Need to add security to all servlets

Right now, all security (except login) is handled by the front end

The unpermitted actions/URLs don't show up to the unauthorized user, However, they could still call the correct URL and do those given actions
