Hi Rajkumar ,
In this case you maintain session properly.
when user enter put his username or whatever into the session..then redirect to the welcome page..in welcome page you check if session variable is null..then you send error page
(or)
using <web-resource-collection> tag restrict the welcome page from direct access in web.xml(DD)
Thanks & regards,
seetharaman.v