samples/web/webroot/WEB-INF/web.xml - jsecurity - Git at Google

 <?xml version="1.0" encoding="UTF-8"?>
 <!--
   ~ Licensed to the Apache Software Foundation (ASF) under one
   ~ or more contributor license agreements.  See the NOTICE file
   ~ distributed with this work for additional information
   ~ regarding copyright ownership.  The ASF licenses this file
   ~ to you under the Apache License, Version 2.0 (the
   ~ "License"); you may not use this file except in compliance
   ~ with the License.  You may obtain a copy of the License at
   ~
   ~     http://www.apache.org/licenses/LICENSE-2.0
   ~
   ~ Unless required by applicable law or agreed to in writing,
   ~ software distributed under the License is distributed on an
   ~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
   ~ KIND, either express or implied.  See the License for the
   ~ specific language governing permissions and limitations
   ~ under the License.
   -->
 <web-app version="2.4"
          xmlns="http://java.sun.com/xml/ns/j2ee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

     <filter>
         <filter-name>JSecurityFilter</filter-name>
         <filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class>
         <init-param>
             <param-name>config</param-name>
             <param-value>

                 # The JSecurityFilter configuration is very powerful and flexible, while still remaining succinct.
                 # Please read the comprehensive example, with full comments and explanations, in the JavaDoc:
                 #
                 # http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html

                 [main]

                 demoRealm = org.jsecurity.realm.text.PropertiesRealm

                 [filters]
                 jsecurity.loginUrl = /login.jsp

                 [urls]
                 # The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but
                 # the 'authc' filter must still be specified for it so it can process that url's
                 # login submissions. It is 'smart' enough to allow those requests through as specified by the
                 # jsecurity.loginUrl above.
                 /login.jsp = authc

                 /account/** = authc
                 /remoting/** = authc, roles[b2bClient], perms[remote:invoke:"lan,wan"]

             </param-value>
         </init-param>
     </filter>

     <filter-mapping>
         <filter-name>JSecurityFilter</filter-name>
         <url-pattern>/*</url-pattern>
     </filter-mapping>

     <welcome-file-list>
         <welcome-file>index.jsp</welcome-file>
     </welcome-file-list>

 </web-app>
	<?xml version="1.0" encoding="UTF-8"?>
	<!--
	~ Licensed to the Apache Software Foundation (ASF) under one
	~ or more contributor license agreements. See the NOTICE file
	~ distributed with this work for additional information
	~ regarding copyright ownership. The ASF licenses this file
	~ to you under the Apache License, Version 2.0 (the
	~ "License"); you may not use this file except in compliance
	~ with the License. You may obtain a copy of the License at
	~
	~ http://www.apache.org/licenses/LICENSE-2.0
	~
	~ Unless required by applicable law or agreed to in writing,
	~ software distributed under the License is distributed on an
	~ "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	~ KIND, either express or implied. See the License for the
	~ specific language governing permissions and limitations
	~ under the License.
	-->
	<web-app version="2.4"
	xmlns="http://java.sun.com/xml/ns/j2ee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

	<filter>
	<filter-name>JSecurityFilter</filter-name>
	<filter-class>org.jsecurity.web.servlet.JSecurityFilter</filter-class>
	<init-param>
	<param-name>config</param-name>
	<param-value>

	# The JSecurityFilter configuration is very powerful and flexible, while still remaining succinct.
	# Please read the comprehensive example, with full comments and explanations, in the JavaDoc:
	#
	# http://www.jsecurity.org/api/org/jsecurity/web/servlet/JSecurityFilter.html

	[main]

	demoRealm = org.jsecurity.realm.text.PropertiesRealm

	[filters]
	jsecurity.loginUrl = /login.jsp

	[urls]
	# The /login.jsp is not restricted to authenticated users (otherwise no one could log in!), but
	# the 'authc' filter must still be specified for it so it can process that url's
	# login submissions. It is 'smart' enough to allow those requests through as specified by the
	# jsecurity.loginUrl above.
	/login.jsp = authc

	/account/** = authc
	/remoting/** = authc, roles[b2bClient], perms[remote:invoke:"lan,wan"]

	</param-value>
	</init-param>
	</filter>

	<filter-mapping>
	<filter-name>JSecurityFilter</filter-name>
	<url-pattern>/*</url-pattern>
	</filter-mapping>

	<welcome-file-list>
	<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>

	</web-app>