The steps you will perform to protect access to the quick car rental application using J2EE security roles are:
1. You will first protect access to the application by specifying security in the JSP.
a. To be able to perform authorization checks, you must know the user that is attempting to access the application. Therefore, you will specify that authentication is required to access the application.
b. You will specify the policy domain that will use this authentication.
c. You will create the J2EE security role to use for accessing the application.
d. You will create a security constraint for the application that contains this J2EE security role.
2. You will protect access to the EJB methods by creating the J2EE security roles to use for the EJB methods and assigning them to the corresponding methods.
3. You will adjust the error handling to produce an access control error message if the user does not have the permissions for accessing the application.
4. You will rebuild and redeploy the application.
5. You will perform the administrative steps.
a. You will create the users to use for this tutorial.
b. You will assign the users to the J2EE security roles.
6. You will test the application and the role assignment.