Code Room
Code reviewHardcr-g335
Subject LocaleLevel Senior–Staff~20 minCommon in Code quality & review interviewsIndustries Software development

Question

Review this Java filter that authorizes admin-only routes by normalizing the role claim before comparing.

What a strong answer looks like

Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.

Talk through your review
Code to reviewjava
private static final String ADMIN = "ADMIN"; boolean isAdminRole(String role) {    // role comes off the request token, e.g. "admin"    if (role == null) {        return false;    }    String normalized = role.trim().toUpperCase();    return normalized.equals(ADMIN);} void handle(Request req) {    if (!isAdminRole(req.role())) {        throw new ForbiddenException();    }    // ... privileged work}
Run or narrate your approach, then ask the coach.