Exercises

Using the code for the Advertise EJB as an example, add in security for the Register EJB. Use declarative security to restrict access to the Register Session bean to members of the J2EE RI Applicants group. Add programmatic security to ensure a non-administrator can only create a Register EJB using a login name the same as his or her principal name. Update the Agency bean to restrict the abilities of a non-administrator to only being able to create and delete applicants with a login name the same as his or her principal name. Don't forget to add the role ref mapping admin onto Administrator in the Register session EJB and the Register Web application.

Update the agency.jsp and register.jsp Web pages to obtain the applicant's name from the security credentials instead of presenting the user with a list of applicant names. Hint: follow the example JSP code for managing customers (advertise.jsp) shown in today's lesson.