Just gunna close this up... with what I hope may help some buddy... some day...
A lot of the issue I had with my custom JACC implementation was that I needed to serialize the PolicyConfiguration's once the commit method was invoked.
Then, the next time they were requested from my PolicyConfigurationFactory implementation, but were not in the map that maps from contextId to PolicyConfiguration, I loaded the PolicyConfiguration from disk.
In Glassfish, the easiest way to do this was to set a "repository" property on my JACC provider that pointed to somewhere like ${com.sun.aas.instanceRoot}/myJacc/policy and then serialize into that directory in my PolicyConfiguration.commit method, I pulled the name or the directory via:
System.getProperty( "com.sun.enterprise.jaccprovider.property.repository" ) ;
of course I could have used a different property, but that works fine.
I never got back around to verifying that the super.implies was unnecessary or verifying it under WAS.
Someday maybe.
All in all, I really wish the "default mapping" was part of the standard, since implementing your own is kinda painful.
For the morbidly curious, I ended up writing a JMAC/JSR-196 implementation for the JAAS piece which was a lot easier than writing a custom realm *and* is standard.
That I do recommend.
My only carp being that I Iwish there was a default implementation of java.security.acl.Group and java.security.Principal since they are very silly interfaces to implement.
Anyhoo... security-tastic!
[Message sent by forum member 'brian_of_fortent' (brian_of_fortent)]
http://forums.java.net/jive/thread.jspa?messageID=278410