Testing the Access Protection

Use

You can now test the role assignments. For this test, you will log on to the application using each of the users. An error message should appear if the role assignment for the user does not allow him or her perform the corresponding action. See the table below.

Users and Corresponding Authorizations

User

Permitted Tasks

Non-Permitted Tasks

Pr_Agent

·        View reservations

·        Create and cancel reservations for all vehicle types

Not applicable

Agent

·        View reservations

·        Create and cancel reservations for the vehicle types:

Ў        Economy

Ў        Compact

Ў        Intermediate

Ў        Full Size

Ў        Mini Van

Not allowed to create or cancel reservations for the vehicle types:

·        Premium

·        Luxury

Employee

View reservations

Not allowed to create or cancel reservations

OtherUser

Not applicable

Not allowed to access the quick car rental application

Prerequisites

The J2EE Engine is running.

You have completed the tutorial steps and assigned the roles to the users.

Procedure

Testing the Role Assignment for User Pr_Agent

...

       1.      Start a new Web browser.

       2.      Access the quick car rental application.

http://localhost:50000/QuickCarRental

       3.      Log on to the application as the user Pr_Agent. (If necessary, change the initial password.)

       4.      Create a reservation using the vehicle type Economy.

This reservation is created.

       5.      Create a reservation using the vehicle type Luxury or Premium.

This reservation is also created.

       6.      Create and cancel additional reservations.

All attempts should be successful.

When you are finished, make sure you have at least one reservation with a standard vehicle type and one with a vehicle type Premium or Luxury.

       7.      Close the Web browser.

Testing the Role Assignment for User Agent

Start a new Web browser and repeat these steps for the user Agent. Agent should be able to create and cancel reservations for all vehicle types except for Premium and Luxury.

Testing the Role Assignment for User Employee

Start a new Web browser and repeat these steps for the user Employee. Employee should be able to view the existing reservations, but should not be able to create or cancel any reservations.

Testing the Role Assignment for a User with no Authority to Access the Application

Start a new Web browser and repeat these steps for a user that is not assigned to any of the quick car rental roles, for example, OtherUser.

Result

You have protected access to the quick car rental application using UME permissions, actions and roles.

You are now finished with this tutorial.

If you want to see how to use J2EE security roles to protect access to the application, see Protecting Access to a J2EE-Based Application Using J2EE Security Roles.

If you want to see how to use UME permissions to protect access to the Web Dynpro car rental application, see Protecting Access to the Web Dynpro Application Using UME Permissions.