I am using Resin2.0. In our Intranet, all the user requests are directed to a servlet which does the authentication and redirects to the respective jsp files.
_jspService(request, response)method in your MyCompanyJSP class.
You should place a "user" mediator in a "request" attribute each time the controller servlet is called that contains the user's authentication. Now, you can create "concrete"
doPost and doGetmethods which do authentication. Unless there is a valid "user" mediator in a "request" attribute and that user mediator validates the users ability to access that page, then the page is not displayed and forwards to a "not authorized" page.
If one just types in the URL, the "user" mediator is not available and the page access is not valid.