I've read the archives and seen some emails on the subject--and I've glazed over while attempting to make it through the specification--but I'm still lost as to what a JACC provider fundamentally [i]is[/i]. I was hoping this list--though a bit off-topic--could tell me, using small words so I understand. :-)
I understand that nearly all of the JACC specification is devoted to addressing the plumbing and machinery that causes an application server to be able to consult a java.security.Policy for its security rules instead of the built-in "magic" that enforces such things as EJB method permissions.
And I understand that at some very, very base level a JACC provider is a Policy implementation.
I guess my first question is: is it anything else? Let's say I write a Policy subclass, just for the sake of argument, that makes random, in-memory policy decisions. That is, when you call myPolicy.implies(), I return true or false based on things like the phase of the moon. My Policy class, therefore, is really all I need in order to make access decisions.
My second question is: with Glassfish in my left hand, and my Policy subclass in my right hand, what do I do next? Does my Policy class actually have to implement some interface, or become blessed-by-JACC in some way, or is it simply a matter of putting my Policy class down in The Right Place and finagling some XML in the server somewhere to get it recognized?
Thanks in advance for any pointers.
Best,
Laird
[Message sent by forum member 'ljnelson' (ljnelson_at_gmail.com)]
http://forums.java.net/jive/thread.jspa?messageID=363244