enables administrators to create a JACC provider that can be used by third-party authorization modules for applications running in GlassFish Server


create-jacc-provider [--help]
[--policyproviderclass pol-provider-class] 
[--policyconfigfactoryclass pc-factory-class] 
[--property name=value)[:name=value]*] 
[--target target] jacc-provider-name


The create-jacc-provider subcommand creates a JSR-115—compliant Java Authorization Contract for Containers (JACC) provider that can be used for authorization of applications running in GlassFish Server. The JACC provider is created as a jacc-provider element within the security-service element in the domain's domain.xml file.

The default GlassFish Server installation includes two JACC providers, named default and simple. Any JACC providers created with the create-jacc-provider subcommand are in addition to these two default providers. The default GlassFish Server JACC providers implement a simple, file-based authorization engine that complies with the JACC specification. The create-jacc-provider subcommand makes it possible to specify additional third-party JACC providers.

You can create any number of JACC providers within the security-service element, but the GlassFish Server runtime uses only one of them at any given time. The jacc-provider element in the security-service element points to the name of the provider that is currently in use by GlassFish Server. If you change this element to point to a different JACC provider, restart GlassFish Server.

This command is supported in remote mode only.


If an option has a short option name, then the short option precedes the long option name. Short options have one dash whereas long options have two dashes.


Displays the help text for the subcommand.


Specifies the fully qualified class name for the that implements the


Specifies the fully qualified class name for the that implements the provider-specific


Optional attribute name/value pairs for configuring the JACC provider. The following properties are available:


The directory containing the JACC policy file. For the default GlassFish Server JACC provider, the default directory is ${com.sun.aas.instanceRoot}/generated/policy. This property is not defined by default for the simple GlassFish Server JACC provider.


Specifies the target for which you are creating the JACC provider. The following values are valid:


Creates the JACC provider on the default server instance. This is the default value.


Creates the JACC provider in the specified configuration.


Creates the JACC provider on all server instances in the specified cluster.


Creates the JACC provider on a specified server instance.



The name of the provider used to reference the jacc-provider element in domain.xml.


Example 1   Creating a JACC Provider

The following example shows how to create a JACC provider named testJACC on the default server target.

asadmin> create-jacc-provider

Command create-jacc-provider executed successfully.

Exit Status


subcommand executed successfully


error in executing the subcommand

See Also

delete-jacc-provider(1), list-jacc-providers(1)