If you’ll recall from Chapter 32’s custom realm, I left the obtainPermittedGroups method empty and promised to describe it later. To authenticate the user, the custom realm needs to check the user’s credentials, which are stored in an account object. Or in terms of the database, stored in the account table. If we add a data access class to the realm, we need to access the account within Alumni, too.

Thinking about the DRY principle (don’t repeat yourself) raises the question of whether it’s possible not to use the same code in two distinct places. We want to write ...