web.xml
01 <?xml version="1.0" encoding="UTF-8"?>
02 <!DOCTYPE web-app
03   PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
04   "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
05 
06 <web-app>
07   <display-name>EJB3Trail</display-name>
08   
09   <security-constraint>
10     <web-resource-collection>
11       <web-resource-name>The Protected Calculator</web-resource-name>
12       <url-pattern>services/security/addfund.jsp</url-pattern>
13       <url-pattern>services/security/addinvestor.jsp</url-pattern>
14       <url-pattern>services/security/calculator.jsp</url-pattern>
15     </web-resource-collection>
16     
17     <auth-constraint>
18       <role-name>AdminUser</role-name>
19       <role-name>RegularUser</role-name>
20     </auth-constraint>
21     <!-- do not encrypt. -->
22     <user-data-constraint>
23       <transport-guarantee>NONE</transport-guarantee>
24     </user-data-constraint>
25   </security-constraint>
26   
27   <login-config>
28     <auth-method>FORM</auth-method>
29     <form-login-config>
30       <form-login-page>services/security/login.html</form-login-page>
31       <form-error-page>services/security/loginFailed.html</form-error-page>
32     </form-login-config>
33   </login-config>
34   
35   <security-role>
36     <description>Authorized to access everything.</description>
37     <role-name>AdminUser</role-name>
38   </security-role>
39   <security-role>
40     <description>Authorized to limited access.</description>
41     <role-name>RegularUser</role-name>
42   </security-role>
43 </web-app>