<security-constraint> <web-resource-collection> <web-resource-name>JSPs</web-resource-name> <url-pattern>/admin /* </url-pattern><!-- Deny direct access to all pages under the web folder--> </web-resource-collection> <auth-constraint/> </security-constraint> <login-config> <auth-method>BASIC</auth-method><!-- 验证方式(BASIC/FORM) --> </login-config>