We then need to provide a Resource Name , an optional Description and URL
Pattern(s) for the pages belonging to our security constraint. A common practice
is to group all pages belonging to a security constraint under a sub folder of the
Web Pages folder, a practice we followed in our example, all administrative pages
are under the admin folder, therefore the URL pattern to access them is /admin/* ,
meaning any URL beginning with /admin , after the context root of our application.
In order to allow only authorized users to view our protected pages, we need to
check the Enable Authentication Constraint checkbox and enter the role(s) that are
authorized to view the page in the Role Name(s) field.