qual o problema aqui? ele esta liberando os mesmos acessos de admin para os usuários... outra pergunta, estou usando frontController, posso
fazer isso:
obrigado
<security-constraint>
<web-resource-collection>
<web-resource-name>Locadora</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/admin/*/url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Locadora</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/usuario/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>usuario</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>