I am using Resin2.0. In our Intranet, all the user requests are directed to a servlet which does the authentication and redirects to the respective jsp files.
Created May 7, 2012
_jspService(request, response)method in your MyCompanyJSP class.
You should place a "user" mediator in a "request" attribute each time the controller servlet is called that contains the user's authentication. Now, you can create "concrete"
doPost and doGetmethods which do authentication. Unless there is a valid "user" mediator in a "request" attribute and that user mediator validates the users ability to access that page, then the page is not displayed and forwards to a "not authorized" page.
If one just types in the URL, the "user" mediator is not available and the page access is not valid.
This is one way we do this at our shop.