web.xml
01 <?xml version="1.0" encoding="UTF-8"?>
02 <!DOCTYPE web-app
03     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
04     "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
05 
06 <web-app>
07   <display-name>EJB3Trail</display-name>
08 
09   <security-constraint>
10       <web-resource-collection>
11          <web-resource-name>The Protected Calculator</web-resource-name>
12          <url-pattern>services/security/addfund.jsp</url-pattern>
13          <url-pattern>services/security/addinvestor.jsp</url-pattern>
14          <url-pattern>services/security/calculator.jsp</url-pattern>
15       </web-resource-collection>
16 
17       <auth-constraint>
18          <role-name>AdminUser</role-name>
19          <role-name>RegularUser</role-name>
20       </auth-constraint>
21       <!-- do not encrypt. -->
22       <user-data-constraint>
23          <transport-guarantee>NONE</transport-guarantee>
24       </user-data-constraint>
25    </security-constraint>
26 
27    <security-role>
28       <description>Authorized to access everything.</description>
29       <role-name>AdminUser</role-name>
30    </security-role>
31    <security-role>
32       <description>Authorized to limited access.</description>
33       <role-name>RegularUser</role-name>
34    </security-role>
35 
36    <login-config>
37       <auth-method>FORM</auth-method>
38       <form-login-config>
39          <form-login-page>services/security/login.html</form-login-page>
40          <form-error-page>services/security/loginFailed.html</form-error-page>
41       </form-login-config>
42    </login-config>
43 
44 </web-app>