So far, we have seen declarative syntax for specifying security constraints; that is, by specifying <security-constraint> in web.xml. However, security constraints can also be specified using Java annotations, specifically for servlets. In this section, we will create AdminServlet and secure it with annotations. Follow the steps in the previous section to import the CourseManagementJDBC project from Chapter09, but rename it CourseManagementJDBC-SecureAnnotations, and import it into the workspace. Then, add only <login-config> in web.xml, but do not specify <security-constraint>:
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login-error.jsp</form-error-page>
</form...