The steps you will perform to protect access to the quick car rental application using UME permissions are:
1. To use the UME functions, you first have to include the UME libraries in your development project.
2. You will protect access to the application by including security mechanisms in the JSP:
a. To be able to perform authorization checks, you must know the user that is attempting to access the application. Therefore, you will require authentication in the JSP.
b. You will create the permission class to use for the JSP.
c. You will check the permission in the JSP using the checkPermission() method.
3. You will also use UME roles to protect access to the EJB methods:
a. You will create a permission class to be used by the EJB.
b. To check the permission, you need to obtain the user’s ID, which was acquired by the JSP and is stored in the current context.
c. You will check the permission in the EJB’s methods using the checkPermission()method.
4. You will rebuild and redeploy the application on the J2EE Engine.
5. You will consolidate the permissions by specifying actions (ViewReservations, MaintainStandard and MaintainPremium) in the actions.xml file.
6. You will build and deploy the corresponding archive file.
7. You will perform the administration steps:
a. You will create the users to use for this tutorial.
b. You will create the corresponding UME roles and assign these roles to the users.
8. You will test the role assignments.