<security-constraint> <web-resource-collection> <web-resource-name>JSPs</web-resource-name> <url-pattern>/admin/*</url-pattern><!-- 拒绝直接访问web文件夹下的所有页面 --> </web-resource-collection> <auth-constraint/> </security-constraint> <login-config> <auth-method>BASIC</auth-method><!-- 验证方式(BASIC/FORM) --> </login-config>