Url and wildcard

When setting security restrictions for web module roles in a J2EE application, I have the following problem:

Application:

Providing a servlet called customersServlet that receives two parameters in the URL:

• A string representing the operation (INS, UPD, DLT, and DSP).
• Identification number to identify the client on which the operation will be performed.

EG: url /servlet/cusotmersServlet?UPD,5 used to update client data number 5, and url /servlet/customersServlet?DLT,8 used to delete client 8.

Problem:

If I use this security restriction, the servlet can only be accessed by the specified role, which is normal:

 <security-constraint> <web-resource-collection> <web-resource-name>...</web-resource-name> <url-pattern>/servlet/clientsServlet*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>clientAdmin</role-name> </auth-constraint> </security-constraint> 

But I want to limit the ability to add clients only to a role named clientAdmin .

I tried several url patterns, but none of them work as I want (they all allow each role to access the servlet with any parameter):

 <url-pattern>/servlet/clientsServlet?INS,*</url-pattern> <url-pattern>/servlet/clientsServlet?INS/*</url-pattern> ... 

How to use wildcard * in url-pattern tag?

Note. the application cannot be modified, so I need a solution that involves only touching the deployment descriptor.