Testing the Access Protection


You are now ready to test the application for this part of the tutorial. You will make sure that Employee and Agent are able to access the application, but not the user OtherUser.


The J2EE Engine is running.

The quick car rental application is deployed on the J2EE Engine.

The users Employee and Agent are assigned to the AccessQuickCarRental security role for the JSP.

The user Employee is assigned to the CarRentalEmployee security role for the EJB.

The user Agent is assigned to the BookingAgent security role for the EJB.



       1.      Execute the car rental application by entering its URL in the Web browser.


You are prompted for user ID and password.

       2.      Enter the user ID and password for Employee.

If the user’s password is initial, then you must specify a new one for the user. Enter a new password and choose Change password.

Employee has access to the JSP application. The Web browser displays the initial input screen for the car rental application.

       3.      Attempt to create a reservation. Enter data and choose Add Reservation.

You receive an error message that the user Employee does not have access to the EJB method.

       4.      Close your Web browser.

       5.      Repeat the steps for the user Agent.

The user Agent is also able to access the application.

       6.      Attempt to create a reservation. Enter data and choose Add Reservation.

Agent is able to create and cancel reservations.

       7.      Close your Web browser and repeat the steps for the user OtherUser.

The user OtherUser cannot access the application and receives an error.


You are now finished with this tutorial. If you want to see how to use UME permissions for access protection, see one of the other tutorials:

Protecting Access to the J2EE-Based Application Using UME Permissions

Protecting Access to the Web Dynpro Application Using UME Permissions