First of all
<security-role>
<role-name>admin</role-name>
</security-role>
is missing
Try
<url-pattern>/SelectBeer.do</url-pattern> inside <security-constraint>
There is no need to specify <security-role> here(DD).
I know this url
pattern(
<url-pattern>/SelectBeer.do</url-pattern>) will work.
But my doubt is HFSJ says (
Page number 634) we can specify directories with constraints.
Please try to clear my doubt.