Sun Java System Web Server 6.1 SP6 Programmer's Guide to Web Applications

Defining Servlet Authorization Constraints

On the servlet level, you define access permissions using the auth-constraint element of the web.xml file.

The auth-constraint element on the resource collection must be used to indicate the user roles permitted to the resource collection. Refer to the Java Servlet specification for details on configuring servlet authorization constraints.