<security-constraint>
     <display-name>Example Security Constraint</display-name>
     <web-resource-collection>
        <web-resource-name>Protected Area</web-resource-name>
        <!-- Dfinit la ou les URL de contexte  protger -->
        <url-pattern>/jsp/security/protected/*</url-pattern>
        <!-- Si vous rpertoriez des mthodes http, seules ces mthodes sont
protges -->
        <http-method>DELETE</http-method>
        <http-method>GET</http-method>
        <http-method>POST</http-method>
        <http-method>PUT</http-method>
     </web-resource-collection>
     <auth-constraint>
        <!-- Quiconque possdant l'un des rles rpertoris peut accder  cette zone -->
        <role-name>tomcat</role-name>
        <role-name>role1</role-name>
     </auth-constraint>
</security-constraint>
