Protecting Access to the Web Dynpro Application Using UME Permissions

Task

In this tutorial, you will include access protection to the Web Dynpro car rental application. In this application, the Web Dynpro serves as a Web service client for Web services implemented using an EJB. The Web service and EJB are provided with the quick car rental application, which is a standard sample application provided with the J2EE Engine.

For this tutorial, you will implement the UME permissions so that only authorized users are allowed to perform certain tasks. The following access protection rules apply:

?     All car rental employees can access the application. They can view current reservations.

?     Only those employees who work as booking agents can create or cancel reservations. Standard booking agents can create and cancel reservations for the standard vehicle types (economy, compact, intermediate, full size, and mini van).

?     Only premium booking agents can create or cancel reservations for premium or luxury cars.

To check permissions in the EJB, you will also need to authenticate the user as part of the Web Dynpro authentication. The authentication information will be passed to the EJB over the Web service in the form of a logon ticket.

Also, as an optional step, you will learn how to adjust the Web Dynpro input screen depending on the user’s authorizations. If the user does not have the proper authorizations, you will set the input fields to read-only so that the user cannot enter any data.

Objectives

By the end of this tutorial, you will be able to:

!

Use authentication to protect access to your Web Dynpro application.

!

Activate authentication on the Web service so that the user’s logon ticket is passed to the EJB.

!

Use UME permissions to distinguish between users with different authorizations for the entity bean methods.

!

Specify consolidated permissions in UME actions.

!

Perform the administrative steps for creating roles and assigning roles to users using the UME user management administration console.

!

Adjust the Web Dynpro input screen according to the user’s authorizations.

Prerequisites

Systems, installed applications, and authorizations

The SAP NetWeaver Developer Studio is installed on your computer.

You can access the J2EE Engine from the SAP NetWeaver Developer Studio for deployment.

You can log on to the J2EE Engine with an administrator user using the Visual Administrator.

Knowledge

Java knowledge and basic knowledge of the J2EE programming model is advantageous.

You have acquired some basic experience with the J2EE toolset in the Developer Studio.

You have acquired some basic experience with developing Web Dynpro applications.

Existing Applications

This application uses the following sample applications:

The quick car rental application, which is provided as a sample application with the SAP NetWeaver Developer Studio.

The Web Dynpro car rental application, which serves as a client for the quick car rental application.

Both of these applications are provided in projects that you can import into the SAP NetWeaver Developer Studio.

The quick car rental application is part of the standard set of sample applications contained in the example directory of the Developer Studio (.../SAP/JDT/eclipse/examples). The Web service is already defined there and only needs to be deployed on the J2EE Engine. You can familiarize yourself with the quick car rental application using the tutorial Creating a J2EE-Based Car Rental Application.

To familiarize yourself with the Web Dynpro car rental application, see the tutorial Using Web Dynpro to Avail of the Car Rental Web Service. Note however, that the initial project to use for this tutorial includes some enhancements not provided with the familiarization tutorial.

Next Step:

Before beginning with the tutorial, you should familiarize yourself with the concepts necessary for using UME permissions with this tutorial.