Les comento como le hice para proteger mi carpeta.
El archivo
web.xml lo encontré en la carpeta
WEB-INF, en ese archivo coloque el siguiente código:
Código XML:
Ver original<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<description>Servlet and JSP Examples.</description>
<display-name>Servlet and JSP Examples</display-name>
<security-constraint>
<display-name>Security Constraint para Validar</display-name>
<web-resource-collection>
<web-resource-name>Protected Area</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/jsp/validar/*</url-pattern>
<!-- If you list http methods, only those methods are protected -->
<http-method>DELETE</http-method>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>PUT</http-method>
</web-resource-collection>
<auth-constraint>
<!-- Anyone with one of the listed roles may access this area -->
<role-name>tomcat</role-name>
<role-name>EsteRoleNombre</role-name>
</auth-constraint>
</security-constraint>
<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Example Form-Based Authentication Area</realm-name>
<form-login-config>
<form-login-page>/jsp/validar/login.jsp</form-login-page>
<form-error-page>/jsp/validar/error.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
Utilice como plantilla el ejemplo que esta en:
examples\jsp\security\protected