The Java ACC specification defines a contract between a Java EE application server and an authorization policy provider. All Java EE containers support this contract.
The Java ACC specification defines java.security.Permission classes that satisfy the Java EE authorization model. The specification defines the binding of container access decisions to operations on instances of these permission classes. It defines the semantics of policy providers that employ the new permission classes to address the authorization requirements of the Java EE platform, including the definition and use of roles.