At the servlet level, you can define access permissions using the auth-constraint element of the web.xml file.
The auth-constraint element on the resource collection must be used to indicate the
user roles permitted to the resource collection. Refer to the Java Servlet
specification for details on configuring
servlet authorization constraints.