Java Servlet - @ServletSecurity Examples

[Last Updated: Nov 8, 2025]

import javax.servlet.ServletException;
import javax.servlet.annotation.HttpConstraint;
import javax.servlet.annotation.HttpMethodConstraint;
import javax.servlet.annotation.ServletSecurity;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;

@WebServlet(name = "appController", urlPatterns = {"/"})
@ServletSecurity(
        value = @HttpConstraint(
                rolesAllowed = {
                        "employee"
                }),
        httpMethodConstraints = {
                @HttpMethodConstraint(value = "GET", rolesAllowed = {
                        "employee"
                })
        })
public class AppController extends HttpServlet {
    @Override
    protected void doGet(HttpServletRequest req,
                         HttpServletResponse resp) throws ServletException, IOException {

        PrintWriter writer = resp.getWriter();
        writer.println("app controller accessed " + req.getUserPrincipal());
    }
}

Original Post

Java Servlet - @ServletSecurity Examples

See Also