Enables administrators to create a JACC provider that can be used by third-party authorization modules for applications running in Payara Server.
Synopsis
asadmin [asadmin-options] create-jacc-provider [--help]
[--policyproviderclass pol-provider-class]
[--policyconfigfactoryclass pc-factory-class]
[--property name=value)[:name=value]*]
[--target target] jacc-provider-name
Description
The create-jacc-provider
subcommand creates a JSR-115—compliant Java Authorization Contract for Containers (JACC) provider that can be used for authorization of applications running in Payara. The JACC provider is created as a jacc-provider
element within the security-service
element in the domain’s domain.xml
file.
The default Payara installation includes two JACC providers, named default
and simple
.
Any JACC providers created with the create-jacc-provider
subcommand are in addition to these two default providers. The default Payara JACC providers implement a simple, file-based authorization engine that complies with the JACC specification. The create-jacc-provider
subcommand makes it possible to specify additional third-party JACC providers.
You can create any number of JACC providers within the security-service
element, but the Payara runtime uses only one of them at any given time. The jacc-provider
element in the security-service
element points to the name of the provider that is currently in use by Payara. If you change this element to point to a different JACC provider, restart Payara.
This command is supported in remote mode only.
Options
If an option has a short option name, then the short option precedes the long option name. Short options have one dash whereas long options have two dashes.
- asadmin-options
-
Options for the
asadmin
utility. For information about these options, see theasadmin
help page. --help
-?
-
Displays the help text for the subcommand.
--policyproviderclass
-
Specifies the fully qualified class name for the
javax.security.jacc.policy.provider
that implements thejava.security.Policy
. --policyconfigfactoryclass
-
Specifies the fully qualified class name for the
javax.security.jacc.PolicyConfigurationFactory.provider
that implements the provider-specificjavax.security.jacc.PolicyConfigurationFactory
. --property
-
Optional attribute name/value pairs for configuring the JACC provider. The following properties are available:
repository
-
The directory containing the JACC policy file. For the
default
Payara JACC provider, the default directory is${com.sun.aas.instanceRoot}/generated/policy
. This property is not defined by default for thesimple
Payara JACC provider.
--target
-
Specifies the target for which you are creating the JACC provider. The following values are valid:
server
-
Creates the JACC provider on the default server instance. This is the default value.
- configuration_name
-
Creates the JACC provider in the specified configuration.
- cluster_name
-
Creates the JACC provider on all server instances in the specified cluster.
- instance_name
-
Creates the JACC provider on a specified server instance.
Operands
- jacc-provider-name
-
The name of the provider used to reference the
jacc-provider
element indomain.xml
.
Examples
Example 1 Creating a JACC Provider
The following example shows how to create a JACC provider named testJACC
on the default server
target.
asadmin> create-jacc-provider
--policyproviderclass org.glassfish.exousia.modules.locked.SimplePolicyProvider
--policyconfigfactoryclass org.glassfish.exousia.modules.locked.SimplePolicyConfigurationFactory
testJACC
Command create-jacc-provider executed successfully.