WEB-INF/web.xml

<web-app xmlns="http://caucho.com/ns/resin"
	 xmlns:resin="urn:java:com.caucho.resin">
  
  <display-name>login-xml</display-name>

  <welcome-file-list>
    <welcome-file>index.jsp</welcome-file>
    <welcome-file>index.html</welcome-file>
  </welcome-file-list>

  <!-- this is the jsp that a 'login' link uses -->
  <resin:Allow url-pattern="/home.jsp">
      <!-- 
        '*' for a <role-name> means "authenticated user with any role"
        The user must be logged in with some kind of role to access
        the home page.  
      -->
    <resin:IfUserInRole role="*"/>
  </resin:Allow>

  <resin:Allow url-pattern="/professors/*">
    <resin:IfUserInRole role="professor"/>
  </resin:Allow>

  <resin:Allow url-pattern="/students/*">
    <resin:IfUserInRole>
      <role>student</role>
      <role>professor</role>
    </resin:IfUserInRole>
  </resin:Allow>

  <resin:Allow url-pattern="/staff/*">
    <resin:IfUserInRole>
      <role>staff</role>
      <role>professor</role>
    </resin:IfUserInRole>
  </resin:Allow>

  <resin:FormLogin>
      <login-page>/login.jsp</login-page>
      <error-page>/login.jsp?login_error=1</error-page>
  </resin:FormLogin>

  <!-- Resin-specific XmlAuthenticator configuration -->
  <resin:XmlAuthenticator>
    <!-- Optionally put user information here.  -->
    <user>pince:Txpd1jQc/xwhISIqodEjfw==:staff,website</user>
    <user>filch:KmZIq2RKXAHV4BaoNHfupQ==:staff</user>

    <!-- You can also use an external file --> 
    <path>WEB-INF/password.xml</path>
  </resin:XmlAuthenticator>

  <!--
     - Documentation of the security roles used by the program
    -->
  
  <security-role>
    <role-name>professor</role-name>
  </security-role>

  <security-role>
    <role-name>student</role-name>
  </security-role>

  <security-role>
    <role-name>staff</role-name>
  </security-role>

  <security-role>
    <description>member of the slytherin house</description>
    <role-name>slytherin</role-name>
  </security-role>

  <security-role>
    <description>member of the gryffindor house</description>
    <role-name>gryffindor</role-name>
  </security-role>

  <security-role>
    <description>member of the ravenclaw house</description>
    <role-name>ravenclaw</role-name>
  </security-role>

  <security-role>
    <description>member of the hufflepuff house</description>
    <role-name>hufflepuff</role-name>
  </security-role>

  <security-role>
    <description>website administrator</description>
    <role-name>website</role-name>
  </security-role>

</web-app>