At the servlet level, you can define access permissions using the auth-constraint element of the web.xml file.
The auth-constraint element on the resource
collection must be used to indicate the user roles permitted to the resource
collection. Refer to the Java Servlet specification for details on configuring servlet authorization constraints.