<security-constraint> <web-resource-collection> <web-resource-name>Secure Portlet</web-resource-name> <url-pattern>/path/to/your/portlet</url-pattern> </web-resource-collection> <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> PortletRequest portletRequest = (PortletRequest)request; if(portletRequest.isUserInRole("admin")){ ... }else{ response.sendRedirect("error.jsp"); } String input = request.getParameter("input"); String sanitizedInput = sanitizeInput(input); ...