The ApplicationPolicyMetaDataFactory must be able to create application policies that contain an ACL configuration. The ACL providers must be specified through the <acl> element:

<application-policy xmlns="urn:jboss:security-beans:1.0" name="policy">
<authentication>
....
</authentication>
<acl>
<acl-module code="org.jboss.security.acl.ACLProviderImpl" flag="required">
<module-option name="option">value</module-option>
</acl-module>
</acl>
...
</application-policy>