Note: For small Web Application, this is a good and effective approach, protecting for the URLs or JSP pages.
But for the method level protection, we have to hard code the role check using getUserPrincipal() or isUserInRole().
Note: For large Web Applications, Spring Security may be a better approach,
as it offer protection for the methods in the service layer instead of various URLs or JSP pages.
Spring Security is more robust, less fragile, and easier to maintain, supporting configuration using XML
Spring Security can replace the Application Server Security (like GlassFish/Weblogic/Websphere).
i.e. The Web Applications using Spring Security only need the Web Container like Tomcat.
FIC full user can consider to enhance the File Upload Security using this sample,
to calculate the specified file's signature and then upload, and re-calculate at the remote
Web server, compare the two signatures, and update the Fic database, and finally notify the user.
File Upload functionality other then Spring File Uploader can have similar mechanism
to achieve file uploading security - integrity, to stop the man-in-the-middle attack.