You might want to constraint to a particular role.

Add this to the web.xml:

<security-role>
   <description>This is the role required for this application</description>
   <role-name>eventuser</role-name>
</security-role>