Nope, filters doesn't support role-based URL matching. For that, you should be using Java EE builtin container managed security by <security-constraint>
entries instead of homebrewed security using a servlet filter. Inside those <security-constraint>
entries you can declare URL patterns by <web-resource-collection><url-pattern>
and roles by <auth-constraint><role-name>
.
Inside a filter, best what you can do is manually checking HttpServletRequest#isUserInRole()
.