As of today, still only seems to work for EJB. I used this JACC provider: https://github.com/arjantijms/cdi-jacc-provider build it using mvn clean package and copied the jar to /lib in TomEE 7.0.1.
Added the following as VM parameters: -Djavax.security.jacc.policy.provider=org.omnifaces.jaccprovider.jacc.policy.DefaultPolicy -Djavax.security.jacc.PolicyConfigurationFactory.provider=org.omnifaces.jaccprovider.jacc.configuration.TestPolicyConfigurationFactory Then deployed the web app from the following project: https://github.com/arjantijms/custom-authorization The JACC provider is subsequently called, but only for (build-in) EJBMethodPermissions. No WebAnything permissions are being set and the JACC code is not called when a Servlet resources is accessed. When I add a (protected) EJB to the web app and call that from a Servlet, the JACC provider IS called. So JACC does work, but indeed only for EJB. -- View this message in context: http://tomee-openejb.979440.n4.nabble.com/How-can-I-enable-JACC-in-TomEE-tp4673113p4679746.html Sent from the TomEE Users mailing list archive at Nabble.com.
