Java Authorization Contract for Containers (JACC) is the part of the Java EE specification that defines an interface for pluggable authorization providers. This enables you to set up third-party plug-in modules to perform authorization. By default, the Enterprise Server provides a simple, file-based authorization engine that complies with the JACC specification. You can also specify additional third-party JACC providers.
JACC providers use the Java Authentication and Authorization Service (JAAS) APIs. JAAS enables services to authenticate and enforce access controls upon users. JAAS implements a Java technology version of the standard Pluggable Authentication Module (PAM) framework.
JSR 196 allows you to develop plugins at different layers. You can define plugins that change the way new authentication mechanism are configured, such as, AuthConfigProvider and AuthConfigFactory. You can also define new authentication mechanisms, such as ServerAuthModule and ClientAuthModule.