<role-name>BOSS</role-name> <-- This is hard coded in the servlet code.
<role-link>manager</role-link> <-- This is the name that is defined in the <security-role> element.
this methods would you call in the servlet to check whether the requesting user belongs to "manager" role or not
It's not a static method, so you need an object instance to invoke it on. Do you know which class this method belongs to, and thus what kind of object is needed?
Yes Ulf, it is declared in the HttpServletRequest inferface public boolean isUserInRole(java.lang.String role), so i guess we can use this method in the any of the doxxx() methods plus in the service method also.