Code Room
Code reviewHard
Question
Review this Java filter that authorizes admin-only routes by normalizing the role claim before comparing.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
private static final String ADMIN = "ADMIN"; boolean isAdminRole(String role) { // role comes off the request token, e.g. "admin" if (role == null) { return false; } String normalized = role.trim().toUpperCase(); return normalized.equals(ADMIN);} void handle(Request req) { if (!isAdminRole(req.role())) { throw new ForbiddenException(); } // ... privileged work}Run or narrate your approach, then ask the coach.