the first thing to do it is to make these
classes available for the server. For that purpose, you need to put the implementation JAR, with all its dependencies, under the {PAYARA_HOME}/lib
folder.
The next thing to do is to tell Payara you want to use the custom JACC provider. To do this, you have to execute the following administration command:
create-jacc-provider
--policyConfigurationFactoryProvider=com.example.CustomPolicyConfigurationFactory
--policyProvider=com.example.CustomPolicy --target=server-config custom-provider set configs.config.server-config.security-service.jacc=custom-provider
This will result in the following configuration element added to the domain.xml file:
<security-service jacc="custom-provider">
<jacc-provider policy-provider="com.example.CustomPolicy" name="custom-provider"
policy-configuration-factory-provider="com.example.CustomPolicyConfigurationFactory">
</jacc-provider>
<!-- More providers can be defined -->
</security-service>
As you can see on the XML excerpt, more JACC providers can be defined
(by default, the simple
and default
providers are already defined),
but only one will be used at runtime, specified by the jacc
attribute
on the security-service
element.
How to install a custom JACC provider per Application (Local)
Since Payara Server 4.1.2.182 and 5.182
With a custom JACC provide per server, applications deployed to a single server can’t have their own custom authorization contracts.
In this case, having a custom JACC Provider per application makes more sense by using the fish.payara.jacc.JaccConfigurationFactory
API.
To access this API, you will need to add a dependency to the Payara Public API first. |
In the example below, when an application is deployed, a custom JACC provider is registered programmatically using the JaccConfigurationFactory
(consisting of a JACC PolicyConfigurationFactory
and Policy
implementation objects)
in the contextInitialized
method of ServletContextListener
.
@WebListener
public class JaccInstaller implements ServletContextListener {
@Override
public void contextInitialized(ServletContextEvent sce) {
JaccConfigurationFactory
.getJaccConfigurationFactory()
.registerContextProvider(
getAppContextId(sce.getServletContext()),
new CustomPolicyConfigurationFactory(),
new CustomPolicy()
);
}
private String getAppContextId(ServletContext servletContext) {
return servletContext.getVirtualServerName() + " " + servletContext.getContextPath();
}
}