Hi:
I refer to the configure file of jmx-console web module(web.xml,jboss-web.xml,users.properties,roles.properties,login-config.xml), I successfully implement admin user access all resources(some .jsp,some servlet).

But I want to implement the function:
common user can access a.jsp,b.jsp , yet admin user can access all the .jsp (a.jsp,b.jsp,c.jsp).

I try it again, Admin user access all .jsp , this is OK, but common user doesn't access a.jsp and b.jsp , it return a 403 error in web page.

Who can tell me implement the function?

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>

<welcome-file-list>
<welcome-file>c.jsp</welcome-file>
</welcome-file-list>

<security-constraint>
<display-name>Common</display-name>
<web-resource-collection>
<web-resource-name>selectinfo</web-resource-name>
<url-pattern>/a.jsp</url-pattern>
<url-pattern>/b.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Operator</role-name>
<role-name>Deployer</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<display-name>Admin</display-name>
<web-resource-collection>
<web-resource-name>success</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Deployer</role-name>
</auth-constraint>
</security-constraint>

<login-config>
<auth-method>BASIC</auth-method>
<realm-name>law</realm-name>
</login-config>

<security-role>
<role-name>Deployer</role-name>
</security-role>

<security-role>
<role-name>Operator</role-name>
</security-role>

</web-app>

<jboss-web>
<context-root>/try</context-root>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>

users.properties:
common=common
admin=admin

roles.properties:
common=Operator
admin=Deployer