Only expose AJAX User List Servlet to admin users

For some reason the Roller user list is presently implemented via a servlet, allowing the list of blog users and email addresses to be publicly accessible for those accessing the URL. Goal here is to shut off the servlet and use a traditional Struts/JPA method of listing the users on the page, perhaps similar to our blog entry listing screen.

UPDATE: there's nothing wrong with using a Servlet for this AJAX operation, but we should only expose the Servlet to those who are logged into Roller as site admins.