To protect any resources in a web folder, you need to declare security constraints in web.xml. In the security constraints, you can declare URLs that are to be protected, and which roles can access the protected URLs. Open web.xml in the CourseManagementMavenWebApp project and add the following declarations within the <web-app> tag:
<security-constraint> <display-name>Admin resources</display-name> <web-resource-collection> <web-resource-name>admins</web-resource-name> <url-pattern>/admin/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>admin </role-name> </auth-constraint> <!-- <user-data-constraint> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> ...