Design your tables such that user can have one or multiple role based on your system
Define your access to pages for group
admin.allowed = .*
user.allowed=/home/.*,/profile/.*
in some properties file
Create a Web Filter that reads the user from session and determines the role and sees if the page it is being requested is allowed if not it redirects to some other page
See Also