In org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService.handleJACCAuthorization I found the following comment:

  // TODO make the authorization manager implementation configurable in Undertow or jboss-web.xml

Wonder if that TODO is still on the radar. 

Would be quite an improvement if an application could declare itself that it wanted to use the Java EE authorization module (JACC), which would hold for either the default JACC module that JBoss/WildFly ships (and initializes) or a user provide one.

Thoughts?

Kind regards,

Arjan Tijms