Set authorization policies for all EJB and Web components
Procedure 8.1. Set authorization policies for all EJB and WAR components You can override authorization for all EJBs and Web components, or for a particular component. This procedure describes how to define JACC authorization control for all EJB and WAR components. The example defines application policy modules for Web and EJB applications: jboss-web-policy, and jboss-ejb-policy. Open the security policy bean Navigate to $JBOSS_HOME/server/$PROFILE/deploy/security Open the security-policies-jboss-beans.xml file. By default, the security-policies-jboss-beans.xml file contains the configuration in Example 8.1, “security-policies-jboss-beans.xml�. Example 8.1. security-policies-jboss-beans.xml Change the application-policy definitions To set a single authorization policy for each component using JACC, amend each code attribute with the name of the JACC authorization module. Restart server You have now configured the security-policy-jboss-beans.xml file with JACC authorization enabled for each application policy. Restart the server to ensure the new security policy takes effect.