Alice’s recipe servlet, a story about programmatic security...

Alice knows that most of the time declarative security is the way to go. It’s flexible, powerful, portable, and robust. As web application architectures have evolved, individual servlets have become more and more specialized. In the old days, a single servlet would be used to provide business logic to support employees and managers. Today, these functions would probably be split into at least two distinct servlets.

But, lucky Alice has just inherited someone else’s “RecipeServlet”. Alice has heard a rumour that RecipeServlet uses programmatic security, so she starts looking through the source code and finds this snippet...

image with no caption

Sharpen your pencil

What are the implications?

Think about what you’ve learned so far in this chapter, look at the small code snippet above, and try to answer the questions.

What security step must have happened before this snippet runs?

What security step is implied by this snippet?

What part, if any, does the DD play in this snippet?

How do you think this code works?

What if the role of “Manager” doesn’t exist in your container?

Get Head First Servlets and JSP, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial