Protecting Access to a J2EE-Based Application Using J2EE Security Roles

The Task

In this tutorial, you will include access protection to the quick car rental application that is provided with the SAP NetWeaver Developer Studio. In this application, a JSP and servlet serve as the frontend client. The business logic is implemented using EJBs.

You will provide access protection using authentication and J2EE security roles. The following rules apply:

?     All car rental employees can access the application. They can view current reservations.

?     Only those employees who work as booking agents can create or cancel reservations.

To perform the authorization check, you also have to require authentication. For this tutorial, you will use Basic Authentication (user ID and password).


By the end of this tutorial, you will be able to:


Use authentication to protect access to the application.


Use J2EE security roles in the JSP to protect access to the application.


Use J2EE security roles in the EJBs to distinguish between users with different authorizations for the different methods.


Perform the administrative steps for assigning users to J2EE security roles using the Visual Administrator.


Systems, Installations, and Authorizations

The SAP NetWeaver Developer Studio is installed on your computer.

You can access the J2EE Engine from the SAP NetWeaver Developer Studio for deployment.

You can log on to the J2EE Engine with an administrator user using the Visual Administrator.


Java knowledge and basic knowledge of the J2EE programming model is advantageous.

You have acquired some basic experience with the J2EE toolset in the Developer Studio.

Next Step:

Importing the Project for the J2EE-Based Car Rental Tutorial