In programmatic security, a servlet uses method calls to the security API, as specified by the Java EE security model, to make business logic decisions based on the caller or remote user's security role. Programmatic security should only be used when declarative security alone is insufficient to meet the application's security model.
The Java EE 1.4 specification defines programmatic security with respect to servlets as consisting of two methods of the servlet HttpServletRequest interface. Sun Java System Web Server 7.0 supports these interfaces as defined in the specification.
In addition to the programmatic security defined in the Java EE specifications, Sun Java System Web Server 7.0 also supports programmatic login. For more information, see Programmatic Login