Extensible Permissions
The extensible permissions feature uses the Java virtual machine (JVM) and the Java Access Control Interface (JACI) to allow you to run your own Java-based permissions module in the EMS server.
Your Permissions Module runs in the JVM within the EMS server, and connects to tibemsd using the JACI interface. Like the LoginModule, the Permissions Module provides an extra layer of security to your EMS application. It does not supersede standard EMS procedures for granting permissions. Instead, the module augments the existing process.
When a user attempts to perform an action, such as subscribing to a topic or publishing a message, the EMS server checks the acl.conf file, the Permissions Module, and cached results from previous Permissions Module queries, for authorization. This process is described in detail in Granting Permissions.