Programmatic security is when a servlet uses method calls to the security API, as specified by the J2SE security model, to make business logic decisions based on the caller or remote user's security role. Programmatic security should only be used when declarative security alone is insufficient to meet the application's security model.
The J2SE 1.3 specification defines programmatic security with respect to servlets as consisting of two methods of the servlet HttpServletRequest interface. Sun Java System Web Server supports these interfaces as defined in the specification.
In addition to the programmatic security defined in the J2SE specifications, Sun Java System Web Server also supports programmatic login. For more information, see Programmatic Login.