Update the EJB Security Model.

Using the code in today's lesson for the Advertise EJB as an example, add security for applicant registration functionality in the Register EJB.

Use declarative security to restrict access to the Register Session bean methods to members of the J2EE RI Applicants group.

Add programmatic security to the Register EJB to allow administrators to create a Register EJB for any name but restrict customers to only create a Register EJB for their caller principal name.

Update the Agency bean to restrict the abilities of a non-administrator to create and delete applicants with a login name the same as their principal name. Don't forget to add the role ref mapping admin onto Administrator in the Register session EJB.

Deploy and test changes before completing part 2.

Update the Web Application Security Model.

The Web application declarative security was implemented as part of today's sample code.

To add programmatic security to the Web application you need to update the UseApplicantTag class to obtain the applicant's name from the security credentials for non-administrators following the sample code in UseCustomerTag.java shown in today's lesson. You must add a role reference for the admin role to theregister.jsp and updateApplicant.jsp web components.

You also need to update the agency.jsp to remove the applicant select list and provide a simple login button for existing applicants (follow the code example for existing customers).

Deploy and test these changes to the Web interface.