Alice knows that most of the time declarative security is the way to go. It’s flexible, powerful, portable, and robust. As web application architectures have evolved, individual servlets have become more and more specialized. In the old days, a single servlet would be used to provide business logic to support employees and managers. Today, these functions would probably be split into at least two distinct servlets.
But, lucky Alice has just inherited someone else’s “RecipeServlet”. Alice has heard a rumour that RecipeServlet uses programmatic security, so she starts looking through the source code and finds this snippet...
Sharpen your pencil
What are the implications?
Think about what you’ve learned so far in this chapter, look at the small code snippet above, and try to answer the questions.
What security step must have happened before this snippet runs?
What security step is implied by this snippet?
What part, if any, does the DD play in this snippet?
How do you think this code works?
What if the role of “Manager” doesn’t exist in your container?