1. Thing is anyone can easily get the param (id) i am sending from properties of the image and access it from anywhere by simply typing that url. This causes serious security issues. Is there anyway I can protect my data. Since tomorrow i might even display critical documents.
2. In case of no image found despite id being present in database, i want to return back an alternate image. Is there any way to do this....
About the only way you're going to be able to do this is by constructing a servlet that retrieves the image data and copies it out dependent on the security context and availability of data.
The default action for an image URL in a J2EE app is for the server to unconditionally copy the image file to the user. Or, if the image cannot be found at the specified resource location, to return a status code of 404 (Not Found).
Actually, if you use container-based authorization or write an appropriate filter, that would probably protect the image, but in your case, you'll need some active logic if you want to substitute something else. Either that or make the page display logic so the substitution in advance.
An IDE is no substitute for an Intelligent Developer.