JACC (Java Authorization Contract for Containers) is a spec that allows plugging in providers to handle the security decisions for a j2ee application server.
The Java Authorization Contract for Containers (JACC) is a specification that is introduced in Java 2 Platform, Enterprise Edition (j2ee) version 1.4 through the Java Specifications Request (jsr) 115 process. This specification defines a contract between J2EE containers and authorization providers.
The contract enables third-party authorization providers to plug into J2EE application servers to make the authorization decisions when a J2EE resource is accessed. The access decisions are made through the standard java.security.Policy object.