Hi javaislife,
Your security-constraint -> web-resource-collection element doesn't have an auth-constraint element. It should be defined as follows:
<security-constraint>
<display-name>Admin Pages</display-name>
<web-resource-collection>
<web-resource-name>Administative Pages</web-resource-name>
<description/>
<url-pattern>/admin/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>admin</role-name>
</auth-constraint>
</security-constraint>
From Netbeans you can configure this by checking 'Enable Authentication Constraint' and adding 'admin' to 'Role name(s)' under 'Security Constraints -> Admin Pages' in web.xml
Regards,
Sudarsan