In the last section, you added authentication and authorization protection in the JSP component of the application. In this case, access to the application is restricted, but any user that can access the application can both view and maintain car reservations.
In the next section, you will separate the tasks for viewing and maintaining reservations. Users with the J2EE security role CarRentalEmployee will be able to view reservations and users with the role BookingAgent will also be able to create and cancel reservations.
To set up access protection to the EJB methods, perform the following steps:
1. Create the J2EE security roles.
2. Select the methods that are to be protected by each J2EE security role.