Sun Java System Web Server 7.0 Update 4 Developer's Guide to Java Web Applications

Defining Servlet Authorization Constraints

At the servlet level, you can define access permissions using the auth-constraint element of the web.xml file.

The auth-constraint element on the resource collection must be used to indicate the user roles permitted to the resource collection. Refer to the Java Servlet specification for details on configuring servlet authorization constraints.