Security constraints define how the content of a Web project is protected. To use JEE security to protect a resource, in the security constraints in the deployment descriptor (web.xml) of your deployed project, specify the URLs of the resources to secure.
Those sections also refer to URL patterns.
To secure all the resources that are in the WebContent folder of a deployed project, specify /* as the URL pattern. Specifying /* as your URL pattern secures your HTML page, EGL Rich UI Proxy, and SOAP and REST services.