+ Principal userPrincipal = request.getUserPrincipal();
+ if (userPrincipal == null) {
+ throw redirectToLoginPage();
+ }
+ String username = userPrincipal.getName();
+ if (isAdminPage() && !isAdministrator(username)) {
+ error("Unauthorized URL accessed");
+ throw redirectToLoginPage();