The following sections address protecting resources and authenticating users in the Web tier.
Protecting Web Resources
You can protect Web resources by specifying a security constraint. A security constraint determines who is authorized to access a Web resource collection, which is a list of URL patterns and HTTP methods that describe a set of resources to be protected. Security constraints can be defined using deploytool, as described in Controlling Access to Web Resources (page 338).
If you try to access a protected Web resource as an unauthenticated user, the Web container will try to authenticate you. The container will only accept the request after you have proven your identity to the container and have been granted permission ...