web.xml设置过滤直接访问

<security-constraint>
   <web-resource-collection>
       <web-resource-name>JSPs</web-resource-name>
       <url-pattern>/admin/*</url-pattern><!-- 拒绝直接访问web文件夹下的所有页面 -->
   </web-resource-collection>
   <auth-constraint/>
</security-constraint>
 
<login-config>
   <auth-method>BASIC</auth-method><!-- 验证方式(BASIC/FORM) -->
</login-config>